Domain name resolution failure or foreign hacker attack

The website domain name parsing error causes the large-scale disconnection network; global 13 root domain Name Server 10 Taiwan in the United States, China has no control.

Yesterday afternoon, the national DNS domain name resolution system has a wide range of access failures, the country's most of the site to varying degrees in different regions, different network environment access failure. The fault is network technology failure, or hacker attack? What are the risks that netizens face when they visit these websites?

Probe

The target site had a hacker attack.

Network security experts said the site is not accessible because the site domain name resolution error.

Baidu Company A technician analysis that the site domain name resolution errors exist several possible. First, the hacker attacks the foreign root server causes the domestic server domain name resolution to be polluted. Second, because of the network nodes in the data transmission process, the node may become the target of attack. However, if the attack node, the attack is more special, "The attacker has neither a map name, nor profit, but pointed to a no specific content of the IP address." Third, hackers in the attack on a single website, because more nodes, resulting in node pollution and thus affect the whole network.

In addition, there are hackers to attack domestic operators and network firewalls, or domestic network operators due to some kind of fault operation caused the failure.

360 site defender Dongfang explained that the failure is due to 13 of the highest level of global DNS root domain name servers in one or two of the problem, "is likely to be human factors, do not exclude hacker attacks."

It is reported that the failure of a large number of sites to be resolved to the IP is the United States North Carolina State Town dynamic Internet Marvell Company. According to the record, this IP has had the hacker attack behavior.

Explanation

Why is mobile phone online unaffected?

Access to the Internet, to go through a URL to the IP conversion process, the process is through access to the Internet Domain name resolution system (DNS) implemented, that is, the domain name server to complete.

The root domain server is the highest-level domain name server in DNS, with only 13 root servers worldwide. Of these 13 root servers, the primary root server and 9 auxiliary root servers are located in the United States, the remaining 3 units, 2 in Europe and 1 in Japan. Currently, the Internet name and digital address distribution Agency (ICANN) is fully managing DNS.

Senior IT media person Yang told Beijing News reporter, in the root domain name server, ICANN plays a role in coordinating management, each organization manages the root domain name server separately, unified coordination and carries on the business operation. ICANN itself is the ultimate arbiter of Internet domain names.

Although most of the domestic network access failure, but most of the site's mobile phone clients in this fault has not been affected, including Sina Weibo, Alipay, etc., and other mainstream applications can still be used normally. In this respect, 360 network security Engineer Zhao explained that the world has 13 root servers, assuming this time two were "contaminated", there are 11 units are clean. Because of the different network access mechanism, mobile Internet may access different root servers, so when accessing some Web pages, on the PC can not log on, on the phone but the normal log on.

Warning

Experts recommend to build a DNS monitoring system as soon as possible

DNS service is hijacked by attacks, normal access is resolved to the wrong server address, the most direct impact on netizens is a large area of broken nets, the risk is phishing website fraud.

The hacker may resolve the normal website domain name to the wrong address, if the hacker in this target address constructs a phishing website, the Netizen enters the account password information in the phishing website to be stolen. Large-scale DNS hijacking, the results are often broken nets, because the number of large site visits is too large, phishing server may not be able to carry large traffic visits, the moment will be paralyzed, netizens see the result is the Web page can not open.

2013, a large number of home wireless router security vulnerabilities were found, access to a specific attack Web page, the router's DNS configuration will be immediately tampered with. Since then, the injured netizens use Taobao shopping, will be forced to browse to a Taobao customer promotion station, attackers can therefore gain a lot of benefits. Some regional operators use DNS to force pop-up ads on users ' computers when they surf the internet.

360 Webmaster Dongfang explained, "This DNS failure, resulting in the Domestic Two-thirds Web site DNS server resolution failed, the country as many as tens of millions of users can not normally visit the website." Fortunately, the domain name hijacked IP is an inaccessible address, if it is a phishing website or illegal profit site, may cause loss of user property, personal information leakage and other hazards. ”

"If China does not establish a perfect DNS monitoring and disaster preparedness system, the future is likely to be affected by such failures," Dongfang told the Beijing News reporter, "because the root domain name servers in the United States as well as Japan and Europe, our country has little control over the root domain, if the root domain name problems, Will affect all of our country domain name resolution and website visit, therefore, need to establish a complete set of DNS monitoring and disaster preparedness system. At the same time, it is best to establish a root domain directory server in China as soon as possible.