Experts Make Defensive Change To Key Internet Computers

Verisign Inc., which operates two of the root servers, moved one computer overnight Tuesday to a different building in an unspecified location in northern Virginia and onto a different part of its network, company spokeswoman Cheryl Regan said Wednesday.

Verisign said the change was designed to ensure that a hardware outage or focused attack targeting part of its network could not disrupt both servers.

The last such move to any of the 13 servers occurred in 1997.

The FBI is investigating an unusual electronic attack Oct. 21 that briefly crippled nine of the 13 servers, located throughout the United States and in three other countries. Seven failed to respond to legitimate network traffic and two others failed intermittently during the attack, which lasted about one hour.

Service was restored after experts enacted defensive measures and the attack suddenly stopped. Verisign maintains that both root servers it operates were not among those overwhelmed during the attack, even though they were on the same part of its network.

Most Internet users did not notice the attacks because the Internet's architecture was designed to tolerate such short-term disruptions, but many experts were surprised at the coordination and brief success of the attackers.

In "denial of service" attacks, hackers traditionally seize control of third-party computers owned by universities, corporations and even home users and direct them to send floods of data at predetermined targets.

FBI Director Robert Mueller said last week that investigators traced most of the attack traffic back to hacked computers in South Korea and the United States.

This week's change was approved by the Commerce Department, said Louis Touton, an official with the Internet Corporation for Assigned Names and Numbers, the nonprofit organization that manages technical changes for the Internet under authority from the U.S. government.

Verisign moved the server after it received approval for the change Monday, Regan said. The company first sought permission this summer.

Microsoft Corp. discovered and fixed a similar architectural flaw on its own corporate network after attacks in January 2001 prevented millions of customers over two days from visiting the company's main Web sites.

In that case, Microsoft discovered that all four of its key traffic-directing computers were on the same section of its network, allowing hackers to overwhelm them easily by sending floods of spurious data to that part of the network.

Copyright © 2002 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.