The core servers that direct email and Web surfers to their desired destinations around the world were attacked on Monday in an apparently coordinated attempt to cripple the Internet, experts said on Tuesday.

The attack, which largely failed, was launched around 9pm GMT on Monday on the 13 root servers that make up Internet’s Domain Name System and lasted about an hour, said Paul Vixie, chairman of Redwood City, California-based Internet Software Consortium Inc., which operates one of the root servers.

The FBI’s National Infrastructure Protection Centre was “aware of the issue and we are addressing it,” Steven Berry, a supervisory special agent at the FBI, said of the attack. He declined to comment further.

The so-called “distributed denial of service” attack congested some traffic, but would not have been noticeable to average Internet users, he said.

“It was like redirecting all traffic between Highway 101 and the street you live on, or into your driveway,” Vixie said. “You would not be able to get home because the street in front of your house would be full of cars from (Highway 101).”

Denial of service attacks are designed to temporarily shut down servers by overwhelming them with too much traffic, usually coming from drone computers around the Internet.

The Domain Name System — which matches up the long numerical codes computers use to identify computers attached with the Web addresses people type in — and the root servers it relies on for address information, have long been considered the Achilles heel of the Internet, capable of shutting down the Internet if attacked.


Monday’s attack on the servers proved that the Internet won’t be so easily toppled, Vixie said, adding that the Internet is designed to route around obstructions.

“What we learned yesterday is… it is hard to kill this system,” Vixie said. “The Internet is sort of the cockroach of the modern age. It survives.

“We’ve known all along that this could happen and it does happen periodically against root servers,” he added. “It was interesting because it was an attack on all 13 root servers. That’s kind of rare.”

Of the 13 root servers, those that were the worst affected were the ones operated by: the US Department of Defence Information Centre in Vienna, Virginia; the US Army Research Lab in Aberdeen, Maryland; the Internet Corporation for Assigned Names and Numbers in Los Angeles; and one each in Stockholm and Tokyo, according to Peter Salus, chief knowledge officer at Austin, Texas-based Matrix NetSystems, which monitors Internet performance.

Salus also speculated that the root server attacks were related to a distributed denial of service attack on a number of Web sites that lasted a few hours Tuesday afternoon.

“My guess is script kiddies having a good time earlier decided on a new target,” Salus said.

The root server attack “is just another reminder that distributed denial of service attacks remain, arguably, the No. 1 threat we face” on the Internet, said Ted Julian, co-founder of Arbor Networks.

The Lexington, Massachusetts-based company sells software and security appliances that filter such network attacks.