On Sat, 27 January 2001, Simon Lyall wrote:
Considering the small number of servers and their value I'm surprised nobody has gone for a sustained DDOS against them all at once. This could get pretty messy if they managed it.
In nearly a century of international telecommunications, the number of deliberate attacks on the infrastructure itself is amazingly small. Historically, network engineers have been more dangerous to the infrastructure than malicious actors. The telephone system, credit card system, electric grid and so forth all have significant infrastructure vulnerabilities.
Obviously it's pretty hard to add additional servers but has the option of splitting the current group into multiple distributed machines with the same ip (like how these other DNS organisations are doing) been looked at?
I haven't physically seen all the root servers, but the volunteers operating the servers take their task seriously. There are a lot more than 13 physical machines. Of course, Murphy is always on the prowl, and there isn't a real effective way to protect against a DDOS. If there was a way to protect your server, I think the IRC people would have already implemented it.