Attacks on the structure of the Internet alert experts

COLLAB distinguished with the APDC / Siemens Innovation Award

A significant number of attacks against the basic structure of the Internet, using an unusual method, have been recorded in recent times and are worrying the entities responsible for Internet surveillance worldwide, News Factor reports.

The registered attacks are similar to the traditional denial-of-service attacks, commonly called DoS, but have much higher efficacy rates, which is serious considering that most of the time they aim to hit websites of large companies and extort money.

This new type of attacks needs a very small number of zoombie computers to launch the attack, which in turn has a much more significant impact than usual on computers that manage traffic online they are quite superior, since they are a kind of intermediary for the attack.

Information on these attacks began to be released just last week as a result of a study carried out by a group of researchers, but the information is again highlighted with the confirmation of the abnormal situation by companies like VeriSign.

Ken Silva, the company’s head of security, confirms that the attacks began in December 2005, intensified in January and slowed down in February. During this period alone, 1,500 attacks were registered, targeting different Internet domains, always using the new method.

Without revealing more details, the same official admits that the impact of this round of attacks was greater than that recorded in 2002 when the biggest attack on the Internet structure ever occurred, which affected 9 of the 13 root servers that manage Internet traffic.

Recent attacks by denial of service they use a set of infected computers to send a set of requests to DNS servers, using a fake sender, the address they want to reach.

In this way, the response to the request made by the computers that launch the attack goes directly to the target servers of that same attack, which is carried out by the direct action of the DNS servers.

Since the response from DNS servers typically gives more information than is contained in the response, the network receiving the response also receives hundreds of fraudulent messages.

The methodology is complex and difficult to stop, experts warn. It is possible to stop the process by blocking the Internet addresses from which the attack originated, but it is not easy to do so. «It is very difficult to defend against this type of attacks because they use a unique method» explains Rob Ayoub analyst at Frost & Sullivan.

Related News:

2002-11-07 – Basic Internet infrastructure servers transferred to prevent attacks

2002-10-24 – Attack on Internet servers must have originated outside the USA