FRAMINGHAM (10/20/2003) - Last October's hacker attack on the global root servers that run the core addressing system of the Internet knocked out seven of the 13 servers for a time, but caused nary a problem for most Internet users.
But that massive attack and its implications haven't been forgotten by many of the people behind the scenes who help keep the Internet functioning. And to try to prevent a larger attack from possibly taking down the whole Internet in the future, a new group is being launched by the nonprofit Internet Software Consortium (ISC) to help protect the security of the system.
The ISC Monday announced the Operations, Analysis and Research Center (OARC), a global Internet crisis coordination center that will be used to study and monitor traffic on the Internet so that technicians will be able to differentiate high-demand traffic spikes from high-intensity attacks on root servers.
"That (attack last year) did open our eyes," said Paul Vixie, chairman of the Redwood City, Calif.-based ISC, which provides services for the Internet's Domain Name System (DNS). "In our application, it's very difficult to determine what 'normal' (Internet traffic conditions are). So we're going to have to define 'normal' and go from there."
Before the root server attacks, when all 13 of the Internet's root DNS servers were hit by intruders in a massive distributed denial-of-service attack, there was no group set up to protect the DNS system globally, Vixie said. "It's like having a child and seeing them grow up and suddenly they go to college, then wondering how it happened so fast."
Last year's attack was apparently designed to disrupt the Internet by clogging root DNS servers with useless traffic. The root DNS servers provide the vital translation services needed for converting a Web name such as www.computerworld.com into a corresponding numerical IP address.
Now that the new group has been launched, the OARC is seeking members to work on the problem by bringing together the resources of the IT community.
What will be created is essentially a virtual research center that will link together top-level domain operators, corporate network data centers, large commercial name servers, DNS technology vendors, researchers and government and law enforcement officials to study and monitor the meaning of Web traffic. By connecting some of their servers and equipment together in a global grid computing system, the group hopes to cull information that can be used to stop future attacks.
"Any entity that depends on DNS on a minute-by-minute basis is a potential member of the group," Vixie said.
ISC hopes to draw together a critical mass of between 100 and 500 members by the beginning of next year, when the group hopes to begin research for its mission, he said. For now, an incident reporting system has been set up on the group's Web site for members and major network operators to coordinate responses to threats and attacks on the DNS.
So far, members of the OARC include The Internet Society, Cisco Systems Inc., MCI (still operating as WorldCom Inc.), XO Communications Inc., UltraDNS Corp., TLD operator Afilias Inc. and Verio Inc., as well as many of the operators of the global root DNS name servers.
Ram Mohan, chief technology officer for Afilias in Horsham, Pa., which is participating in the project, said the OARC will also establish a testing laboratory where researchers will be able to safely simulate massive Internet DNS attacks and then find ways to fight them off.
Until now, there has been no direct way for root server operators and other domain operators to communicate in times of attack or problems, he said. "There was no organized, central way to do this," he said.
Hackers try to go for the kill by attacking the top of the Internet organizational chain -- the DNS root servers -- under which everything else operates, he said. "The root is at the heart of the Internet and if you can make that heart stop, no traffic flows," he said.
The new group could help change all that, Mohan said. "It will help us coordinate a response to that attack that isn't possible today. What we're looking for is an early warning system."