ICANN: Anycast And Communication Foiled February's Root Server AttackICANN: Anycast And Communication Foiled February's Root Server Attack

A denial-of-service attack last month that threatened to take out the Internet "root servers" was thwarted in part with a new load-balancing technology.

ICANN, which manages Internet functions such as domain names, released a report on the attack, which targeted the 13 root servers that convert URLs into the numeric addresses used to route traffic. A large botnet tried to overwhelm the root servers, but Internet users didn't notice a disruption in service.

ICANN says a new technology called Anycast was a major reason the root servers held up against the barrage. Anycast lets servers in different locations act as if they're all together in the same place and spread the load of the attack among themselves. The 13 root servers actually involve many more computers, with each root server referring to an IP address that can front many servers.

At least six of the 13 root servers were attacked, but only two were noticeably affected: g-root, run by the U.S. Department of Defense, and l-root, which ICANN operates. Neither used Anycast. That was a conscious choice to vary system design for reliability. But now Anycast will be added to all the roots.

The report also credits old-fashioned communication, with the engineers in charge of the roots around the globe sharing information about the attack and how they were battling it.

The engineers defended the roots by adding bandwidth and finding patterns in the malicious queries, so they could filter them out.