发帖
雷达卡
SAN FRANCISCO — On a quiet Sunday in mid-February, something curious attracted the attention of the behind-the-scenes engineers who scour the Internet for signs of trouble. There, among the ubiquitous boasts posted by the hacking collective Anonymous, was a call to attack some of the network’s most crucial parts. The message called it Operation Global Blackout, and rallied Anonymous supporters worldwide to attack the Domain Name System, which converts human-friendly domain names like google.com into numeric addresses that are more useful for computers.
在旧金山,二月中旬一个安静祥和的周日,一位清理网络故障标识的幕后工程师对某些古怪的东西引起了关注。这正是开始攻击网络最重要部分的一个警告,同时黑客正洋洋得意的进行集体匿名注册。信息引起了全球性的技术停电,全世界各地的匿名支持者开始攻击域名系统,将人们经常使用的域名(如谷歌google.com)转变成更易操作的数字域名。
It declared when the attack would be carried out: March 31. And it detailed exactly how: by bombarding the Domain Name System with junk traffic in an effort to overwhelm it altogether. There was no way to know for sure whether this was a pre-April Fool’s Day hoax or a credible threat. After all, this was Anonymous, a decentralized movement with no leaders and no coherent ideology, but a track record of considerable damage. The call to arms would have to be treated as one would treat a bomb threat called in to a high school football game. The engineers would have to prepare.
当攻击开始在3月31日正式执行,将成为公开的挑战。同时对如何操作进行了准确详细的阐述:通过垃圾文件违禁交易炮轰域名系统并试图将其全部崩溃。现在仍然没有任何途径去确定这是愚人节前的恶作剧还是确切的威胁。毕竟这是匿名分散的政治运动,没有统一的领导和系统的思想意识形态,但曾造成过巨大损失的历史教训。这种公然的挑战就好像是某人将在高中校园的足球比赛中投放炸弹。网络工程师们必须严阵以待!
Those preparations turned into a fast-track, multimillion-dollar global effort to beef up the Domain Name System. They offer a glimpse into the largely unknown forces that keep the Internet running in the face of unpredictable, potentially devastating threats. Among those leading the effort was Bill Woodcock, whose nonprofit based in San Francisco, Packet Clearing House, defends vital pieces of Internet infrastructure. By his calculation, the Anonymous threat was as good a reason as any to accelerate what might have been done anyway over the next several months: fortify the network, chiefly by expanding the capacity of the root servers that are its main pillar.
这些准备迅速付诸实践,全球投入数百万资金加强域名系统。他们提供了这部分将会使网络运转面临不可预期的毁灭性的潜在威胁的不知名势力的“惊鸿一瞥”。比尔.伍德科克(旧金山非盈利机构-数据清算交易所总指挥)负责指导工作,保护网络基本构架的重要部分。根据他的估计,匿名者威胁是一件好事儿,加速开展下几个月将要进行的网络加固任务,通过脚本服务的扩容为其主要支柱。
In an attack, the hackers would in effect point virtual cannons at the name servers and blast them with data in what is called a distributed denial of service attack, or DDoS. The only effective way to mitigate such an attack is to expand capacity — so much so that the system can absorb the extra traffic thrown at it, while still accommodating the normal load. In the last few weeks, in a campaign financed mostly by companies that maintain Internet infrastructure, several huge 40-gigabit routers and hundreds of servers have been shipped across the world and hooked into the network, giving the Domain Name System additional computing power. It was part of what is often called an arms race between attackers and defenders on the Internet.
在这场攻击中,黑客们实际上将重点瞄准名称服务器进行虚拟侵占,然后运用“分布式拒绝服务攻击”(简称DDos)的数据进行侵毁。减轻这种攻击的唯一有效方式是扩容,容量大到可以吸收投放的额外垃圾数据,同时仍然能调解至正常负荷。上几周内,这场战役中的资金大多数由企业提供来维持网络的基础构架,一些巨大的40千兆的路由器和成千上百的服务器已经从全世界各地开始装船然后投入到网络维护中,赋予域名系统额外的计算效率。这就是我们经常说的在网络攻击与防守间的军备竞赛的一部分。
On Saturday, if an attack takes place, it is likely to be imperceptible, at least initially, to the bulk of the world’s Internet users, though service could slow down in places that have narrow bandwidth to begin with — much of sub-Saharan Africa, for instance. In the improbable event of a huge attack that goes unabated for several days, the ability to connect to Web sites could be impaired. But if the defenses are effective, the result will be something akin to what happened with the Y2K bug: advance warning, plenty of preparation and then barely a blip on the Internet.
周日,如果攻击发生了,似乎那么悄无声息,至少对大部分世界各地-例如大部分撒哈拉以南的非洲地区,最初的网络使用者来说,只是在某些地方会由于带宽减少而使网速减慢而已。虽说大规模的进攻事件不可信,但在近日对其关注度却没有减退,链接网站的协议很可能被损坏。如果防御是有效的,那将会导致的结果就好像Y2K(千年虫Year 2000 Problem)那样:事前警告,作了大量准备后影响微乎其微。
Still, it will be anything but a normal Saturday for the people who run the Domain Name System. They plan to be glued to their monitors, looking out for signs of unusual network traffic, communicating with one other through encrypted, digitally signed e-mails or through a private telephone hot line maintained just for this purpose. There are 13 root servers worldwide, run by government institutions, universities and private companies. The operators of several of them declined to talk about the threat, including VeriSign, which runs two root servers. Some insisted that they routinely expand capacity to guard against attacks that come from different quarters all the time.
然后,对于域名系统管理者来说,这根部不是一个平常的周日。他们计划紧盯着监视器,时刻关注网络中不寻常的通信信息,通过加密编码进行沟通,或者是数字签署邮件和私人电话专线维护。全世界有13个根服务器,分别被政府体系、学校和私人企业管理。他们当中的一些经营者更倾向于关注威胁,包括电子签名检验(使用了两个根服务器)其在内。一些认为一直都是使用老一套的扩容来防御各方威胁有待商榷。
Nevertheless, on the Internet, no warning should go unheeded, he said: “It is belt-and-suspenders stuff: Is everything where it should be? You have to be ready for disaster.”
然而,在因特网上,没有任何警告应该被忽视,他(比尔.伍德科克)说道:“这就是唇齿相依的关系,难道所有事情都不应该这样看待么?必须应该为灾难做好准备。”
提升卡
置顶卡
沉默卡
变色卡
抢沙发
千斤顶
显身卡
京公网安备 11010802022788号
