Internet Servers Hit By Powerful Attack
But most Internet users didn't notice because the attack only lasted an hour. Its origin was not known, and the FBI and White House were investigating.
One official described Monday's attack as the most sophisticated and large-scale assault against these crucial computers in the history of the Internet. Seven of the 13 servers failed to respond to legitimate network traffic and two others failed intermittently during the attack, officials confirmed.
The FBI's National Infrastructure Protection Center was "aware of the denial of service attack and is addressing this matter," spokesman Steven Berry said.
Service was restored after experts enacted defensive measures and the attack suddenly stopped.
The 13 computers are spread geographically across the globe as precaution against physical disasters and operated by U.S. government agencies, universities, corporations and private organizations.
"As best we can tell, no user noticed and the attack was dealt with and life goes on," said Louis Touton, vice president for the Internet Corporation for Assigned Names and Numbers, the Internet's key governing body.
"We were prepared, we responded quickly," said Brian O'Shaughnessy, a spokesman for VeriSign, which operates two of the 13 computers in northern Virginia.
Computer experts who manage some of the affected computers, speaking on condition of anonymity, said they were cooperating with the White House through its Office of Homeland Security and the President's Critical Infrastructure Protection Board.
Richard Clarke, President Bush's top cyber-security adviser and head of the protection board, has warned for months that an attack against the Internet's 13 so-called root server computers could be greatly disruptive.
These experts said the attack, which started about 4:45 p.m. EDT Monday, transmitted data to each targeted root server 30 to 40 times normal amounts. One said that just one additional failure would have disrupted e-mails and Web browsing across parts of the Internet.
Monday's attack wasn't more disruptive because many Internet providers and large corporations and organizations routinely cache popular Web directory information for better performance.
"The Internet was designed to be able to take outages, but when you take the root servers out, you don't know how long you can work without them," said Alan Paller, director of research at the SANS Institute, a security organization based in Bethesda, Md.
Although the Internet theoretically can operate with only a single root server, its performance would slow if more than four root servers failed for any appreciable length of time.
In August 2000, four of the 13 root servers failed for a brief period because of a technical glitch.
A more serious problem involving root servers occurred in July 1997 after experts transferred a garbled directory list to seven root servers and failed to correct the problem for four hours. Traffic on much of the Internet ground to a halt.
Copyright © 2002 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.