Posted by Virus Bulletin on Mar 9, 2007
Fact sheet on web root server bombardment published by ICANN.
The Internet Corporation for Assigned Names and Numbers (ICANN), the body responsible for controlling the DNS system at the heart of the Internet, has issued a fact sheet with details of last month's 'massive attack' on several of the top-level nameservers providing connection information for the web.
The report contains little detail about the origins, tactics or motives behind the attack, other than to confirm earlier conjecture that the bombardment originated mainly in the Asia-Pacific region. The use of a sizeable botnet of zombie machines has led to speculation that South Korea, which is among the most widely connected nations, may have been host to many of the attacking machines, but whether the botnet was controlled locally or from another part of the world entirely cannot yet be confirmed.
The attack hit at least six out of the 13 main root servers, with two, one maintained by the US Department of Defense and the other run by ICANN itself, particularly severely affected. The others were protected by the Anycast system of load distribution across hundreds of individual servers around the world, a fact which ICANN's report highlights as proof of the efficacy of the Anycast implementation to defend against such attacks, by spreading the load of a heavy bombardment. Anycast also ensures that loss of connection in a single geographical area does not cause a global loss of service.
The report goes on to discuss the nature of the DNS systems running the web, the reasons for the implementation of Anycast on only some of the top-level servers, and some recommendations for improving web security in future. ICANN hopes to be able to provide more details on the attack after a major meeting of its members scheduled for later this month. The current fact sheet (in PDF format) can be found here, while an ICANN blog entry and discussion forum is here.
Posted on 09 March 2007 by Virus Bulletin
