iTechNote

The key asset of Internet is the domain name directory known as DNS. A root name server is a DNS server that answers requests for the root namespace domain, and redirects requests for a particular top-level domain to that TLD’s name servers.

There are currently thirteen root name servers around the world. Most of the servers reside in the United States while the rest exist in multiple locations on different continents. The US government plays a key role in supervising the asset.

In the early hours of Tuesday, three key servers were hit by a barrage of data in what is known as a distributed denial-of-service attack (DDoS). There is no evidence of damage proving once again the robustness of the Internet.

The servers under attacks are as follow:

• G-root, G.root-servers.org at Columbus, Ohio, USA
• L-root, L.root-servers.org at Los Angeles, California, USA
• UltraDNS, authoritative for .org and .info TLDs

The attack could be part of the attempt to exploit the DNS vulnerabilities of the Internet. Research last year suggested that holes in the net’s addressing system could leave 85% of the net vulnerable to take over.

The problem lies in the number of computers that have to be consulted to find the computers where that site is located. The average number is forty-six (46). The chain of dependencies between these forty-six computers creates all kinds of vulnerabilities that clever hackers could easily exploit.

Criminals such as phishing gangs would be interested in redirecting traffic from well-known sites so they can grab key login and personal details that would help them defraud web users. They could combine the attacks via known exploits with DDoS to achieve the goal.

They could use DDoS attacks to overwhelm the domain name directory leaving users’ computers with no choice but to look up website names via compromised servers. The compromised server would redirect the users’ computers to the criminals’ web server that looks exactly like the well-known site. Once a user is logged on to the site, the login credentials would be revealed to the criminals who have full control of the server.