DNS attack downs Internet in parts of China

IDG News Service - An attack on the servers of a domain registrar in China caused an online video application to cripple Internet access in parts of the country late on Wednesday.

Internet access was affected in five northern and coastal provinces after the DNS (domain name system) attack, which targeted just one company but caused unanswered information requests to flood China's telecommunications networks, China's IT ministry said in a statement on its Web site. The DNS is what computers use to find each other on the Internet.

The incident revealed holes in China's DNS that are "very strange" for such a big country, said Konstantin Sapronov, head of Kaspersky's Virus Lab in China.

The problems started when registrar DNSPod's DNS servers were targeted with a DDOS (distributed denial of service) attack, described by the company in an online statement. In such an attack, the attacker orders a legion of compromised computers to try to communicate with a server all at once, which overwhelms the server and crushes its ability to return requests for information.

Telecom network operators blocked access to the IP (Internet Protocol) address of the registrar, concerned that its beleaguered servers were draining resources from the machine rooms they occupied, the registrar said.

Web sites served by the registrar's servers, including one that offers an extremely popular online video playing application, became inaccessible.

The story might have ended there. But as some massive number of users tried to boot up the video application, called Baofeng, their unanswered DNS requests were apparently passed on to higher-level servers that didn't know how to process them.

The requests piled up, and the resulting traffic jam slowed or halted Internet access across affected provincial networks. DNSPod was told that even Baidu, China's top search engine, became inaccessible in one province, it said in a message on Twitter.

Internet access returned to normal in the late night several hours later, according to the government statement.

China had almost 300 million Internet users at the end of last year, according to the country's domain registry agency, and streaming online video is as popular among young people as it is in Western countries.

The event, the first of its kind in China, suggests the country needs to improve its rules managing the DNS, said Zhao Wei, CEO of Knownsec, a Beijing security firm.

The original attack transformed into a regional DNS jam essentially because Baofeng is so popular, said Zhao.

Such programs may need smarter code, which could instruct them to withdraw DNS requests that go unanswered, he said. The way unanswered requests are redirected to higher-level servers could also be changed, Zhao said.

Guarding servers against DDOS attacks remains difficult. DNS service providers need reliable, secure servers and emergency plans in case they fail, said Zhao.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.