You may not realize it, but there's a pretty good chance that while you're reading this, the Internet is under attack. Not only that, but your computer -- or the computer of somebody you know -- may well be part of the army of PCs taking part in it.
That's the bad news. The good news is the way the Internet is built allows it to shake off the dozens or even hundreds of such attacks that take place in any given week, just as its creators intended when it was put together four decades ago as an offshoot of the U.S. Defence Department's research arm.
This week, the Net successfully deflected one of the worst attacks in four years, a co-ordinated effort involving as many as a million hijacked computers. Although this assault targeted the core group of servers that make the Internet function, it was dealt with so effectively that even large network users were unaware of it until they heard about it on the news.
According to network experts who run the servers in question -- as well as those who monitor the health of the Internet from a non-profit entity called the SANS Internet Storm Center -- this attack had an impact on three of the 13 "root" servers that determine where Internet traffic is directed.
Faced with a sudden tsunami of data known as a "distributed denial of service" or DDoS attack, those servers suffered brownouts, in which they were still able to function (although at a slower pace), but never went down. A similar attack in 2002 managed to weaken nine of the 13 servers.
In a typical denial of service attack, servers are bombarded with "ping" requests from hundreds of thousands or even millions of hijacked computers at once, to the point where the machine's response time starts to slow down or it becomes paralyzed.
"A denial of service attack is a bit like 14 fat men trying to get into an elevator," network expert Graham Cluley of computer security consultants Sophos Plc told the BBC. "Nothing can move."
Most DDoS attacks involve a group of hijacked computers linked into a "bot-net." Johannes Ullrich, chief technology officer with the Internet Storm Center, told Information Week that the most recent attack may have involved as many as one million "zombie" PCs, and that there are likely more than 10 million PCs that are susceptible to being hijacked by bot-nets.
Computers can be hijacked if they leave certain "ports" open (which some operating systems including Windows do by default), or download malicious software that installs itself and opens a backdoor into the PC. Hackers can then run small programs that send traffic from that machine to anywhere on the Internet.
"People hear about hackers doing these things, but guess what? It may have been your computer doing part of the hacking," Mr. Cluley said.
"People need to take more responsibility over the cleanliness of their PCs."
Network analysts working for the North American Network Operators Group, which happened to meet in Toronto this week, said that a large proportion of the bogus traffic in the attack came from South Korea, where a high percentage of the population has high-speed Internet access -- something hackers look for.
Even if the three root servers that came under attack this week had failed, however, it's unlikely that anyone using the Internet would have noticed anything, experts say. That's because the "root" server system is designed to function even if two-thirds of the servers are out of commission.
In fact, more than half of the 13 root servers are virtual servers, consisting of dozens of individual machines in separate locations. One server is made up of about 40 computers located in Ottawa, New York, Madrid, Hong Kong, Toronto, Moscow, Tel Aviv and dozens of other cities around the world. Requests are distributed to whichever server is closest.
