Considering the small number of servers and their value I'm surprised
nobody has gone for a sustained DDOS against them all at once. This could
get pretty messy if they managed it.
In nearly a century of international telecommunications, the number
of deliberate attacks on the infrastructure itself is amazingly small.
Historically, network engineers have been more dangerous to the
infrastructure than malicious actors. The telephone system, credit
card system, electric grid and so forth all have significant infrastructure
vulnerabilities.
Obviously it's pretty hard to add additional servers but has the option of
splitting the current group into multiple distributed machines with the
same ip (like how these other DNS organisations are doing) been looked at?
I haven't physically seen all the root servers, but the volunteers
operating the servers take their task seriously. There are a lot more
than 13 physical machines. Of course, Murphy is always on the prowl, and
there isn't a real effective way to protect against a DDOS. If there
was a way to protect your server, I think the IRC people would have
already implemented it.
