The China Internet Network Information Center (CNNIC) said yesterday that the country had experienced a huge Distributed Denial of Service (DDoS) attack.
A DDoS attack utilises a large number of computers (thousands generally) along with many internet connections to flood a server with packets until such time as it’s bandwidth and other resources become overloaded and the server basically ceases to be able to cope. Such networks of computers are often unwitting participants who have been caught in a botnet.
The attack, which began around 2 a.m. local time yesterday, was aimed against the national domain name service (DNS). Two hours after the initial attack a more intense one followed which CNNIC described as the largest ever in China. High-profile sites such as Amazon.cn, Weibo and the Bank of China were all either loading extremely slowly or were completely inaccessible.
According to CNNIC.net, who apologised to internet users for the inconvenience and condemned the attacks, the service was almost fully restored by 2 p.m. following varying levels of disruption to a whole raft of domestic web sites with the .cn top level domain.
In response to the DDoS attack the CCNIC implemented a DNS security contingency plan in order to protect Chinese web sites but, unfortunately, there is no information available on the specifics of what that plan entails exactly. The body have, however, said that they are working on enhancing their ability to prevent such an incident occurring again in the future.
In a blog posting on The Wall Street Journal Matthew Prince, CEO of CloudFlare said that his company had observed a 32% drop in traffic for the Chinese domains hosted via their service in comparison to the previous 24 hour period. He commented that, “That’s likely representative of the overall drop in traffic generally.”
With China often seen as a potential source of various attacks around the world wide web it may seem strange that their national DNS system could have so easily fallen prey to an attack. But before anyone gets carried away and starts thinking that this was a nationally sponsored attack it should be noted that DDoS attacks are relatively easy to employ and do not require advanced technological knowledge or backing to implement. As Matthew Prince went on to say, “I don’t know how big the ‘pipes’ of .cn are, but it is not necessarily correct to infer that the attacker in this case had a significant amount of technical sophistication or resources. It may have well have been a single individual.”
Given how frequent DDoS attacks are, and the susceptibility of a nation to one, perhaps now is the time to evaluate the plans your business has in place to mitigate against such an assault?