There has been another attack on the Internet’s root DNS servers. This one would have passed unnoticed by most Internet users, because it was targeted against only a few of the servers. There are some interesting charts of the traffic levels generated by the attacks…you can see the spikes in messages that each server must cope with.

Instapundit properly, I think, identifies these as practice attacks. In that regard, they’re no different that hundreds of other attacks that take place against institutions, routers, and servers each week. The attacks are designed to show proof of concept for exploiting new vulnerabilities, and to allow the attacker to watch the response–the better to design attacks that can operate longer without an effective response.

Here’s my fearless prediction of the day: There will be a hit that people notice, because it makes some significant part of the Internet unavailable for a period of time. We’ve seen it before. I suspect that the next time, though, the Internet attack will be to facilitate or distract from some other attack, quite possibly against financial or economic infrastructure targets. This is old news to Internet security folks, but we still don’t see the level of information sharing and response coordination between different security areas that we should. It’s time more people tool these reconnaissance attacks seriously–and time we started learning as much from them as do hackers do.

Categories: Security, Threats