Taking down the Internet
Dmitry O. Gryaznov Network Associates Inc.
Taking down the Internet
Today, with hundreds of millions of not-so-computer-savvy users having broadband access to
the Internet worldwide, the dangers of Distributed Denial of Service (DDoS) attacks have
become very real. It is feasible to mount such an attack, involving hundreds of thousands
of compromised and/or infected computers, on so large a scale as to practically shut down
not only individual sites or Internet Service Providers (ISP) but the Internet as a whole
as well. Internet users are being spammed and flooded with numerous backdoor Trojans
disguised as something else through email, Usenet, Internet Relay Chat (IRC), peer-to-peer
(P2P) networks, etc. Many such Trojans can be used to mount a DDoS. As an illustration
of what can be achieved with a big enough number of compromised computers the case of
W32/SQLSlammer virus is considered. At the height of its outbreak up to 20% of all IP
packets were lost being dropped by overloaded Internet backbone routers. And the virus
managed to infect hundreds of thousands computers worldwide in a matter of mere minutes.
An explanation of how it happened and comparison to other fast spreading viruses will be
provided. An animated map showing rapid spreading of W32/SQLSlammer around the world during
first five minutes of the outbreak will be shown.
