You are here: silicon.com > Software > Security Strategy

Security Strategy

Why DDos attack didn't bring down the net

Icann reveals tech that saved the servers...

Tags: anycast, ddos, icann

Printer Friendly Email Story RSS

By Joris Evers

Published: 12 March 2007 09:00 GMT

An attack in early February on key parts of the backbone of the internet had little effect thanks to new protection technology, according to a report.

The distributed denial of service attack on the Domain Name System (DNS) proved the effectiveness of the Anycast load-balancing system, the Internet Corporation for Assigned Names and Numbers (Icann) said in a document published last week. Icann regulates internet domain name and address registration and operates one of the main so-called root DNS servers.

According to the document: "The internet sustained a significant distributed denial of service attack, originating from the Asia-Pacific region but stood up to it." It attributed the internet's fortitude to Anycast's routing of traffic to the nearest server.

During the attack, which lasted almost eight hours, six of the 13 root servers that form the foundation of the net's DNS were targeted, Icann said. However, only two were noticeably affected. These two did not have Anycast installed because the technology was still being tested, it added.

It said: "With the Anycast technology apparently proven, it is likely that the remaining roots - D, E, G, H and L - will move over soon." The letters refer to the five of the 13 official root DNS servers that do not yet have Anycast installed.

The root DNS servers sit at the top of the DNS hierarchy and only get queried if other DNS servers, like those at an ISP, don't have the right address for a specific website. The 13 root servers are spread out across the globe and are represented by physical servers in more than 100 places geographically.

Anycast was developed after a similar denial of service attack hit the DNS root in 2002. That attack managed to swamp nine of the 13 root servers. Icann said: "The internet continued to run but it was a wake-up call for the root server operators," who set out to develop Anycast.

If the DNS system goes down, websites would be unreachable and email undeliverable. But DNS is built to be resilient and attacks on the system are rare.

Icann has yet to determine the exact techniques used in the February attack. The incident will be discussed at a meeting of DNS root server operators later this month, the organisation said.

Joris Evers writes for CNET News.com

Add Comment Add comment   Printer Friendly Print story   Email Story Email story   RSS
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

VeriSign warns of DoS evolution

Sun Grid battered by DoS attack

RFID 'not safe from DoS attacks'

Lord: 'We need better cyber crime laws'

'Email bomb' teen gets two-month curfew

William Hill fights back against the hackers

Hackers strike at the heart of the internet

The A to Z of security

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Fran Howarth Is SOA testing tough enough? Quocirca's Straight Talking: Firms are falling down on security...

silicon.com Dear silicon.com... XP lives, the femtocell 'truth', BlackBerry bashing… Reader Comments of the Week


Mobile industry advise on handset security

Critics attack gov't email, phone database plan

Brits living in fear of identity fraud

UK companies: Leaking like a sieve?

Outlawed: Reckless loss of data

600 HMRC workers caught snooping



Integration Test Engineer

Work closely with Sky's chosen integration partners to add domain expertise and product knowledge whilst assuring alignment to departmental visions ...

Iteration Manager

Risk analysis - The ability to organise and co-ordinate development work across multiple development teams - A logical and organised approach to ...

Infrastructure Support Specialist Server 2003, AD, DNS, DHCP, London

Infrastructure Support Specialist Server 2003, AD, DNS, DHCP, London My client is a household name is recruiting for an Infrastructure Specialist to ...

CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.

Travel site bookings fly when glitch fixed

Childnet helps parents get web savvy

Why next-gen videoconferencing can mean more travel

Sales Force Automation Comparison Guide

On-Premise CRM Comparison Guide

Staffing Service Coordinates Sales Activities, Utilizes Business Intelligence With...

Maximizing Revenues in Troubled Times: Proven Methods of Extracting Water From a...

Stories from the web...


Does the UK need a police e-crime unit?

Future security threats

Tackling security threats


Apple: The future of home tech

Broadband Blighty gets a rural flavour

Power down PCs to save millions, gov't told

Durham health consortium outsources e-procurement

Mothercare web sales boom




Quick Sitemap Links: