It is now almost certain that there will be an escalating number of attacks, Mr. Woodcock said. Before the patch, which has now been distributed to more than three-quarters of the affected servers in the world, it would have taken as little as one second to insert false information into the address database. Now, even with the patch, attacks will be possible in a matter of minutes or hours, he said.

Mr. Polyakov carried out his attack using two fast computers, but the same attack could be carried out more quickly. There is now an intense debate over how to find a more permanent fix for the system’s weaknesses.

“We’ve bought some time,” said Paul Mockapetris, the software engineer who devised the original D.N.S. system and is now chairman of Nominum, a firm that makes a version of the D.N.S. software that is not vulnerable to the current flaw. Mr. Mockapetris described the patch that is now being put in place as the equivalent of “playing Russian roulette with a gun that has 100 bullet chambers instead of six.”

“The point,” he said, “should be to take the gun out of people’s hands.”

The root of the problem lies in the fact that the address system, which was invented in 1983, was not meant for services like electronic banking that require strict verification of identity.

Image Mr. Kaminsky, at a conference in Las Vegas, said the flaw could affect not just the Web but also other services like e-mail. Credit... Jae C. Hong/Associated Press

“They are relying on infrastructure that was not intended to do what people assume it does,” said Clifford Neuman, director of the Center for Computer Systems Security at the University of Southern California. “What makes this so frustrating is that no one has been listening to what we have been saying for the past 17 years.”

A number of Internet security engineers point out that if a solution is found for the deeper problem of identity and authentication on the Internet, it will go a long way toward stopping many of the identity-related crimes that are now commonplace.