Chinese DNS poisoning 1/23/15

By Chris Johnson

Craig Hockenberry recently had a rough couple of days when the Great Firewall of China1 redirected massive amounts of traffic to one of his web servers2:

The number of requests peaked out at 52 Mbps. Let’s put that number in perspective: Daring Fireball is notorious for taking down sites by sending them about 500 Kbps of traffic. What we had just experienced was roughly the equivalent of 100 fireballs. (…) If each of those requests were 500 bytes, that’s 13,000 requests per second. That’s about a third of Google’s global search traffic.

Suffice it to say, his server crashed pretty hard. His only recourse was to block Chinese IP addresses from ever getting to his server.

I didn’t even realize an attack like this was possible, but as Hockenberry notes, he wasn’t the only target.

Update: Matt Wilcox ran into the same problem, and he explains how to block Chinese IP addresses using iptables.

  1. Otherwise known as the Golden Shield Project.

  2. We’ll likely never know exactly why this redirection happened, but theorists think this is a more efficient way for the Chinese government to censor websites.