Forum latest

Ya wanna buy a botnet? Step right up!
Written by Daniel   
Monday, 12 March 2007 08:49

DNS Attack: Possible Botnet Sales Pitch


MARCH 9, 2007 | The attackers behind the distributed denial-of-service attack last month on the Internet's DNS root servers may have been doing a little botnet sales pitch, according to a newly-released postmortem report on the attack.

The so-called "factsheet" document, issued yesterday by the Internet Corporation for Assigned Names and Numbers (ICANN), didn't draw any final conclusions on the reasons or motivation for the attack, but it did provide some theories, and it shed new light on a few details about the attack....

In the wake of the Feb. 6 distributed denial of service attack that temporarily crippled, but did not disable, two of the Internet's 13 Domain Name System root servers, security experts said it was probably a test-run for a larger and more disruptive attack.

The ICANN document says one explanation for DNS root server attacks is to "act as an advertisement for a particular botnet."

Botnet marketing is an interesting theory for last month's attack, says David Ulevitch, CEO of OpenDNS and EveryDNS, both DNS services. "They mentioned that it might be someone trying to show the 'strength' of their botnet-for-hire," Ulevitch says. "Not a test-run for a larger attack against the roots [themselves], but a way for an attacker to show the disruptive potential of their botnet to someone who might purchase it from them to cause harm against other less fortified victims."

Ulevitch says another attack on the DNS root servers is likely, but it shouldn't "destabilize" DNS root operations.

Comment in the Forums 

Don't Click Here Don't Click Here Either