Enterprise users should be wary of DNS attacks
New breed of Internet threat attacks corporate networks
By Jennifer Mears, Network World | Network World US | Published: 00:00, 29 June 2004
An attack earlier this month aimed at DNS services for high-profile Akamai Technologies customers should be a wakeup call for enterprise users to ensure they have contingency plans to deal with a growing number of Internet threats, analysts say.
"This really isn't a [content delivery network] story as much as it is a DNS story," says Lydia Leong, principal analyst at Gartner. "The customers impacted happened to be Akamai customers, but the real question has to do with DNS technologies. I don't think this is any reason to get gun-shy with CDNs, but my advice to clients, regardless of whether they outsource their DNS, is that they should have a contingency plan."
For example, Google, which was hurt by the 15 June attack, redirected requests from Akamai's servers to its own to keep its site up, Leong says.
She adds that in addition to creating an alternate set of DNS records, companies could also deploy excess Web server capacity to handle requests should DNS-based global load balancing fail and could demand service-level agreements with their service providers in the case of non-performance, among other things.
Paul Mockapetris, who invented DNS and is chairman and chief scientist at IP address infrastructure software vendor Nominum, says companies should put filters at the edge of their networks to try to address distributed denial-of-service (DoS) attacks. He says hackers are targeting DNS servers more often because DNS is key to most Internet services.
"We expected [the use of] DNS to grow through new applications and a bunch of other things, but viruses and spam and these attacks have been providing a lot of the growth," he says. Despite the "sophisticated and large-scale" nature of the attack, just 1 percent, or fewer than a dozen, of about 1,100 Akamai customers were affected significantly, meaning that more than 20 percent of their users had trouble accessing their sites, says Tom Leighton, chief scientist at Akamai.
The distributed DoS attack, apparently propagated by "zombie" servers set up via viruses and used to flood the DNS servers with requests, was first detected early in the morning. DNS servers translate common URLs into numerical IP addresses, which a client computer uses to access Web sites. Leighton says only about four percent of Akamai's customers were affected and only half had any noticeable problems. The attack was thwarted and service returned to normal within a couple of hours. Akamai, which hosts some of the Internet's largest sites, including Yahoo, Google and Microsoft, is no stranger to attacks, but Leighton says in the past the service provider has been successful in defending against them.
"It was discouraging to see one get through in the limited way it did," Leighton says. "It makes us more educated and makes us redouble our efforts to try to prevent that from happening again." In response to this incident, and an unrelated outage in May that Akamai blamed on an internal glitch in its content management software, Akamai customers have mixed reviews.
An online technology executive at a large media company, who asked not to be identified, says his firm uses Akamai but that its sites weren't hurt by the latest problem.
"The May outage concerned me more because it was the result of a bone-headed flaw but again they responded pretty well, kept us pretty well informed and so far seem to be serious about tightening up the controls," he says. "There haven't been many other incidents over the last three years or so. . . . If it becomes a habit, or we have a longer duration outage, I will become more concerned." A vice president of technology at a media company, who also asked not to be identified, says the May incident, which knocked his site offline for 45 minutes, is causing him to consider making some changes.
"These problems, combined with Akamai's claim of being a 'superior' CDN service to other CDNs, and thus charging a premium price, is making me re-evaluate and look at redundancy options," he says.