More details on the recent DDoS attacks on the DNS root servers emerge, seems like the attacks originated from Sourth Korean infected PCs, but were orchestrated from a host server in Coburn, Germany :
"Citing data from the North American Network Operators' Group, the Korean government confirmed 61 percent of the problematic data was traced to South Korea. Yet, the Ministry of Information and Communication flatly rebuffs the suspicion that Korea was the main culprit behind the cyber attacks. ``We learned a host server in Coburg, Germany ordered a flurry of Korean computers to stage DOS assaults on the root servers,'' said Lee Doo-won, a director at the ministry. ``In other words, Korean computers affected by viruses made raids into the root servers as instructed by the German host server. Many of our computers acted like zombies,'' Lee said."
In a spoofable IPv4 Internet packet's authenticity is the most common flaw exploited on the front lines. The article points out that 61% of the problematic data came from South Korea, and it would be logical to conclude the other 39% came from Chinese and U.S based infected PCs, and while we can argue which country has the largest proportion of insecure end users -- or insecure end users with access to huge bandwidth -- that shouldn't be the point, but how ISPs should start considering how to stop the malicious traffic going out of their networks, compared to their current mindset of outside-to-inside network protection.
A battle lost for the botnet masters in their futile attempt to shut down three of the root servers, and a battle won for South Korea as they will definitely take this wake up call seriously. Meanwhile, S. Korea's CERT offers lots of interesting research reports on the local situation, particularly their latest Internet Incident Trend Report.
Graph courtesy of the ANA Spoofer Project.
No comments:
Post a Comment