DNS Poisoning Suspected Cause of Huge Internet Outage in China
DNS poisoning cuts Internet access for millions of users in China, but so far government officials have not clearly stated whether it was the result of a mistake or a cyber-attack.Internet users in China were affected by a large-scale outage over an eight-hour period on Jan. 21 that has been linked to an unspecified DNS problem that redirected traffic and prevented many Web users from reaching popular domains. DNS (Domain Name System) is the technology that links domain names and routes them to the right IP address location. It is not entirely clear whether or not the DNS issue was the result of a hacker attack against China's DNS infrastructure or whether it was an error made by Chinese government authorities. The Chinese government operates an Internet-filtering capability for all Chinese Internet users that is generally referred to as the Great Firewall of China (GFW). At least one Great Firewall watchdog site is blaming the Great Firewall as the source of the DNS issue. "We have conclusive evidence that this outage was caused by the Great Firewall (GFW)," greatfire.org reported. "DNS poisoning is used extensively by the GFW."
DNS poisoning is an attack that infects legitimate DNS records in an effort to redirect traffic. The initial indication is that traffic was redirected to the IP address 18.104.22.168, which is owned by Dynamic Internet Technology, a company that operates a GFW bypass tool. Great Fire speculated that the redirection was unintentional.