How to crash the internet.

Posted on March 9th, 2007 by Jason Caminiti

Here is an interesting article about a recent attack on the Internet’s root servers in February.  If anyone wants to take down the Internet, and there are people who DO want to take down the Internet, this is how they are probably going to do it. 

One of the ways the Internet works is by allowing you to type in a domain name, and have it be converted into an IP (Internet Protocol) number.  This makes it easier for you to give out your email or web address.  For instance, it is easier for me to give you http://blog.logicalorderofchaos.com, than to give you http://74.200.194.71.  In fact if you go to that url you won’t even see my domain at all.  This is because the IP address is shared with possibly hundreds of domain names.  This also makes it easier to change the IP and move it to a new server, or distribute it across multiple servers across the world.  This is possible because of a technology called the Domain Name System or DNS. 

DNS works by allowing your local DNS, probably with your Internet Service Provider, to connect to Root Servers that tell it where to look for the domain names you are looking for.  There are 13 root servers, a.root-server.net-m.root-server.net that provide this service.  These servers feed the many domain name servers across the net.  Let’s say you type in blog.logicalorderofchaos.com into your browser.  Your computer will send a DNS request to your ISP to find out where this server is located.  If that dns server has not seen this before, it will then send to any servers that feed to it.  Eventually, it will hit a dead end and go looking at the root servers.  The root servers will tell it which name servers are the primary dns servers for the domain.  Your ISP’s DNS server will then look up the domain on the dns servers and return the IP address.  Once the IP address is found, your browser will be able to look up my domain. 

These servers are extremely important, because they feed every DNS server on the net.  If these servers are taken down, you won’t be able to get to anything except by the ip address.  Which most likely you don’t know.  You will have to rely on your local ISP’s cache, and won’t be able to look up any new names.  Fortunately, there are actually hundreds of these servers across the world that make up the 13 root servers.  There are only 13 names because of a protocol limitation which prohibits any more.

It’s very comforting to see that the root servers held up to a large scale attack against them.  The article says that there is in fact a new technology called ‘Anycast’ which allows them to load balance across servers around the world.  What is even more interesting, is that this method stood up when only half of the 13 servers were actually up and running on the new Anycast software.  This means, that when the full set of servers are set to use this software, they will be very robust and reliable.  It looks like this was the test they were looking for, and they will be adding this software soon to the other servers.

 This is great news for the Internet, as it means it is withstanding very serious attacks on it, and still able to come out strong.  It is however, still vulnerable, and I think if you hear that the Internet has been taken offline, this is likely one of the ways that it will happen. 

Article about the actual attack

Article about Anycast

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Slashdot
  • digg
  • Technorati
  • Reddit
  • Fark
  • del.icio.us

Filed under: News, Security

Leave a Reply

« Don’t get viruses (or spy-ware) Registerfly.com fiasco »