• silicon.com
• Technology
• Networks

By CNET Networks, 8 November 2002 08:30

NEWS Icann general counsel Louis Tuton has credited the 11 September attacks with renewed emphasis on securing the net's infrastructure, including the recent cybersecurity initiative sponsored by the White House. But he effectively ruled out the threat of a catastrophic collapse stemming from a failure in the root servers. "The root servers have gained a cult status that's probably undeserved," Tuton said.
Many of the tasks performed by the root servers are duplicated elsewhere, meaning that even if a successful attack took down all 13 servers at once, the net would probably not be shut down, Tuton said. The October attack took the form of a data flood, or a 'denial of service attack', which sent a deluge of internet control message protocol (ICMP) data packets to the root servers. ICMP packets carry network data used for reporting errors or checking network connectivity, as in the case of the common 'ping' packet. A flood of such data can block access to servers by clogging bottlenecks in the network infrastructure, thus preventing legitimate data from reaching its destination. However, ICMP data is not essential to network administration, and many servers, and the routers that direct data to its destination, tend to block the protocol. That's precisely what administrators did during the recent attack to stop the flood of data from reaching the DNS root servers. Indeed, October's attack may not have been as serious as previously claimed. Originally, Matrix NetSystems, a company that measures network performance, had reported that both of VeriSign's root servers had been severely affected by the attacks. Later, though, the company recanted its claims, explaining that its method of measuring server uptime used ICMP packets, the same sort of data the attackers had used to flood the DNS root servers. VeriSign pointed out that it had filtered out such data, a move that stopped the attack but that had also made it appear to Matrix NetSystems that the servers were down. Other servers that were thought to have been downed by the attack may also have been operating reliably, Matrix NetSystems explained on its website. "Other DNS root-server operators, such as the Department of Defense, which operates the G server, also took steps to maintain reliable connections," the company said in its latest advisory, dated 23 October. "According to DoD sources, they immediately began rate-limiting requests and switched to stealth servers to thwart the attack." Regardless of the success of the attack, bringing down the root servers would not result in a shutdown of the net as we know it, according to Fred Cohn, a research professor at the University of New Haven who studies computer security systems. Cohn said that the software that runs the root servers likely has flaws that could be exploited by attackers. But "the sky is not falling". "The importance of the root servers has been overstated," Cohn said, arguing that their core functions could be rebuilt within hours. "This attack shows that it's possible to wreak havoc among a few hundred technical people who have to batten down the hatches... But there have been no serious negative consequences." Evan Hansen writes for CNET News.com. Rob Lemos contributed to this report.