Hackers target core net routers

Author: Brett Thomas
Published: 7th February 2007
Comments (10) Stumble
"It's only a flesh wound." - Despite being bombarded for hours by script kiddies, the net suffered no real ill effect.

"It's only a flesh wound." - Despite being bombarded for hours by script kiddies, the net suffered no real ill effect.

A quick news byte for you all:

Late Tuesday night, a "hacking" group attacked some of the internet's most important components. The thirteen root servers used for addressing and indexing sites were attacked for hours, though with little effect.

The attack is believed to have come from a rather large hacking group in Asia, and is the largest in the past 5 years. However, despite being large-scale, well organized and lengthy, it did little to actually injure web traffic. According to Paul Levins, VP of Corporate Affairs for ICANN, the atttack "was a significant and concerted attack, but the average internet user would have barely noticed."

It's unsure exactly what goal the group had in targeting these servers, aside from just attempting to cause mayhem. If that was indeed the purpose, then the group has very little to do with actual hacking. True hackers (either white or black hat) generally pride themselves on simply seeking information or understanding the systems, not on causing destruction or chaos.

Have you got a thought on the attack? Let us hear about it in our forums.
Quote K.I.T.T. 7th February 2007, 14:41
....funny it wasn't that long ago that i was talking about a way to 'take down the internet' that involved basically doing what this group of hackers did.

it would have worked what they did but only if they had kept it up to a point at which the DNS records held on the servers and ISP DNS servers lower started to become invalid so to speak (basically 24 hours old IIRC). Then they would have caused some good old fashioned vigalante mayhem but keeping up a DDoS of this severity for anything up to a day without being traced would be not exactly easy.

P.S. as it was said in the article, its not real hacking, hacking is finding and uncovering information that you weren't supposed to see or gaining access to a system purely to have a look around....this was a groups of randoms playing H4X0Rz
Quote DougEdey 7th February 2007, 14:41
Call them Crackers Then! Hackers try to make something do what it shouldn't do.
Quote TheoGeo 7th February 2007, 14:50
damn script kiddies, they should leave internet tubes alone :p
Quote mmorgue 7th February 2007, 15:39
Pfft - big deal. I downloaded the internets yesterday. Let them hack it -- I can always reload it...
Quote randosome 7th February 2007, 16:07
Quote:
Originally Posted by guardian.co.uk
When a person types the name of a website into a web browser it looks up the location of that site by consulting a root server.
As far as my understanding went

Lets say i look up bit-tech.net - well firstly my PC would look at its DNS records, if it isn't there, it then goes to the next DNS server up (you Router ?) then if that doesn't have the DNS record, it would go up again (your ISP)

So technically, if you look at a site that almost no-one else has looked at, you could actually end up querying the root servers, but unlikely

now if the root servers did crash, then you would still have all those DNS caches all along the way, still unaffected - therefore you probably wouldn't notice, and the root DNS servers would come back up and everything would be OK

Now i think all those DNS caches do update every so often (depending on the TTL set on the domain)
Quote K.I.T.T. 7th February 2007, 17:06
thats exactly why you've got to keep the core routers down for an extended period because once the DNS records go out of date in all the lower DNS caches (which i believe would be about 24 hours until DNS records are invalid because of age) then they'd query the core routers for their routing tables and certain IP's in their DNS database but since the core routers would either be offline or just plain DoS'd then they wouldn't respond and no-one (apart from anyone who knows the IP of the sites they go on) would be able to do anything.....apart from the USA who can pull all the international lines and run on their own, again unless it was a DDoS in which case that may not help either because the attack would be coming form inside the USA as well.....but this is all hypothetical rambling, its not like i was actually going to try it
Quote Rocket733 7th February 2007, 17:21
Quote:
Originally Posted by K.I.T.T.
thats exactly why you've got to keep the core routers down for an extended period because once the DNS records go out of date in all the lower DNS caches (which i believe would be about 24 hours until DNS records are invalid because of age) then they'd query the core routers for their routing tables and certain IP's in their DNS database but since the core routers would either be offline or just plain DoS'd then they wouldn't respond and no-one (apart from anyone who knows the IP of the sites they go on) would be able to do anything.....apart from the USA who can pull all the international lines and run on their own, again unless it was a DDoS in which case that may not help either because the attack would be coming form inside the USA as well.....but this is all hypothetical rambling, its not like i was actually going to try it

Next time I know the internet is being hacked I'll know who to question. :p
Quote DXR_13KE 7th February 2007, 19:55
i noticed this...... the trucks were not fully loaded that day. :D
Quote speedfreek 7th February 2007, 23:40
I think it would take too much to take down the internets for too long, it probably made some people a little nervous though.
Quote randosome 8th February 2007, 09:06
Quote:
Originally Posted by K.I.T.T.
thats exactly why you've got to keep the core routers down for an extended period because once the DNS records go out of date in all the lower DNS caches (which i believe would be about 24 hours until DNS records are invalid because of age) then they'd query the core routers for their routing tables and certain IP's in their DNS database but since the core routers would either be offline or just plain DoS'd then they wouldn't respond and no-one (apart from anyone who knows the IP of the sites they go on) would be able to do anything.....apart from the USA who can pull all the international lines and run on their own, again unless it was a DDoS in which case that may not help either because the attack would be coming form inside the USA as well.....but this is all hypothetical rambling, its not like i was actually going to try it
even then, if the lower DNS servers don't get a response, their not exactly just going to throw out their DNS records are they ?

So what would have thought would happen is that some pages wouldn't work because the DNS would no longer have the right ip, but most of the Internet would still be fine
Unless of course the core DNS servers were off for like a month, or a year
For eg, a site like bit tech - i think they have probably only ever had 1 ip, unless it changes there shouldn't be a problem
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.





Stats: 0.121 seconds