The Internet Is Still a Fragile Place
It still doesn't take much to knock out the Internet for many users. An attack here, a piece of poorly designed software there and all of a sudden, there's a huge number of people who can no longer access the Internet.
Last week a series of events took place that left five Chinese provinces without any Internet connection. According to the news reports the first event was a Distributed Denial of Service attack against the servers of DNSPod, a company which provides DNS services and acts as a domain registrar. While DNSPod tried to fend off the attack without it affecting their customers, it wasn't completely successful.
A popular Chinese video streaming service, Baofeng, used one of DNSPod's servers as their authoritative DNS Server, and the DDoS attack prevented successful DNS lookups being made to this particular server.
So far, this isn't something that should have caused too many problems. The loss of authoritative DNS records isn't going to be a problem until cached responses held by other servers expire, and it isn't going to be a big problem unless the platforms issuing the queries continue to do so even after no response has been received.
This is where the subsequent events take place.
The Baofeng media player software was written to continuously issue DNS requests if the previous data had expired. As the cached results around the Internet expired, online users who were trying to use their media player suddenly started sending continuous requests to a server that was already unreachable due to the initial DDoS. Not only did this flood act to replace the initial DDoS, but it grew to such an extent that it choked the networks of China Telecom. Network connections were so clogged with DNS queries that other legitimate traffic could not get through, timing out or just not being able to even establish a viable connection.
Five provinces lost effective Internet connectivity as a result.
Would the design flaw in the Baofeng media player have been identified if it wasn't for the initial attack against the DNS server that led to the cached results expiring? What other systems out there are at critical risk of failure due to unexpected secondary events from otherwise commonplace activity? Just how close are sections of the Internet to failing and what is the default spare capacity of most of the Internet?
28 May 2009
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.