Network Solutions DNS Problem

DNS Server Problems

• DNS servers are the heart of the Internet. DNS servers have a root directory or root host IP folder that stores information on all Internet processes. This attack penetrated the root directory through unauthorized queries, which could not be answered by the system. This opened an access point on DNS servers for this attack to spread. False IP addresses replaced original IP addresses (example 45.616.26.7) with a blank character string (""). False IP queries started to overload servers and therefore crashed servers in many geographical locations.

Web Pages Lost

• End users and administrators tried querying their domain servers and found nothing. This was coined as a "Denial of Service" attack. Active IP address had been replaced and compromised. Owners of their IP address had no control over their DNS information. This resulted in web pages, computers and networks having no IP address to represent their location.

Firewall Problems

• The next phase of the attack was to attack individual IP servers through the capturing of DNS server information. Network administrators were deluged with IP numbers that were false. The purpose of this attack was to send the wrong IP number to the wrong server software, making it impossible to keep the server going. When this happens, a full recovery is needed, which costs downtime. Most firewall software did not catch this attack. The solution was to turn off the server software and get a patch that block the false IPs from getting to the server software.

Third Party Access

• DNS servers are not programmed to answer third party inquiries. This attack circumvented the authorization table on DNS. An unauthorized individual or organization bypassed existing DNS security, master DNS table and capture DNS server data from geographical servers, which hubs are located in various major metropolitan areas across the United States.

Conclusion

• Network Solutions worked around the clock to patch authorization tables and implement extra security measures against the attack. Certain tools were released to IP owners to monitor IP addresses with instructions on avoiding further attacks. According to circleid.com, 7.6 million web pages were lost during the attack.