To control its citizens’ access to the Internet, China uses the “Great Firewall of China” to block DNS requests passing through the nation’s closely monitored gateways to the outside world. Those DNS requests used to be sent to fake IP addresses. Now, some go to real IP addresses — with disastrous consequences.
[Craig] Hockenberry was only the latest unfortunate site administrator to experience an ugly side effect of the Great Firewall, known as DNS poisoning. A brief explainer: When you type a URL into your web browser, it is converted into a numeric IP address by a domain name server (DNS). Often these are run by internet service providers or companies like Google, but in China they are run by the government—specifically the Ministry of State Security, which is responsible for operating the Great Firewall (often referred to as the GFW).
When a Chinese internet user attempts to visit a banned site such as Facebook, Google, or Twitter, the GFW reroutes the request. For a long time it sent users to non-existent IP addresses, but lately, for reasons unknown, it has been sending them to seemingly random sites like Iconfactory, which are quickly debilitated by the massive inflow of data.
The surge to Hockenberry’s site on Jan. 20 preceded a major internet disruption in China on Jan. 21 that was conclusively caused by GWF DNS poisoning, according to greatfire.org, a group that fights Chinese internet censorship. Much of the internet was inaccessible to Chinese users for several hours as most of the country’s web requests—equivalent to hundreds of thousands per second—were redirected to a single IP address, used by Dynamic Internet Technology, a small US company that helps users circumvent the GFW. The company’s president speculated that DNS rerouting was not an intentional attack on his company, but rather the result of human error.
So, in other words, the Great Firewall can instigate, whether by accident or design, a Dedicated Denial of Service (DDOS) attack on an outside IP address.