While AT&T's (NYSE: T) issue with a Distributed Denial of Service (DDoS) attack on Wednesday appears to have affected only one or two regions and has been fixed, a DNS expert warns that carriers like AT&T need to better guard their networks against such attacks.
"Carriers in general have to worry about DDoS attacks on their infrastructure and the infrastructure of their customers," Rob Fleischman, CTO of Xerocole and a noted expert on Domain Name Systems, told FierceTelecom. "That's a generic problem that must be addressed and must be handled in the front eyes of security of everyone who runs a large carrier."
Wednesday's attack appears to have affected customers in the BellSouth region of AT&T's network, Fleischman said. The attack, which likely flooded the network between the region's DNS servers and the outside Internet with massive amounts of traffic, kept legitimate visitors from reaching websites on the network, causing plenty of headaches and frustration for businesses and their customers online.
"My company has been without internet for nearly 24 hours...this includes email, obviously," a commenter said in a related FierceTelecom article. "Clients are getting grumpy and it's completely interrupted the ability to work remotely as was the case with me this week. We can't do payroll today as it is done via the internet so our payroll / invoicing is going to be all snarled up as well."
The DDoS attack apparently found a weak spot in AT&T's network, Fleischman said, something that can happen with any carrier managing different networks across several regions.
"AT&T's a very large network, they serve a lot of masters, a tremendous amount of business customers in a geographically diverse area," he said. "You can imagine the equipment in the Southeast is very different from the equipment in the Northwest. …So everything in their network is not homogeneous. There are areas in their network that are much more protected and ready for such attacks than other areas."
Fleischman said that a failover strategy could have helped mitigate the effects of the attack. "(Normally) you wouldn't have a person in Florida accessing a server in Washington, D.C.; that's just too far away. The speed of light takes forever. You want them accessing a local DNS server. But in an attack scenario, if all your DNS servers in the Southeast were hammered, you wouldn't mind if the people in Florida fail over to a DNS server in another region. They might get a slower response, it might be a second or two delayed, but it would be better than nothing."
He added that AT&T is likely aware of this type of strategy and probably uses it in its network. "But this region, however, something clearly went wrong. …They're experts in DNS too. This just slipped through the cracks. It happens."
The DDoS attack that affected AT&T's network in the Southeast is certainly something other carriers have to worry about. For example, CenturyLink's (NYSE: CTL) recent growth into to a Tier 1 carrier, a feat achieved through plenty of merger and consolidation activity, means it operates an equally heterogeneous network with similar security issues.
"Each one of their regions has worried about this," Fleischman said of CenturyLink. "Now that they're larger, they're a bigger target, and just like AT&T, heterogeneous. Because of it, the challenges are, to be frank, just more difficult."