March 9, 2007 3:39 PM PST

New shield foiled Internet backbone attack

An attack in early February on key parts of the backbone of the Internet had little effect, thanks to new protection technology, according to a report released this week.

The distributed denial-of-service attack on the Domain Name System proved the effectiveness of the Anycast load-balancing system, the Internet Corporation for Assigned Names and Numbers said in a document published Thursday. ICANN regulates Internet domain name and address registration and operates one of the main so-called root DNS servers.

"The Internet sustained a significant distributed denial-of-service attack, originating from the Asia-Pacific region, but stood up to it," according to the ICANN document, which attributed the Internet's fortitude to Anycast's routing of traffic to the nearest server.

DNS serves as the address book for the Internet, mapping text-based domain names to the actual numeric IP addresses of servers connected to the Internet, and vice versa. A distributed denial-of-service attack seeks to bring targeted servers down by sending an onslaught of traffic from multiple sources, typically compromised PCs.

During the attack, which lasted almost eight hours, six of the 13 root servers that form the foundation of the Internet's DNS were targeted, ICANN said. However, only two were noticeably affected. These two did not have Anycast installed because the technology was still being tested, ICANN said.

"With the Anycast technology apparently proven, it is likely that the remaining roots--D, E, G, H and L--will move over soon," ICANN said. The letters refer to the five of the 13 official root DNS servers that do not yet have Anycast installed.

The root DNS servers sit at the top of the DNS hierarchy and get queried only if other DNS servers, like those at an Internet service provider, don't have the right address for a specific Web site. The 13 root servers are spread out across the globe and are represented by physical servers in more than 100 places geographically.

Anycast was developed after a similar denial-of-service attack hit the DNS root in 2002. That attack managed to swamp nine of the 13 root servers. "The Internet continued to run but it was a wake-up call for the root server operators," who set out to develop Anycast, ICANN said.

If the DNS system goes down, Web sites would be unreachable and e-mail undeliverable. But DNS is built to be resilient, and attacks on the system are rare.

ICANN has yet to determine the exact techniques used in the February attack. The incident will be discussed at a meeting of DNS root server operators later this month, the organization said.

See more CNET content tagged:
load balancing, DNS, Internet-backbone, DNS server, denial of service


Join the conversation!
Add your comment
Another argument for Net Neutrality
The only reason this worked is because of the nature of the free Internet. Servers are everywhere and openly communicate with one another. If one is down, another picks up the slack no matter where the server is. If Net Neutrality is not maintained, this approach will no longer be a reality. It will be a casualty of the telecommunist companies and their greed.

Posted by thenet411 (415 comments )
Reply Link Flag
Do tell
Talk about twisting reality to make it fit your ideology!
Posted by nicmart (1829 comments )
Link Flag
It works both ways
Not sure you want to go down this path. You could just as easily say Net Neutrality made the attack worse. Net Neutrality means the DoS traffic was given equal priority with legitimate traffic.
Posted by solrosenberg (124 comments )
Link Flag
Other views
I think that people are misunderstanding net neutrality (which I support).

(Most) Companies are not trying to block the free flow of information on the internet. Instead they are trying ensure that people who pay to use the company's service don't loose out if people who pay to use a different company's services start passing heavy amounts of data across their network.

For example, suppose you pay 10 million dollars to install fiber optic cables for your customers. The last thing that you want is for another company to start routing vast quantities of its own subscribers data across your cables, thus slowing your subscribers services down.

Even if we loose net neutrality, it won't impact on DNS requests, which are small and fast. Unless things get really crazy, it will only impact on high traffic services like streamed HD video from companies that don't have their own infrastructure or infrastructure deals.
Posted by perfectblue97 (326 comments )
Link Flag
Oh really?
Come on! This has nothing to do with Net Neutrality. Net Neutrality is about ISP's charging high bandwidth users (mostly other companies) more money for the bandwidth. It has nothing to do with other servers throughout the world, especialy ICANN DNS servers.

I swear, the lunatic fringe never ceases to amaze me, they pop up everywhere!
Posted by tanis143 (122 comments )
Link Flag
"So called" root DNS server
I find this amusing that there is doubt that it is a root DNS server...
Posted by denali666 (1 comment )
Reply Link Flag
Condemn Net Neutrality and condemn us all
Those who are against Net Neutrality have no understanding of history what so ever.
Freedom of thought and expression is at the very foundation of Net Neutrality.
The development of computers, and the Internet would not have been possible with out Net Neutrality.

The same people that condemn Net Neutrality are the ones that say there is no place for Hackers, and those of limited income. And although few in numbers, there are those who would limit access to the Internet on the basis of race, creed, religion, or sex. You better wake up. Oppression is oppression. You can?t color it, you can?t flavor it, and you can?t manipulate it

The ARPANET was designed for MILITARY and RESEARCH purposes only. Then a bright young fellow at MIT discovered this new network technology would allow him the ability to send a little note to fellow colleagues across the nation. Not research data, but simply a little note. BAM! E-Mail was born. Theoretically he Hacked into the ARPANET. Others saw this and thought it was so cool, and it spread like wild fire.

Now what would have happen if this bright young man at MIT was not allowed freedom of thought or expression? What would have happened if this new technology was kept secret? What would have happen if access was restricted? What would have happened if everyone that sent E-Mail was charged for each e-mail sent?

We either would not have an Internet, or it would be for the use of a select group chosen by money, power, and political greed with sever restrictions on freedom of thought, and expression!

You want to restrict freedom of thought, expression, and movement from place to place? Restrict yours, and leave mine and the other citizens of the world alone. This is OUR Internet. The Internet that allows people to see that other people across the world are no different, that they have the same problems, love, and desires as their selves. The Internet that has given knowledge to millions who would other wise have remained in the darkness of illiteracy.
Posted by the1kingarthur (47 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.