Absence of ‘Anycast’ Succumbed Servers to ‘DDoS’

The highly publicized attack on the DNS servers, the backbone of the Internet in early February 2007 is the subject of a recent report by the Internet Corporation for Assigned Names and Numbers (ICANN).

The attack affected six of the thirteen root servers but the two that suffered significant damages did not have Anycast technology deployed on them, according to the report. The report thought that further analysis was required to complete the research.

ICANN said that with the apparently proven Anycast technology, it is possible that the other roots - D, E, G, H and L will install it soon. These letters indicate the five of the thirteen authorized root DNS servers that are devoid of Anycast technology.

The DDoS attack severely damaged the "g-root" server that the U.S. Department of Defense operates. Its physical location is in Ohio. And the other of the two damaged root servers "i-root" that ICANN runs is located in California, reported ICANN.

Anycast was created in 2002 after a similar DOS attack struck the DNS root servers.

DNS operates as the address list for the Internet, matching textual domain names with the real numeric IP addresses of servers linked to the Internet, and also in the reverse. A distributed 'denial of service' attempts to disable targeted servers by choking them with a massive amount of traffic sent from various compromised PCs called zombies.

One explanation for the root server attack is certainly the technical challenge to bring down the Internet's most protected servers. The aspiration for a person to say that he crippled the Internet was something that would arouse a small party of individuals, said the report. Another explanation could be that the attacks serve as a canvassing for a certain botnet.

It seems the February 2007 attack triggered from the Asia-Pacific region and may have arrived from botnets situated in South Korea. However, ICANN report is speculative about that conclusion.

ICANN is still to find the exact techniques that the February 2007 attack used. This will be part of discussion among operators of DNS root servers later in March 2007, the organization confirmed.

» SPAMfighter News - 3/26/2007