In the wake of last week's unprecedented DDoS attack against all 13 of the Internet's root-name servers, the government and ICANN, one of the Internet's main governing bodies, are considering changes to help protect the DNS system against future attacks. . . .
In the wake of last week's unprecedented DDoS attack against all 13 of the Internet's root-name servers, the government and ICANN, one of the Internet's main governing bodies, are considering changes to help protect the DNS system against future attacks.

The most immediate and significant changes will likely come from the Internet Corporation for Assigned Names and Numbers, which is holding a meeting this week in Shanghai, China. The body, which is ultimately responsible for maintaining the root servers that contain the master list of Internet domains, will hear recommendations from its Security and Stability Advisory Committee on securing the edge of the Domain Name System network. Specifically, the committee will recommend that ISPs take steps to prevent packets with forged IP addresses from being used in distributed-denial-of-service attacks, according to sources.

Typically, virtually all packets in such attacks carry forged IP addresses, making it difficult for engineers to trace or filter them. The technology to prevent forwarding of such packets has been in most routers for several years, but ISPs have been reluctant to use it.

The link for this article located at eWeek is no longer available.