Still, experts are concerned about a better-executed attack. "(This attack) didn't impact the Internet much, because the Internet is resilient and operators were quick to respond," said Tiffany Olsen, spokeswoman for the President's Critical Infrastructure Board, the group responsible for creating the United States' National Strategy to Secure Cyberspace. However, there "will be larger attacks than this one was". The FBI has opened an investigation into the attacks, but the agency will have a hard time finding the responsible person or group because the distributed attack randomised the source information on each piece of data, experts said. Despite that difficulty, security experts say that whoever executed the attack wasn't very good. "There are tens and dozens of scripts and tools that could have generated an attack of this kind," said Arbor's Labovitz. "It wouldn't even require a computer scientist, or even a wily hacker, to do this." Meanwhile, Matrix NetSystems said Wednesday that the attack may be ongoing. "There are five servers right now that are showing issues," said company chief executive Bill Palumbo. He acknowledged that the five may be down for maintenance or other reasons, but said that there are still delays in requests for domain name information. Like a telephone book, domain name servers link a name, such as "zdnet.co.uk", with its numerical Internet Protocol address. The system also works in a layered manner, so that someone who wants to go a specific address is first directed to a local server. If the domain is not found, the request gets bumped up to a domain name server for the top-level domain, such as ".com". Requests only rarely consult the root servers, usually when a new name server is added locally. In addition, each entry in a DNS server has an expiration date, known as the time to live (TTL). When that time arrives, the entry is supposed to be deleted and the local DNS server has to ask the top-level domain server for the latest address information. "You have to realise that there are several tens of thousands of new routes advertised every day," said Matrix NetSystem's Palumbo. "Because of that, the authoritative nature of a cache deteriorates rather rapidly." Thus, even a complete outage of all 13 DNS root servers wouldn't bring the Internet to a halt, unless it went on for hours or days -- time enough for the local DNS caches to expire. Paul Mockapetris, the inventor of DNS and chief scientist for domain-name software company Nominum, said that compared to the 300 or so records that each root server contains, a future target that administrators should worry about is the 3 million or so records held by the .com DNS servers. "The root servers will be harder in a month than they are today," he said. "This was really sort of -- to borrow from Afghanistan -- was 'dumb bombs', and you have to worry about more sophisticated attacks in the future."
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
