What happens when most of China visits your website? It dies a horrible death

Chief engineer of small software firm in Greensboro North Carolina woke up to find his company was receiving 13,000 requests a second

What happens if a significant proportion of all the web traffic in China gets directed to one server? Perhaps unsurprisingly, the answer is "that server dies a rapid death"

Craig Hockenberry, the senior software engineer for developers Iconfactory, in the small university town of Greensboro, North Carolina, learned that the hard way. On Tuesday, he woke up to discover that the main server for his company was receiving around 13,000 requests per second, "about a third of Google's global search traffic" - and all the traffic was coming from IP addresses located in China

"There was also a lot of requests that looked like they were intended for CDNs, YouTube, Facebook, Twitter and other places that were not the Iconfactory," Hockenberry said. "Clearly there was some kind problem with traffic being routed to the wrong place. The most likely candidate would, of course, be DNS."

DNS(Domain Name System) is the system which translates web addresses, such as google.com, into an IP address, such as 74.125.224.72/. A network requires the latter to actually access a website, but if the look-up system gets confused, it can give the wrong IP address - which appears to be what happened in the Iconfactory's case. Except that rather than one DNS server messing up, it was the server for the whole of China

Hockenberry reports that in the end, he was forced to block all traffic coming from China in order to keep this site up and running. "I'm a big believer in the power of an open and freely accessible internet: I don't take blocking traffic from innocent people lightly. But in this case, it's the only thing that worked

If you get a DDOS like what I've described above, this should be the first thing you do."

He believe his site isn't the only one to be hit. "Other site owners are seeing similar behaviour starting in early January. I took some comfort in knowing that we weren't alone... But at the end of the day, every machine in China has the potential be a part of a massive DDOS attack on innocent sites. As my colleague Sean quipped, "They have weaponised their entire population"

From the point of view of a Chinese netizen, the DNS error which took down the Iconfactory's server was an hours-long outage. The Register reports that a similar error left users "unable to visit websites or use social media and instant messaging services as a result"

Many experts see the DNS infrastructure as a vital weak point of the internet. The EFF warns that "when it is compromised or censored, users will have difficulty accessing certain sites and domains, unless, in some instances, they can use alternate DNS servers and proxies"

In early 2014, Facebook's URL was taken over by the Syrian Electronic Army after they attacked the DNS servers and redirected lookups to their own address

redirected lookups to their own address

was taken over by the Syrian Electronic Army

they can use alternate DNS servers

in some instances

when it is compromised

warns that when it is compromised or censored, users will have difficulty accessing certain sites and domains

as a vital weak point of the internet

instant messaging services

took down the Icoinfactory's server was an hours-long outage

from the point of view of a Chinese netizen

as my colleague Sean quipped, "They have weaponised their entire population"

has the potential be a part of a massive DDOS attack on innocent sites

took some confort in knowing that we weren't alone

are seeing similar behaviour starting in early January

isn't the only one to be hit

is the only thing that worked

don't take blocking traffic from innocent people lightly

am a big believer in the power of an open and freely accessible internet

was forced to block all traffic coming from China in order to keep this site up and running

reports that in the end

the server for the whole of China

messing up

except that rather than one DNS server messing up

appears to be what happened in the Iconfactory's case

if the look-up system gets confused

requires the latter to actually access a website

is the system which translates web addresses

the most likely candidate would, of course, be DNS

with traffic being routed to the wrong place

were intended for CDNs

was also a lot of requests

fromn IP addresses located in China

was receiving around 13,000 requests per second

learned that the hard way

the senior software engineer

perhaps unsurprisingly, the answer is "that server dies a rapid death"

gets directed to one server

what happens if a significant proportion of all the web traffic in China gets directed to one server?

woke up to find his company was receiving 13,000 requests a second

dies a horrible death