News

Researchers Warn of Powerful New DoS Attacks

First detected late last year, the new attacks – using a technique known as distributed reflector denial of service -- direct such massive amounts of spurious data against victim computers that even flagship technology companies could not cope. In one of the early cases examined, the unknown assailant apparently seized control of an Internet name server in South Africa and deliberately corrupted its contents.

The attacker then sent falsified requests to the compromised directory computer, which unleashed overwhelming floods of amplified data aimed wherever the attacker wanted.

Experts traced at least 1,500 attacks that briefly shut down commercial Web sites, large Internet providers and leading Internet infrastructure companies during a period of weeks. The attacks were so targeted that most Internet users did not notice widespread effects.

Ken Silva, the chief security officer for VeriSign Inc., compared the scale of attacks to the damage caused in October 2002 when nine of the 13 root servers that manage global Internet traffic were crippled by a powerful electronic attack. VeriSign operates two of the 13 root server computers, but its machines were unaffected.

"This is significantly larger than what we saw in 2002, by an order of magnitude," Silva said.

Silva said attacks earlier this year used only about 6 percent of the more than 1 million name servers across the Internet to flood victim networks. Still, the attacks in some cases exceeded 8 gigabits per second, indicating a remarkably powerful electronic assault.

"This would be the Katrina of Internet storms," Silva said.

The U.S. Computer Emergency Readiness Team, a partnership with the Homeland Security Department, warned network engineers in December to properly configure their name servers to prevent hackers from using them in attacks. It called the attacks "troublesome" because name servers must operate to help direct Internet traffic.

Featured

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

  • New Features Added to Microsoft 365 Business Subscriptions

    Microsoft's productivity and collaboration plan for businesses with fewer than 300 users is getting two new features: conditional access security and trouble-ticket tools for administrators.

  • Microsoft Details 'Wave 2' Release Roadmap for Dynamics 365

    Microsoft this week announced its "Wave 2" product release plans for its Dynamics 365 enterprise resource planning solutions, as well as its Power Platform.