Wednesday, October 23, 2002

Bet You Didn't Even Notice

The "root" if the Internet was attacked today. This story gives you the high-level as non-techie-as-possible explanation of what happened. If you notice, there are basically 13 servers that let all of us get from one site to another on the Internet. As the article states, Richard Clarke (no relation to Dick), warned long ago that an attack on the root DNS servers or "Top Level Domain" (TLD) servers would be devastating.

And it would.

And it wouldn't be hard.

These are the type of cyberattacks that are easy to accomplish (and have happened before) that could cripple things for quite a while.

The article doesn't explain what the TLD servers do, or why this would be bad, so I'll attempt to explain it in layman's terms.

The 'root' servers help convert the first level of DNS names to an IP address.

Huh? You say.

OK - Let me explain. This blog, http://jackburton.blogspot.com is hosted on a server with an IP address of 64.41.146.221 - How would you like to try to remember to type that number instead of jackburton.blogspot.com, or even if you bookmarked it with the number, imagine trying to send your link to other people. What if they had a bookmark with the same name already? Like Worthless Blog = 64.41.146.221 or something like that. Compound that with the fact that due to virtual hosting, you can have thousands of websites hosted on a single server with a single IP address. If you don't have DNS resolution, you don't get to any of the sites on that server. DNS (Domain Name Service) provides 'real' names to the IP addresses. The rub is, DNS names are read from Right-to-Left. (OK - all of you Islamic Conspiracy Theorists get to work now on this.)

So, when your computer asks for the IP address of jackburton.blogspot.com the DNS servers it has been assigned starts with the .com - Which is controlled by one of the 'root' servers. Therefore your computer asks the .com root server for the IP addresses of the DNS servers that control the blogspot.com domain. If the root server never answers, you never get there.

Now, when the root server is working, you get back the IP addresses of the DNS servers that are the Authority for the blogspot.com domain. Your computer then asks those servers for the IP address of the host by the name 'jackburton' - and the blogspot.com domain DNS servers reply with the correct IP address, 64.41.146.221 - Your computer then makes an HTTP GET command to http://jackburton.blogspot.com at 64.41.146.221 - which the webserver then translates to the correct virtual website and returns to you the correct data which your Web Browser re-assembles into what you see here. E-mail works the same way. Only E-mail talks through SMTP or POP3 or IMAP instead of HTTP.

Now, I have simplified a bit, your computer actually asks its assigned DNS servers to do all the work. When they get the final IP address, they send it back to your computer.

Still cornfused? Think of it like mailing a letter. If I was sending a letter to Jack Burton, 123 Anywhere Street, Anytown, AS (Any State), 12345 USA - I would address my letter like this:

Jack Burton
123 Anywhere Street
Anytown AS 12345
USA

Now, the equivalent for DNS would be:

jackburton
blogspot
.com

OK - We're missing one line, but it's the same thing. In fact drop the country designation off of the first example (because many of us don't use it because we rarely send international mail):

So we have:

Jack Burton
123 Anywhere Street
Anytown AS 12345

OK - Now imagine dropping off the 'Anytown AS 12345' from your letter. You'd have:

Jack Burton
123 Anywhere Street

What City? What State? What Country? It would never get there. It would sit in the dead letter office unless someone mailed it in the same zipcode as the destination and some mail carrier recognized it. The exact same thing would happed to all network packets not using the direct IP address of a server. The packets would not get there, and the internet would be for all intents and purposes, dead. Only sites and e-mail servers that controlled single domains would be accessible, and those only by IP address. Someone could set up a public WINS server or DNS server that everyone would have to use (so it better be a damn powerful server), and then the attackers would just flood the new public server with so much traffic that it would be useless as well.

Sorry about rambling, but with as dependent as we all are upon e-mail for business these days, it would have a huge impact on the economies of the world.

Got any questions? Drop me a line....