How to defend against Account Takeovers
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
Introduction
Anycast is a networking and routing technique where a single IP address is announced from multiple physical locations around the world. Unlike traditional unicast communication (which is one-to-one), anycast allows multiple servers in different geographic locations to share the same IP address. When a user makes a request to an anycast IP address, the internet's routing infrastructure automatically directs them to the nearest available server.
This technology is fundamental to modern internet infrastructure, particularly for DNS services, and plays a crucial role in making the internet fast and resilient.
How it Works
The magic of anycast lies in how internet routing protocols work. Here's the process:
-
IP Advertisement: Multiple servers in different locations (like New York, London, Tokyo, and Sydney) all announce they can handle traffic for the same IP address, say
1.1.1.1. -
Routing Decisions: Internet routers use protocols like BGP (Border Gateway Protocol) to determine the "best" path to reach an IP address. This decision is based on factors like:
-
Network hops (shorter paths are preferred)
- Network policies and costs
-
Current network conditions
-
Automatic Routing: When a user in Australia makes a request to
1.1.1.1, the internet's routing system automatically directs that traffic to the Sydney server rather than the New York one, because it's "closer" from a network perspective. -
Transparent to Users: The user has no idea which physical server they're connecting to - they just know they're connecting to
1.1.1.1.
Use in DNS
Anycast is widely used by DNS service providers to create fast, globally distributed DNS infrastructure. Here's how it works in practice:
Global DNS Infrastructure
Major DNS providers like Cloudflare, Google Public DNS, and OpenDNS operate hundreds of servers worldwide, all sharing the same anycast IP addresses:
- Cloudflare DNS:
1.1.1.1and1.0.0.1 - Google Public DNS:
8.8.8.8and8.8.4.4 - OpenDNS:
208.67.222.222and208.67.220.220
DNS Query Process
When you configure your device to use 8.8.8.8 as your DNS server:
- Your device sends a DNS query to
8.8.8.8 - Internet routing automatically directs this query to the nearest Google DNS server
- That server responds with the DNS answer
- You get fast DNS resolution without knowing which specific server handled your request
Benefits
Anycast provides several critical advantages for network services:
Lower Latency
By serving users from the nearest geographic location, anycast dramatically reduces the time it takes for data to travel between the user and the server. A DNS query that might take 200ms to reach a server on another continent could take just 10ms to reach a local anycast node.
Higher Availability and Resilience
Anycast provides automatic failover capabilities. If one location goes down due to:
- Server failures
- Network outages
- Natural disasters
- Maintenance
The internet's routing system automatically redirects traffic to the next closest available location. This happens transparently and usually within seconds, with no configuration changes needed.
DDoS Mitigation
Anycast networks can absorb massive distributed denial-of-service (DDoS) attacks by:
- Distributing Attack Traffic: Instead of overwhelming a single server, attack traffic is automatically spread across multiple locations
- Localized Impact: An attack might only affect the nearest anycast node, while users in other regions continue to be served normally
- Massive Capacity: Large anycast networks have aggregate bandwidth that far exceeds what attackers can typically generate
Example: Absorbing a 1 Tbps Attack
When a major DNS provider faces a 1 Tbps DDoS attack, their anycast network might distribute this across 100+ locations worldwide, meaning each location only needs to handle about 10 Gbps - a much more manageable load.
Real-World Examples
DNS Services
- Cloudflare: Operates over 250 cities worldwide with anycast DNS
- Google: Uses anycast for Google Public DNS across dozens of locations
- Root DNS servers: The internet's root DNS infrastructure relies heavily on anycast
CDNs and Other Services
- Many CDN providers use anycast for their edge servers
- NTP (Network Time Protocol) servers often use anycast
- Some gaming networks use anycast to reduce player latency
Conclusion
Anycast is a key technology that makes modern DNS services fast, reliable, and resilient. It's an elegant solution that leverages the internet's existing routing infrastructure to automatically direct users to the best available server.
For end users, anycast is invisible but provides tangible benefits: faster website loading, more reliable internet connectivity, and protection against service disruptions. For service providers, it's an essential tool for building globally distributed, high-performance infrastructure that can scale to serve billions of users while maintaining excellent performance and availability.
Related Articles
What is an Account Takeover?
An overview of Account Takeover Attacks
Anatomy of a Credential Stuffing Attack
A step-by-step breakdown of how credential stuffing attacks are carried out, from obtaining stolen credentials to bypassing defenses and taking over accounts.
What is Anycast DNS?
An introduction to Anycast DNS
What is an Apex Domain?
A quick description about what an Apex Domain is.
Best Practices for API Key Management and Rotation
Learn the essential best practices for managing and rotating API keys to enhance security, prevent unauthorized access, and minimize the impact of key compromise.