The attack launched in February against the domain name service (DNS) root servers targeted six servers but only significantly affected two of the systems, according to a report issued by the Internet Corporation for Assigned Names and Number (ICANN) last week.
The six-page report on the February 5 attack found evidence that the attack came from the Asia-Pacific region. The two servers significantly impaired by the attack—the U.S. Department of Defense's G root server and ICANN's L root server—were the only ones that had not deployed a technology known as Anycast.
The technology allows many servers to answer the queries to a single root server. While there are 13 root servers, computers at 100 different geographical locations actually answer queries sent to those systems. The Anycast scheme has two major benefits: servers automatically spread the impact of an attack amongst themselves, and no local disaster can disrupt the operation of the root server as a whole.
The Anycast technology was developed to answer the need for a defense against massive denial-of-service (DoS) attack. In 2002, a similar attack struck the thirteen domain name servers and seriously disrupted at least eight of the systems. Even that attack, however, failed to affect most Internet users, although it underscored that reliability and security were still problems for individual root servers. Last year, massive attacks on Internet service providers took anti-spam service Blue Security off the Internet and eventually caused the business to cease its fight against spammers.
The February attack seems to have originated from the Asia-Pacific region and may have come from bot nets based in South Korea, although the ICANN report said that conclusion in speculative.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment