China Hit with Biggest DDoS Attack in its History
China faced the largest distributed denial-of-service (DDoS) attack in its history over the weekend, leading to a two-to-four hour shutdown of swaths of IP addresses using .cn, China’s country code top-level domain.
The China Internet Network Information Center (CNNIC), which maintains the registry for .cn, issued an apology and a notice that at 2 and 4 in the morning early Sunday local time, its National Nodes DNS was hit with two big attacks. The attacks are continuing on the registry itself, it said, although national domain name resolution services have been gradually restored.
CloudFlare CEO Matthew Prince told the Wall Street Journal that his company saw a 32% drop in traffic for the thousands of Chinese domains on the company’s network during the attack period, compared with the same timeframe on Saturday.
Despite China’s technical sophistication and reputation for having a crack cybersecurity force in place for both defensive and offensive actions, the reality is that this attack, as massive as it was, wasn’t necessarily the work of a sophisticated operation.
Despite the “I don’t know how big the ‘pipes’ of .cn are, but it is not necessarily correct to infer that the attacker in this case had a significant amount of technical sophistication or resources,” Prince said, adding, “It may have well have been a single individual.”
The Chinese Ministry of Industry and Information Technology, which oversees the CNNIC, said in the same notice that it has launched “specific contingency plans” to protect national domain name resolution services. A CNNIC spokesman said only that it will be sharing more details about the attacks as officials know more.
Perhaps because they’re a convenient attack vector requiring little specialized expertise, DDoS attacks are increasing in scope to inlcude bigger targets and more packets. During Q1 2013, the average DDoS attack bandwidth totaled 48.25 Gbps, a 718% increase over the previous quarter – and the average packet-per-second rate reached 32.4 million.
These startling figures come from the latest quarterly Global DDoS Attack Report from Prolexic. “It’s quite possible,” noted the report, “that this will be seen as a landmark quarter for distributed denial of service (DDoS) attacks. Never before have attacks been this formidable.”
In fact, it’s not the overall number of attacks that has increased (up, but not dramatically from the previous quarter’s high), it is the intensity of the attacks that has changed.
“It’s a classic change up,” said Stuart Scholly, president at Prolexic. “Nearly everyone has been focused on bandwidth and gigabits per second, but it’s the packet rate that’s causing the most damage and presenting the biggest challenge. These packet rates are above the thresholds of all but the most expensive routers and line cards and we are seeing networks buckle as a result.”
A side-effect is collateral damage.
“Because DDoS attackers are targeting ISP and carrier router infrastructures, overwhelming them with huge packet-per-second floods, your site could go down as collateral damage when a router fails. Even worse, your service provider may blackhole or null route your traffic to save its own network,” warned Prolexic.