Cyber attack experts say China needs to build its own root-name servers

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

Introduction: In response to the January 21, about 3:10 P.M. in China's Internet rare "public safety accident", the National Internet Emergency Center said yesterday, the preliminary judgement of the incident is due to cyber attacks in China, Internet users through the international top-level domain name service to resolve the anomaly, the source of the attack is further investigation. Many experts call for the security of domain Name System construction imminent.

Authoritative release

Internet logon anomaly due to network attack

The National Internet Emergency Center said yesterday that it had analyzed the data, and initially judged that the incident was an anomaly caused by cyber attacks, and that the source of the attack was being further investigated.

January 21 around 3:10 P.M., a large number of Internet users can not normally access the domain name ". com", ". Net" and other end of the Web site, the Chinese internet has a rare "public safety accident", the country about 2/3 of the Web site DNS server resolution failed, many domestic sites have intermittent inaccessible situation, Up to tens of millions of users can not successfully access the Internet. After the incident, the National Internet Emergency Center launched the first emergency response mechanism, coordinate the organization of some technical support units for investigation and emergency disposal, around 16:50, the user access to basic return to normal.

Public information shows that the National Internet Emergency Center was established in September 1999, the Center "for Non-governmental, non-profit network security technology coordination organization." 360 Company network security engineer Dongfang yesterday also said that through the analysis of DNS tracking test, the world's 13 root domain name servers, at least two root servers were contaminated, so that the domestic common top-level domain root server anomalies, resulting in a large number of domestic web sites can not be normal access. It does not exclude hacker attacks, it may be hijacked in the process of network transmission.

News paparazzi

User may be Phishing scam

Internet highly dependent DNS service is the internet world's road Traffic navigation system, DNS services by hackers, will cause the Internet's navigation system complete interruption or total chaos. "The result is that the Internet is not normal, or network access has been incorrectly navigated to the wrong server, such as the original to Taobao, but the wrong DNS service to navigate to the phishing site," said the network of the relevant security experts Jinshan. DNS service is hijacked by attack, normal access is resolved to the wrong server address, one of the obvious faults is large area broken network, another big risk is phishing website fraud. The hacker may resolve the normal website domain name to the wrong address, if the hacker in this target address constructs a phishing website, the Netizen enters the account password information in the phishing website to be stolen.

The DNS failure time lasted about 20 minutes, one hours later, the affected. com Web site began to resume normal access, but also due to the DNS cache and other reasons, more than 10 provinces and municipalities in the country, some users in 12-24 hours can not fully return to normal, some areas even lasted 48 hours.

In fact, domain Name service security issues are not uncommon today. The earliest large-scale DNS hijacking attack occurred in 2010, when the trust provider of Domain name resolution services for Baidu was hacked, hackers tampered with Baidu's domain name resolution information, resulting in the day within hours, netizens can not normally visit Baidu website. General DNS hijacking attacks are common: when a virus is in the computer, some viruses tamper with DNS configuration information on the local computer, making it inaccessible to Internet users or visiting phishing sites. 2013, a large number of home wireless router security vulnerabilities were found, access to a specific attack Web page, the router's DNS configuration will be immediately tampered with. Since then, the injured netizens use Taobao shopping, will be forced to browse to a Taobao customer promotion station, attackers can therefore gain a lot of benefits. Some regional operators use DNS hijacking, forcing users to pop ads when their computers are online.

Experts call

The establishment of root domain directory server in China is imminent

There have been reports that the authoritative server in China, the average security index is low, most of the domain name authoritative server security status is poor. Some experts believe that, at present, China's domain Name System security is not enough to improve the domain Name System security linkage mechanism, especially rapid response and processing mechanism imminent. "In particular, root domain servers in the United States as well as Japan and Europe, if the root domain problems, will affect all of our domain name resolution and site access, therefore, we need to establish a comprehensive DNS monitoring and disaster preparedness system, as soon as possible in the domestic establishment of root directory server. "Dongfang said.

A number of experts suggested that more investment in the national domain Name System infrastructure construction. At the same time, as soon as possible to improve the domain Name System security linkage mechanism, especially the rapid response and processing mechanism, through coordinated linkage in the network bandwidth, Operation Security, emergency coordination and so on to ensure adequate resources support, increase the domain name technology research and various aspects of fault handling capabilities to ensure network security.