Someone has been attacking one of the internet’s root servers, hitting it with up to 5 million queries a second an hour between November 30 and December 1.
The servers are responsible for converting the domain names typed into browsers, such as businessinsider.com.au, into IP addresses computers understand.
Thats more than 250 times the usual load according to one expert and while they had a very specific target, the queries came from widespread sources.
“This event was notable for the fact that source addresses were widely and evenly distributed, while the query name was not,” according to a report on the event.
“Due to the fact that IP source addresses can be easily spoofed, and because event traffic landed at large numbers of anycast sites, it is unrealistic to trace the incident traffic back to its source.”
You can see the huge increases in queries, two specific kinds of queries in this graph:
The most likely explanation for the attack is a botnet – a series of infected internet-connected devices, according to Dan Goodin at Ars Technica.
While this attack wasn’t large enough to damage infrastructure, a larger attack could potentially take down the ability to translate a URL into IP, leaving internet users unable to connect to some websites.
The threat of botnets is increasing, as more devices are internet-enabled and therefore become targets.
A marketplace has sprung up for cybercriminals, and it is possible to buy a botnet for as little as $700 or rent one for $2 an hour.