Last week's distributed denial-of-service attack against the Internet's root servers underscores that much of the Internet's infrastructure remains vulnerable to these common hacker attacks and more sophisticated assaults that might be on the horizon, experts say.

That an easily preventable distributed DoS attack was successful against so many of the Internet's root servers surprised many network executives, who say they thought more precautions were being taken by the operators of such a key component of the Internet's DNS.

A distributed DoS attack occurs when a hacker hijacks machines across the Internet and uses them to send a flood of requests to a server until it becomes overwhelmed and stops functioning.

In this case, the distributed DoS attack was aimed at the 13 root servers that run as the master directory for lookups that match domain names with their corresponding IP addresses. Below the root servers are the servers that support top-level domains such as .com, .net and .org, and below the top-level domain servers are hosts of individual Web sites.

Click to see:

"Last Monday's attack wasn't very skillful from the point of attacking the DNS root servers with a well-known ping attack," says Paul Mockapetris, an inventor of the DNS and chief scientist at Nominum, a DNS software vendor. "There are going to be some lax administrators who get a big wake-up call."

The root server attack also shows that hackers are becoming more ambitious in choosing targets.

"Two years ago, most of the denial-of-service attacks were on actual Web sites. With this attack, people are going after parts of the infrastructure,'' says Ted Julian, co-founder and chief strategist with Arbor Networks, a start-up that sells an anti-distributed DoS monitoring system to ISPs. "It changes from a local attack to a global attack."

During the root server attack, a hacker sent fake ping requests, which are queries from one host to another to determine if a communications path is available between the two hosts. Ping messages, which are rarely received by the root servers, are sent using the Internet Control Message Protocol (ICMP).

The 13 root servers were flooded with ICMP requests for about an hour, causing several root servers to stop being available to regular Internet traffic. However, the remaining root servers withstood the attack and ensured that it didn't slow down performance across the Internet.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports