Phone: +613 9415 6320

Rock IT

Sixth day of Hackmas

Sixth day of Hackmas: The day the internet nearly fell over

It’s a little known fact that the internet is basically held together by 13 servers. These servers are known as the “Domain Name System Root Servers”. The DNS root servers essentially provide the roadmap for almost all internet communications.

Now these servers are more accurately “clusters” of servers and there’s some technical reasons/constraints as to why 13 was the number chosen. Read about that here if you’re super interested. Here’s a snippet of that information…

In IPv4 in widespread use today, the DNS data that fits inside a single packet is as small as 512 bytes after subtracting the other protocol supporting the information contained in packets. Each IPv4 address requires 32 bytes. Accordingly, the designers of DNS chose 13 as the number of root servers for IPv4, taking 416 bytes of a packet and leaving up to 96 bytes for other supporting data and the flexibility to add a few more DNS root servers in the future if needed.


Image depicting a Distributed Denial of Service (DDOS) attack

Anyhow back to the hack. In 2002 an hour-long attack was aimed at these 13 root servers. The length of the attack might not seem like long, however it was the scale of the attack that was most breathtaking.

A Distributed Denial of Service (DDOS) attack was used on this occasion, which aims to overwhelm networks with an onslaught of data to the point that the target system can no longer cope.

An hour of this type of attack was built into the tolerance levels of the sophisticated and highly resilient design of the server clusters, however it was noted at the time that the whole system was not far off reaching its limits. If these limits had been reached, delays and failed connections would have started to be seen – and finally a total internet black out would have fallen over.

As it turns out, only four or five of the thirteen servers were able to withstand the attack. The attack was against all 13 root servers which is a rare and coordinated attack.

How the complex system of servers works:

The root servers, about 10 of which are located in the United States, serve as a sort of master directory for the Internet.

The Domain Name System (DNS), which converts complex Internet protocol addressing codes into the words and names that form e-mail and Web addresses, relies on the servers to tell computers around the world how to reach key Internet domains.

At the top of the root server hierarchy is the “A” root server, which every 12 hours generates a critical file that tells the other 12 servers what Internet domains exist and where they can be found.

Could this have been prevented?

It was! Even in the early stages of the internet, these systems (largely located only in the USA) were extremely well thought out. Huge amounts of redundancy and planning were put into this – and this type of attack was anticipated.


Read more here