Information Security News mailing list archives

Experts make changes to defend against Internet attacks


From: InfoSec News <isn () c4i org>
Date: Thu, 7 Nov 2002 04:51:54 -0600 (CST)

http://www.nandotimes.com/technology/story/609017p-4702120c.html

By TED BRIDIS, Associated Press 
 
WASHINGTON (November 6, 2002 4:39 p.m. EST) - Experts have made an
important change to the 13 computer servers that manage global
Internet traffic, separating two of them to help better defend against
the type of attack that occurred last month.

Verisign Inc., which operates two of the root servers, moved one
computer overnight Tuesday to a different building in an unspecified
location in northern Virginia and onto a different part of its
network, company spokeswoman Cheryl Regan said Wednesday.

Verisign said the change was designed to ensure that a hardware outage
or focused attack targeting part of its network could not disrupt both
servers.

The last such move to any of the 13 servers occurred in 1997.

The FBI is investigating an unusual electronic attack Oct. 21 that
briefly crippled nine of the 13 servers, located throughout the United
States and in three other countries. Seven failed to respond to
legitimate network traffic and two others failed intermittently during
the attack, which lasted about one hour.

Service was restored after experts enacted defensive measures and the
attack suddenly stopped. Verisign maintains that both root servers it
operates were not among those overwhelmed during the attack, even
though they were on the same part of its network.

Most Internet users did not notice the attacks because the Internet's
architecture was designed to tolerate such short-term disruptions, but
many experts were surprised at the coordination and brief success of
the attackers.

In "denial of service" attacks, hackers traditionally seize control of
third-party computers owned by universities, corporations and even
home users and direct them to send floods of data at predetermined
targets.

FBI Director Robert Mueller said last week that investigators traced
most of the attack traffic back to hacked computers in South Korea and
the United States.

This week's change was approved by the Commerce Department, said Louis
Touton, an official with the Internet Corporation for Assigned Names
and Numbers, the nonprofit organization that manages technical changes
for the Internet under authority from the U.S. government.

Verisign moved the server after it received approval for the change
Monday, Regan said. The company first sought permission this summer.

Microsoft Corp. discovered and fixed a similar architectural flaw on
its own corporate network after attacks in January 2001 prevented
millions of customers over two days from visiting the company's main
Web sites.

In that case, Microsoft discovered that all four of its key
traffic-directing computers were on the same section of its network,
allowing hackers to overwhelm them easily by sending floods of
spurious data to that part of the network.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.


Current thread: