DNS large-scale fault: Domain Name Service provider attacked by malicious chickens

The intermediary transaction SEO diagnoses Taobao guest stationmaster buys the Cloud host technology Hall

Sina Science and technology news May 21, according to many sources, May 19 led to a number of provincial network fault has been identified: the Domain Name Service provider Dnspod encounter malicious attack paralysis, resulting in its service object storm audio and video site users can not find the correct server, The heavy accumulation of access applications has led to the burden of telecommunications networks, resulting in network paralysis.

Dnspod encounter 10G traffic malicious attack

Dnspod is a free DNS (domain Name System) products, for the same time Telecom, Netcom, Education Network Server Web site to provide intelligent analysis, so that telecommunications users access to telecommunications servers, Netcom's users access to Netcom's servers, to achieve interoperability effect. Storm audio and video is also one of Dnspod service objects.

May 18 Night around 22 o'clock, the Dnspod master station and multiple DNS servers suffered more than 10G traffic malicious attacks. People familiar with the matter said that the night of 18th dnspod exhausted the entire room about one-third of the bandwidth resources, in order not to affect other users of the computer room, dnspod Telecom main DNS server was forced offline.

Dnspod on the evening of 19th, issued a letter of apology, said that after a malicious attack by the backbone of the telecommunications network to seal off IP, although dnspod timely replacement of IP, but due to DNS protocol restrictions, DNS change IP up to 72 hours to take effect, resulting in many users of the domain name has been unable to resolve Records have been stuck in the telecommunications backbone of the old IP sealed off.

In Dnspod issued an apology letter approximate time, another round of high-intensity malicious attack to Dnspod, Dnspod service complete interruption, service completely paralyzed, under all the domain name can not access, including Storm audio and video site.

As a result of a large number of storm audio and video users to open the Storm AV Web page or the use of their online video services, these users submitted access to the application can not find the correct server, a large number of accumulated continuous access to the application of the network has multiplied the burden of telecommunications networks, congestion.

May 19 around 21 o'clock in the evening, Jiangsu, Anhui, Guangxi, Hainan, Gansu, Zhejiang Province, six provinces have been large-scale network failures, many Internet users have access to the Internet slow or unable to visit the site and so on. Before 0, some of the local operators will be the Storm AV server IP into the DNS cache or prohibit their domain name resolution, the network situation began to resume.

Suspected web site uses chicken to attack

May 20 Afternoon, the Ministry of Industry and Information Technology Communications Security Bureau convened the National Computer Emergency Management Coordination Center, Telecommunications Research Institute, China Telecom Group, Storm audio and video companies on May 19 network failure to convene an emergency meeting.

According to the announcement issued by the Ministry of Industry, confirmed that the incident is the storm site domain name resolution system by the network attack failure, leading to the telecommunications operators of the recursive domain name resolution server received a large number of abnormal requests caused congestion.

People familiar with the matter said the accident was the culprit of the same use of dnspod services on a Web site. The web site in the case of unsuccessful attacks on the Web server, the use of a large number of "broiler" to the dnspod of crazy attacks. In his letter of apology, Dnspod said that this is the largest attack on Dnspod since the station, Dnspod plans to improve the stability of free DNS users by redeploying multiple DNS servers to load balancing, mass bans, and other controversial, vulnerable domain names.

At the same time, the Ministry of Industry in the emergency meeting required the telecommunications operators to do a good job of user interpretation. Analogy, eliminate hidden dangers and prevent similar situations from happening. Further strengthen the network security monitoring and early warning and communication work, improve the contingency plan to ensure the safe operation of the network.

Storm Video CEO Fengxin said it would back up the domain name server, avoid similar problems, in the software's internet mechanism to increase security considerations, storm technology will work overtime, in three days to complete the job. In addition, he said, the storm audio and video will be with China Telecom, Chinese unicom and other operators, strengthen the technical level of communication and cooperation, build a safe and smooth internet environment.

China Telecom said that in the future will do a better job of network monitoring, found that the abnormal situation in time to deal with, minimize the impact on users, to ensure that users enjoy unobstructed network services.

Some internet sources believe the attack shows the fragility of the Internet, especially the DNS servers. If the future is not strengthened in this respect, the consequences will be disastrous.