An unidentified culprit carries out a distributed denial of service (DDoS) attack to the Internet's root servers last week, rendering three out of the 13 crucial Internet pillars to go offline for a couple of hours.

The entire attack was executed intermittently. The first occurred on Nov. 30, 2015, at 6:50 UTC until about 9:30 UTC. The second one happened the following day on Dec. 1, 2015, at 5:10 UTC until 6:10 UTC.

Approximately five million queries a second were sent out during the attack, which were valid DNS messages for a single domain name. On the second day, the root name servers also received such queries roughly at the same rate as the first one with a different domain name. As a result, the root servers B, G, C and H went on timeouts.

"The incident traffic saturated network connections near some DNS root name server instances. This resulted in timeouts for valid, normal queries to some DNS root name servers from some locations," Root Server Operators says (PDF).

Protection of the DNS infrastructure from DDoS attacks is an important matter, as long downtimes on root servers could potentially cause considerable problems on a global scale.

Despite the applied Anycast technology to prevent such incidents from happening, numerous attacks were still pushed through, drawing even more concern over the whole issue.

Paul Vixie, F-root server operator, proposed an accountability model as a solution to thwart DDoS attacks in the future.

"In the world of credit cards, ATM cards, and wire transfers, state and federal law explicitly points the finger of liability for fraudulent transactions toward specific actors. And in that world, those actors make whatever investments they have to make in order to protect themselves from that liability," he says.

Another solution to put forward is spoofing Internet traffic, where a statistics report shows that 82 percent of it is now "spoofable" because of the BCP 38 standard.

This recent DDoS attack targeted at root servers is the third time in history, and the culprit still remains unnamed. Also, there doesn't seem to be any motive behind the attack, which was the same case of the second attack in 2007.

Governments around the world are going to convene next week to discuss the Internet control issue at the United Nations based in New York.

"Building confidence and security in ICT use should also be a priority, especially given growing abuse of ICTs for harmful activities from harassment to crime to terrorism," part of the document that will serve as the foundation of the meeting reads (PDF).

ⓒ 2021 All rights reserved. Do not reproduce without permission.