back to article DNS poisoning slams web traffic from millions in China into the wrong hole

A widespread DNS outage hit China on Tuesday‪, leaving millions of surfers adrift.‬ DNS issues in China between 7am and 9am GMT left millions of domains inaccessible. Two-thirds of China’s DNS (Domain Name System) infrastructure was blighted by the incident, which stemmed from a cache poisoning attack. Chinese netizens were …

COMMENTS

This topic is closed for new posts.
  1. Destroy All Monsters Silver badge
    Headmaster

    That Walls Street Website is for people with financial braincancer.

    Why do they put STOCKTICKERS behind COMPANY NAMES IN THE ARTICLE?

    Stockwanking taken too far? I assure you not! It's for people with financial nous that mere mortals cannot reach!!

    Meanwhile, China is making a creaking sound. Bizarre, it sounds like U-Boat that is reaching crush debt, are you sure those bank reinforcements are sufficiently str--- CARRIER LOST.

    1. FrankAlphaXII

      Re: That Walls Street Website is for people with financial braincancer.

      >>Why do they put STOCKTICKERS behind COMPANY NAMES IN THE ARTICLE?

      You still get an upvote, but have you not ever read the Wall Street Urinal? They've been doing that for a very long time, since the advent of ticker symbols over telegraph in the late 1800's. Its still just a PR outlet and a place for overpaid analysts to vent their spleens and make an ungodly amount of money while they're at it. I invest and have since I was 17, but I don't think I've ever made money on something the FT, Bloomberg, or WSJ recommended. The Economist's much better for picking industries apart and finding the gems among the turds even though they're mostly a foreign policy rag anymore.

      But again, you get an upvote for the link about China and a coming default, China's shadow banking will be its undoing, all of their banks (including their multinationals like HSBC that should really know better) issue their own off the books currency and loans. If China manages to avoid a default and economic collapse rivalling the US-European financial collapse of 2008, I will be very surprised.

  2. gerdesj Silver badge

    Why attribute to malice ...

    Why attribute to malice that which can be more easily caused by incompetence?

    What about a DNS filter update gone wrong. I can't believe that part of the GFoC doesn't include DNS level filtering.

    It's so much easier and cheaper to filter DNS than a massive layer 7 deep packet jobbie which would be the final stage in their filter. There's probably some pretty serious transparent proxying in there as well.

    Head off the bulk of naughty traffic at the DNS lookup stage and the rest of your filters need not be quite so powerful as they otherwise would need be.

    Cheers

    Jon

  3. John Crisp

    NSA morning meeting

    Damn, damn, damn. Back to the drawing board boys....

  4. diadomraz

    I have a few servers in China and witnessed the problem first hand. While the initial claim was a DNS poisoning of the root and the gTLD servers, it affected only mainland China - no similar issues were found in Hong Kong for example. Our DNS cache logs showed bogus responses from DNS servers all over the world including the bbc.co.uk NS servers - most likely they were changed in transit by the China's firewall.

    My best quess is they botched an update to the Great Firewall of China and instead of banning that IP just set a DNS redirect pointing to it. More information on http://websitepulse.com/blog/china_dns_issues

  5. diadomraz
    Mushroom

    How to do DDOS properly

    While I consider it highly unlikely that this was caused by a hacker attack, looking at the results I'm seeing the largest botnet in history.. The number of Internet users in China is estimated around 618 million and this doesn't include the number of servers running in the mainland China. An attack like this can point all their requests to any single IP in just a few minutes. This will dwarf any botnet to date - Bredolab was estimated at 30 million bots

  6. dephormation.org.uk
    Devil

    Ultrasurf?

    65.49.2.178 -> Sophidea -> Ultrasurf

    "a product of Ultrareach Internet Corporation, originally created to help internet users in China find security and freedom online"

    1. diadomraz

      Re: Ultrasurf?

      The routing to the IP was passing via dit-inc.us network and there were several interviews with Bill Xia the creator of Dynamic Internet Technology who was on the receiving end of the Chinese traffic at the time. They are in the same business as Ultrasurf but they might be doing a better job of it.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019