Report on TLD DNS DDoS attack released

Posted by   Virus Bulletin on   Mar 9, 2007

Fact sheet on web root server bombardment published by ICANN.

The Internet Corporation for Assigned Names and Numbers (ICANN), the body responsible for controlling the DNS system at the heart of the Internet, has issued a fact sheet with details of last month's 'massive attack' on several of the top-level nameservers providing connection information for the web.

The report contains little detail about the origins, tactics or motives behind the attack, other than to confirm earlier conjecture that the bombardment originated mainly in the Asia-Pacific region. The use of a sizeable botnet of zombie machines has led to speculation that South Korea, which is among the most widely connected nations, may have been host to many of the attacking machines, but whether the botnet was controlled locally or from another part of the world entirely cannot yet be confirmed.

The attack hit at least six out of the 13 main root servers, with two, one maintained by the US Department of Defense and the other run by ICANN itself, particularly severely affected. The others were protected by the Anycast system of load distribution across hundreds of individual servers around the world, a fact which ICANN's report highlights as proof of the efficacy of the Anycast implementation to defend against such attacks, by spreading the load of a heavy bombardment. Anycast also ensures that loss of connection in a single geographical area does not cause a global loss of service.

The report goes on to discuss the nature of the DNS systems running the web, the reasons for the implementation of Anycast on only some of the top-level servers, and some recommendations for improving web security in future. ICANN hopes to be able to provide more details on the attack after a major meeting of its members scheduled for later this month. The current fact sheet (in PDF format) can be found here, while an ICANN blog entry and discussion forum is here.

Posted on 09 March 2007 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.