DNS DDoS Attack Takes Down China Internet


The latest news is a few million Chinese Internet users had trouble accessing any websites yesterday due to a DDoS attack on the DNS system from one of the countries registrars.

It just shows that China has an inherently weak infrastructure if such a large portion of people can be disrupted with an attack to a single location.

I guess the users haven’t heard of OpenDNS either, or perhaps they can’t use it because it’s blocked by the ‘Great Firewall of China‘.

An attack on the servers of a domain registrar in China caused an online video application to cripple Internet access in parts of the country late on Wednesday.

Internet access was affected in five northern and coastal provinces after the DNS (domain name system) attack, which targeted just one company but caused unanswered information requests to flood China’s telecommunications networks, China’s IT ministry said in a statement on its Web site. The DNS is what computers use to find each other on the Internet.

The incident revealed holes in China’s DNS that are “very strange” for such a big country, said Konstantin Sapronov, head of Kaspersky’s Virus Lab in China.

The problems started when registrar DNSPod’s DNS servers were targeted with a DDOS (distributed denial of service) attack, described by the company in an online statement. In such an attack, the attacker orders a legion of compromised computers to try to communicate with a server all at once, which overwhelms the server and crushes its ability to return requests for information.

A DoS attack on the root domain servers of any organisation is always one of the most effective as you don’t have to saturate a large pipe, you just have to make the machine max out it’s CPU/RAM so it can’t serve any more requests.

It’s much better than trying to take a corporate network offline by filling up their main line. Targeted attacks are always the most effecient.

Internet access returned to normal in the late night several hours later, according to the government statement.

China had almost 300 million Internet users at the end of last year, according to the country’s domain registry agency, and streaming online video is as popular among young people as it is in Western countries.

The event, the first of its kind in China, suggests the country needs to improve its rules managing the DNS, said Zhao Wei, CEO of Knownsec, a Beijing security firm.

The original attack transformed into a regional DNS jam essentially because Baofeng is so popular, said Zhao.

Such programs may need smarter code, which could instruct them to withdraw DNS requests that go unanswered, he said. The way unanswered requests are redirected to higher-level servers could also be changed, Zhao said.

An interesting point is that the registrar that was attacked hosted the DNS for the very popular video streaming site Baofeng – the traffic was so high for this site that that unanswered DNS requests turned into another traffic jam having the effective of multiplying the original DDoS attack.

I’m guessing this was an unintended side effect, but it worked out well for the attackers.

Source: PCWorld

Posted in: Networking Hacking Tools, Telecomms Hacking

, , ,


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


2 Responses to DNS DDoS Attack Takes Down China Internet

  1. Navin May 22, 2009 at 11:36 am #

    whoa

    From the article:”The incident revealed holes in China’s DNS that are “very strange” for such a big country, said Konstantin Sapronov, head of Kaspersky’s Virus Lab in China.”

    You can say that again!!

  2. Morgan Storey May 22, 2009 at 2:12 pm #

    DNS tends to be pretty robust when set up badly, I am surprised it is setup this badly that it can take down lower level servers etc.