Icann reveals tech that saved the servers...
By Joris Evers
Published: 12 March 2007 09:00 GMT
An attack in early February on key parts of the backbone of the internet had little effect thanks to new protection technology, according to a report.
The distributed denial of service attack on the Domain Name System (DNS) proved the effectiveness of the Anycast load-balancing system, the Internet Corporation for Assigned Names and Numbers (Icann) said in a document published last week. Icann regulates internet domain name and address registration and operates one of the main so-called root DNS servers.
According to the document: "The internet sustained a significant distributed denial of service attack, originating from the Asia-Pacific region but stood up to it." It attributed the internet's fortitude to Anycast's routing of traffic to the nearest server.
During the attack, which lasted almost eight hours, six of the 13 root servers that form the foundation of the net's DNS were targeted, Icann said. However, only two were noticeably affected. These two did not have Anycast installed because the technology was still being tested, it added.
It said: "With the Anycast technology apparently proven, it is likely that the remaining roots - D, E, G, H and L - will move over soon." The letters refer to the five of the 13 official root DNS servers that do not yet have Anycast installed.
The root DNS servers sit at the top of the DNS hierarchy and only get queried if other DNS servers, like those at an ISP, don't have the right address for a specific website. The 13 root servers are spread out across the globe and are represented by physical servers in more than 100 places geographically.
Anycast was developed after a similar denial of service attack hit the DNS root in 2002. That attack managed to swamp nine of the 13 root servers. Icann said: "The internet continued to run but it was a wake-up call for the root server operators," who set out to develop Anycast.
If the DNS system goes down, websites would be unreachable and email undeliverable. But DNS is built to be resilient and attacks on the system are rare.
Icann has yet to determine the exact techniques used in the February attack. The incident will be discussed at a meeting of DNS root server operators later this month, the organisation said.
Joris Evers writes for CNET News.com
Fundamental knowledge of Domain Name Registration process and DNS? This role is an integral role in the Company? s strategic direction, development, ...
Responsible for root cause analysis of recurring or major issues through service desk, employees and customer feedback. Occasionally carries out on ...
Middle East and Asia Pacific. AdaptiveMobile was founded in 2003 and boasts some of the world's largest mobile operators as customers and the leading ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy