How Resilient is the Internet? - Attack and Defense
(Page 2 of 4 )
A distributed denial of service attack uses hundreds of thousands of computers under the control of hackers to overwhelm servers with "ping" requests. Graham Cluley, senior consultant at security firm Sophos, described a DDoS attack with a colorful metaphor: "A denial-of-service attack is a bit like fourteen fat men trying to get into an elevator - nothing can move."
While this attack was said to involve one million computers, estimates of the number of zombie computers under the control of "bot herders" run as high as more than 10 million. Could that many bots take down the Internet?
The Internet was originally designed to withstand a nuclear attack. In fact, the root server system is supposed to be able to continue functioning even if two-thirds of the servers are not working. But "If you really wanted to create a big outage, you wouldn't go after the roots," according to David Ulevitch, CEO of alternative DNS provider OpenDNS. As already noted, you'd go after the .com or .net or similar servers. Even that might not have an immediately noticeable affect.
That's because most ISPs run their own DNS servers. After all, a DNS server is simply a computer that keeps constantly updated copies of domain name tables. These tables translate addresses made up of words, such as http://www.devshed.com/, into the numbers behind them. So even if all 13 servers succumbed to an attack, it would be hours or days before the Internet came to a standstill.
VeriSign is working to make it even more difficult to take the Internet down. The company recently announced a three-year, $100 million project to upgrade and expand the infrastructure that supports its .com, .net and root servers. It's called Project Titan, and it's supposed to increase the capacity of VeriSign's infrastructure by an order of magnitude over the next three to four years. According to Silva, it will "make the entire infrastructure that we operate much more resilient to these attacks" and is "without a doubt the largest upgrade to a DNS top-level domain that's ever happened."
Just because the Internet is that resilient doesn't mean that most businesses are, however. Even government agencies and universities would have a hard time affording the kind of investment in upgrades that VeriSign is making. That's why one of the other reports that came up recently is so disturbing.
More Web Hosting News Articles
More By Terri Wells