Hackers have found a new way of initiating and targeting Denial
of Service attacks, according to Ken Silva, chief security officer
for domain registry VeriSign. He warns that the new attacks are
larger than anything seen so far, according to reports.17 Mar 2006
The typical Denial of Service (DoS) attack involves flooding a server with data – sometimes just thousands of emails – to the point where it collapses. More advanced attacks are launched simultaneously from a network of several machines – known as Distributed DoS, or DDoS attacks.
The new form of attack, described by experts as a distributed reflector denial of service, goes a stage further, using not simply a network of compromised PCs (known as bots), but domain name servers.
Domain name servers are the computers that match up Internet Protocol (IP) addresses with their appropriate domain name, and are therefore vital in directing internet traffic across the globe.
Hackers are now using their bots to send queries to the domain name servers, but using the address of the site or firm they have targeted as the return address for the query, according to Silva. This means that the domain name server attacks the target each time it responds to a query, and because it is hard to block these responses – as domain name servers legitimately send out so many – the attack is much more difficult to stop.
Silva told CNET that the registry had seen such attacks launched against at least 1,500 separate IP addresses since they first emerged in December.