Hackers have found a new way of initiating and targeting Denial
of Service attacks, according to Ken Silva, chief security officer
for domain registry VeriSign. He warns that the new attacks are
larger than anything seen so far, according to reports.
The typical
Denial of Service (DoS) attack involves flooding a server with data
– sometimes just thousands of emails – to the point where it
collapses. More advanced attacks are launched simultaneously from a
network of several machines – known as Distributed DoS, or DDoS
attacks.
The new form of attack, described by experts as a distributed
reflector denial of service, goes a stage further, using not simply
a network of compromised PCs (known as bots), but domain name
servers.
Domain name servers are the computers that match up Internet
Protocol (IP) addresses with their appropriate domain name,
and are therefore vital in directing internet traffic across the
globe.
Hackers are now using their bots to send queries to the domain
name servers, but using the address of the site or firm they have
targeted as the return address for the query, according to Silva.
This means that the domain name server attacks the target each time
it responds to a query, and because it is hard to block these
responses – as domain name servers legitimately send out so many –
the attack is much more difficult to stop.
Silva told CNET that the registry had seen such attacks launched
against at least 1,500 separate IP addresses since they first
emerged in December.
