- Related Stories
-
Internet backbone at center of suspected attack
February 6, 2007 -
U.N. debate swirls around domain name power
November 1, 2006 -
Root servers: The real Net power
November 21, 2005 -
VeriSign to put more backbone into the Net
May 19, 2005 -
Perspective: Defending the DNS
January 8, 2003 -
Assault on Net servers fails
October 22, 2002
The distributed denial-of-service attack on the Domain Name System proved the effectiveness of the Anycast load-balancing system, the Internet Corporation for Assigned Names and Numbers said in a document published Thursday. ICANN regulates Internet domain name and address registration and operates one of the main so-called root DNS servers.
"The Internet sustained a significant distributed denial-of-service attack, originating from the Asia-Pacific region, but stood up to it," according to the ICANN document, which attributed the Internet's fortitude to Anycast's routing of traffic to the nearest server.
DNS serves as the address book for the Internet, mapping text-based domain names to the actual numeric IP addresses of servers connected to the Internet, and vice versa. A distributed denial-of-service attack seeks to bring targeted servers down by sending an onslaught of traffic from multiple sources, typically compromised PCs.
During the attack, which lasted almost eight hours, six of the 13 root servers that form the foundation of the Internet's DNS were targeted, ICANN said. However, only two were noticeably affected. These two did not have Anycast installed because the technology was still being tested, ICANN said.
"With the Anycast technology apparently proven, it is likely that the remaining roots--D, E, G, H and L--will move over soon," ICANN said. The letters refer to the five of the 13 official root DNS servers that do not yet have Anycast installed.
The root DNS servers sit at the top of the DNS hierarchy and get queried only if other DNS servers, like those at an Internet service provider, don't have the right address for a specific Web site. The 13 root servers are spread out across the globe and are represented by physical servers in more than 100 places geographically.
Anycast was developed after a similar denial-of-service attack hit the DNS root in 2002. That attack managed to swamp nine of the 13 root servers. "The Internet continued to run but it was a wake-up call for the root server operators," who set out to develop Anycast, ICANN said.
If the DNS system goes down, Web sites would be unreachable and e-mail undeliverable. But DNS is built to be resilient, and attacks on the system are rare.
ICANN has yet to determine the exact techniques used in the February attack. The incident will be discussed at a meeting of DNS root server operators later this month, the organization said.
- More from News.com on this story's topics
Hacking
Domain names
Security threats
IDS
Hardware servers
See more CNET content tagged:
DNS,
DNS server,
load balancing,
Internet-backbone,
denial of service
- Another argument for Net Neutrality
- The only reason this worked is because of the nature of the free Internet. Servers are everywhere and openly communicate with one another. If one is down, another picks up the slack no matter where the server is. If Net Neutrality is not maintained, this approach will no longer be a reality. It will be a casualty of the telecommunist companies and their greed. KEEP THE NET FREE!
- Reply to this comment View all 4 replies
- "So called" root DNS server
- I find this amusing that there is doubt that it is a root DNS server...
- Reply to this comment
- Condemn Net Neutrality and condemn us all
- Those who are against Net Neutrality have no understanding of history what so ever. Freedom of thought and expression is at the very foundation of Net Neutrality. The development of computers, and the Internet would not have been possible with out Net Neutrality. The same people that condemn Net Neutrality are the ones that say there is no place for Hackers, and those of limited income. And although few in numbers, there are those who would limit access to the Internet on the basis of race, creed, religion, or sex. You better wake up. Oppression is oppression. You can?t color it, you can?t flavor it, and you can?t manipulate it The ARPANET was designed for MILITARY and RESEARCH purposes only. Then a bright young fellow at MIT discovered this new network technology would allow him the ability to send a little note to fellow colleagues across the nation. Not research data, but simply a little note. BAM! E-Mail was born. Theoretically he Hacked into the ARPANET. Others saw this and thought it was so cool, and it spread like wild fire. Now what would have happen if this bright young man at MIT was not allowed freedom of thought or expression? What would have happened if this new technology was kept secret? What would have happen if access was restricted? What would have happened if everyone that sent E-Mail was charged for each e-mail sent? We either would not have an Internet, or it would be for the use of a select group chosen by money, power, and political greed with sever restrictions on freedom of thought, and expression! You want to restrict freedom of thought, expression, and movement from place to place? Restrict yours, and leave mine and the other citizens of the world alone. This is OUR Internet. The Internet that allows people to see that other people across the world are no different, that they have the same problems, love, and desires as their selves. The Internet that has given knowledge to millions who would other wise have remained in the darkness of illiteracy.
- Reply to this comment
Start Doing More with Windows Mobile