".ch" survives DDoS attack unscathed

Since this morning (Thursday) all the Swiss name servers have been systematically abused in a bid to stop other websites from operating. "Distributed Denial of Service (DDoS)" attacks are nothing new, but this is the first time that the .ch infrastructure has been abused. Thanks to the high-quality operation of Switzerland's Internet by the SWITCH Foundation and SWITCH's rapid intervention, all .ch websites have remained accessible all the time.

Since 04:00 this morning, all the ".ch" name servers have been attacked by meaningless queries with an intensity that is many times that of the normal network load. The .ch zone has not been the object of the attack but just the means to the end. In abusing the Swiss name servers, the attackers are attempting to prevent various websites in the USA from operating and are setting out to cause damage their operators.

Stable operation guaranteed
The attack – a standard "Distributed Denial of Service" attack – could have had far-reaching effects had there not been sufficient security precautions in place: if all the name servers are blocked, then no .ch websites can be accessed. Thanks to the rapid intervention of SWITCH's security team, it proved possible to defuse the situation. "We were prepared for such an emergency and were able to activate the necessary filters straight away and thus block the malicious traffic", explains Daniel Stirnimann who is responsible for the name server infrastructure. Since then, the load has been running at the normal level again, even though the attack is still ongoing.

Reliable Swiss Internet
While attacks of this type cannot be excluded, even with the very latest technology, it is possible to contain their impact. "SWITCH is responsible for the secure and stable operation of Switzerland's Internet and employs all the available technical and organisational options to constantly enhance stability", says Andreas Dudler, Managing Director of SWITCH. The ".ch" zone has been one of the most secure worldwide for many years.

Definition of terms

• Name server: A name server is a computer which has a database saved on it. This database sets out which IP address belongs to which domain name. IP addresses unambiguously identify every computer that is connected up to the Internet. To save having to remember complicated IP addresses, Internet users employ domain names. A name server knows, for example, that the IP address 130.59.138.34 belongs to the domain name www.switch.ch. If a name server is not available, the corresponding IP address cannot be established, and the website in question cannot be called up.
   
• DDoS: "Distributed Denial of Service" attacks are aimed at making a service unavailable by bombarding the service in question with meaningless queries and finally overloading it. If the attacks are launched from various attacking systems, then this is referred to as a distributed denial of service.
  
   

About SWITCH
As a partner to the universities, SWITCH brought the Internet to Switzerland 25 years ago. Today, the non-profit organisation with 100 employees at its headquarters in Zurich develops Internet services for lecturers, researchers and students, as well as for commercial customers. SWITCH stands for security in the Internet. 

• Background information is available on the SWITCH security blog: