VeriSign details massive denial-of-service attacks

16.03.2006
A sudden increase in a particularly dangerous type of distributed denial-of-service (DDoS) attack could portend big trouble for companies, according to VeriSign Inc.

The Mountain View, Calif.-based company said that about 1,500 organizations worldwide were attacked earlier this year by unknown hackers who employed botnets and Domain Name System (DNS) servers to swamp networks with unmanageable torrents of data.

The attacks, which started on Jan. 3 and ended in mid-February, were notable because they employed an especially devastating kind of DDoS attack, said Ken Silva, VeriSign's chief security officer.

Such an attack typically involves thousands of compromised zombie systems sending torrents of useless data or requests for data to targeted servers or networks -- rendering them inaccessible for legitimate use.

In this case, attackers sent spoofed domain-name requests from botnets to DNS servers, which processed the requests and then sent replies to the spoofed victims, according to Silva.

"When the number of requests is in the thousands, the attacker could potentially generate a multigigabit flood of DNS replies" directed at the spoofed server, according to a description of such attacks on US-CERT Web site (download PDF at http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf).