Someone is trying to break the Internet, and it isn't Kim Kardashian

Linda Musthaler
By | December 28, 2015

Posted in: Network Security Trends , ISP DDoS Protection

Break the Internet? Kim Kardashian's Paper Magazine cover couldn't do it, but now someone is trying to bring it down for real using DDoS attacks on the Internet Domain Name System's root name servers.

Root Server Operators (RootOps) reports that on at least two separate occasions, several of the root name servers were hit with an unusually high rate of queries. Calling the events "fairly unique in nature," RootOps says that incident traffic saturated network connections near some DNS root name server instances.

There are 13 Internet root name servers in the world run by independent organizations including ICANN, the US Department of Defense, Sweden's Netnod, Europe's RIPE NCC and others. Verisign also operates two of the root servers. The purpose of these servers is to help browsers locate top level domains such as .com, .net, .org and country-specific top level domains like .uk, .de and many others. In all, the root domain contains more than a thousand top level domains.

The attacks on November 30 and December 1, 2015, involved flooding the root name servers with a deluge of traffic. The observed traffic volume was approximately 5 million queries per second per DNS root name server receiving the traffic. Not every root server was targeted. The affected servers received more than 50 billion queries in total during the two attack periods. Put in context, one of Verisign's root name servers typically averages about 10 billion queries in a day.

Despite the unusually high volume of traffic, none of the servers was knocked out of commission. RootOps believes the impact was limited to minor delays for some name lookups, resulting in barely perceptible delays in web browsers.

RootOps says it's unrealistic to trace the incident traffic back to its source due to the fact that IP source addresses can easily be spoofed. The organization doesn't speculate on who could have launched the attacks. However, International Business Times theorizes that the attacks could have been government-sponsored. According to an IBT article, "If you use logic, it would take a really powerful entity like a country's government to have the resources to sustain a coordinated cyberattack that lasted 48 hours and was able to keep flooding the root name servers consistently with a high level of traffic at five million queries a second."

Well, it might have been a rogue government testing its cyber warfare powers but at least it wasn't Kim Kardashian's fans hoping to a repeat of last year.

You May Also Be Interested In: