By Tom Espiner, 26 September 2007 08:34
NEWS
Denial of service attacks are growing faster than bandwidth is being added to the internet, according to VeriSign, the company that administers the dot-com domain.
Criminal groups selling services online are increasingly threatening the fabric of the internet, as the size of the compromised networks of computers they control increases, VeriSign said.
The company claimed that a successful denial of service (DoS) attack against VeriSign could bring down the internet. Ken Silva, VeriSign's chief security officer, said: "There are attacks attempting to shut down our servers. This would effectively shut down the internet."
Silva said that although DoS attacks are difficult to trace, there are "a couple of well-known groups in Russia, China and Romania" that may be acting with their government's knowledge. "It would be hard to imagine groups who have this much activity going unnoticed by their governments," he said.
He said VeriSign "hoped to get smarter" in blocking malicious traffic: "We can continue to add bandwidth but ultimately, 20 years down the road, this can't continue as a foot race. The internet as a whole has to get smarter in denying DoS attacks."
VeriSign is currently upgrading its infrastructure in a scheme called Project Titan. This has included adding bandwidth but it is also monitoring its systems more closely.
Silva said: "Our monitoring systems now resemble those for the space shuttle. We monitor the capability of our CPUs and memory allocation on all of our servers. We're predicting what problems will occur rather than waiting for them to occur."
Many public sector organisations in the UK suffer from DoS attacks. The Probation Service has upgraded its servers in the past week to cope with the traffic created by botnets, according to one if its security managers.
The security manager said: "We've had to upgrade our hardware in the last week to cope with an unexpected increase in the volume of malicious traffic at the network gateway. Simply coping with that is compromising our ability to run our business. The problem is simply coping with what is coming at us."
Tim Pickett, a former technical security analyst at AOL, said ISPs should monitor their networks to mitigate DoS attacks, adding: "More should be done to tackle the problem on the ISP side."
Tom Espiner writes for ZDNet UK
Comments
There are 4 comments. Join the discussion
1. Jon Pennycook
Is that the same Space Shuttle based on 60s/70s technology which can't cope with year changes? Or do they mean Buran, which could fly itself without human crew?
2. Roger Huffadine
So Verisign are saying that they really shouldn't have been given all of the Internet directory management.
Interesting given that many countries argued the case for multiple directories a couple of years ago when Verisign got exclusivity.
3. Simon
Perhaps it's time to stop the bull***t comments that users aren't to blame !
Ultimately, it comes down to this : there are lots of infected machines connected to teh internet<period>. If they weren't infected or weren't connected, then they wouldn't be a problem - so perhaps it's time to stop whining that users can't be expected to understand such details ?
As an analogy, we don't expect every driver to demonstrate that they can change their oil and service their brakes before we give them a licence - we expect them either to know, or to go to a garage (or a friend) who does know.
Take a defective car on the highway and it's the drivers responsibility to make sure it's legal and safe. Take a computer on the internet highway and people seem to think that the owner & driver should not be expected to know anything past "where's the ON button".
So how about an equivalent of the "3 points and £60 for having a bald tyre" when found in charge of a computer that is acting in a botnet ?
4. anonymous
Verisign: "There are attacks attempting to shut down our servers. This would effectively shut down the internet."
They wish! We might loose root server resolution for some gTLDs, but that'll have very little impact on my working day!