A distributed denial-of-service attack launched last week against the Internet's 13 DNS root servers was a harbinger of worse to come, security solution providers say.
"While the good news is that the Internet is up and running, the bad news, I think, is that it was a trial run," said Dain Gary, chief security officer at RedSiren, a security solution provider in Pittsburgh. "What [the attackers are learning through this trial-and-error process is how to mount a more-effective attack."
Last week's attack failed to bring down the Internet, but it did flood the DNS root servers,which translate domain names into IP addresses,with an estimated 30 to 40 times the normal amount of traffic. The unsophisticated nature of the attack and built-in strength of the DNS infrastructure made the attack less disruptive, security experts said.
Unlike most distributed denial-of-service attacks that target individual companies or ISPs, this one was launched more broadly at the Internet support infrastructure, said Mark Lobel, senior manager at PricewaterhouseCoopers' Global Risk Management Solutions practice.
"Might it foreshadow something more serious? I definitely think so," Lobel said. "This could be a test for a future cyberterrorist incident. The spectrum of options is huge," he said.
Gerry Brady, CTO at Waltham, Mass.-based Guardent, said he expects copy-cat attacks, adding that an attack on the routing infrastructure of the Internet could cause much more damage.
Brady said teenagers can easily obtain automated tools to launch distributed denial-of-service attacks. The tools search out vulnerable systems and install programs in them, turning the systems into zombies that launch a stream of requests when activated.
"These kids have so much power to play with, and they wield it indiscriminately," Brady said.
Ed Skoudis, vice president of ethical hacking, incident response and digital forensics at Predictive Systems, New York, said denial-of-service attacks have increased in recent months, with government sites coming under fire and some being taken offline. DNS root servers have been targeted before but not on such a large scale, he said.
A cyberterrorist who wanted to undermine the Internet could either attack DNS, target the routing infrastructure, unleash a massive worm, or rely on a combination of all three, Skoudis said.