China tightly controls access to a number of websites, using its Golden Shield Project, known colloquially as the Great Firewall of China. The issue was reported Wednesday by Mauricio Ereche, a DNS admin with NIC Chile, who found that an unnamed local ISP reported that DNS queries for sites such as Facebook.com, Twitter.com and YouTube.com, all of which have been blocked in China for months, were being redirected to bogus addresses.
It is not known how widespread the problem is, but Ereche reported receiving the bogus information from three network access points in Chile, and one in California [DNS-OARC]. By Thursday he said that the problem was no longer occurring . "The traces show us that we're not hitting the server in China," he wrote in a discussion group post. This issue occurred because, for some reason, at least one outside ISP directed DNS requests to a root server based in China, networking experts say. This is something that service providers outside of China should not do because it allows China's censored network to "leak" outside of the country.
Researchers have long known that China has changed DNS routing information to redirect users of censored services to government-run servers instead of sites such as Facebook and Twitter. But this is the first public disclosure that those routes have leaked outside of China, according to Rodney Joffe, a senior technologist with DNS services company Neustar. "All of a sudden, the consequences are that people outside China may be subverted or redirected to servers inside China," he said.
By using a China-based root server, ISPs are essentially giving China a way to control all of their users' traffic over the network. That could mean big security problems for people whose network accepted the leaked routes, Joffe said. The ISP that used the bad routes probably misconfigured its BGP [Border Gateway Protocol] system, used to route information on the Internet, according to Danny McPherson, chief security officer with Arbor Networks. "I don't think it was done intentionally, " he said. "This is an example of how easy it is for this information to be contaminated or corrupted or leaked out beyond the boundaries of what it was supposed to be."
In February 2008, BGP information from Pakistan, which had just blocked YouTube, was shared internationally, effectively knocking Google's video site offline for millions of users [Renesys]. In an e-mail message, Netnod CEO Kurt Erik Lindqvist said his company is not hosting the bad routes on its server. They were most likely changed by machines somewhere on the Chinese network, McPherson said.
The incident shows that BGP remains a major weak link in the Internet, Joffe said. "It's really disconcerting form a security point of view and from a privacy point of view." This is the first time that this type of behaviour has been made public, but it has apparently been going on for some time. In a discussion group post on Wednesday, Nominet Researcher Roy Arends said that he has been studying this issue for a year. Arends has compiled a list of 20 domain names that will trigger the kind of bad results, reported by Ereche. Arends is keeping the names of those domains secret, but he did publish some of his data in his discussion post. "I wanted to keep this internal, however, the cat is out of the bag now," Arends wrote [goodgearguide / Slashdot].
On Thursday YouTube crashed in many countries around the world apparently due to a technical problem. In a statement Google said, "YouTube is up again following a technical issue which has now been resolved. We know how important YouTube is for people and apologize for any inconvenience the downtime may have caused."
However it wasn't the only site which crashed this week. On Wednesday Wikipedia went offline for several hours due to cooling problems with its servers according to a statement posted in the company's blog. "Due to an overheating problem in our European data centre many of our servers turned off to protect themselves," it said. Wikipedia's "failover switch", whereby traffic is diverted to another data centre, then broke, meaning users were unable to reach the site [FT].
Although there was no indication that YouTube's outage was caused by Chinese hackers, many will be suspicious of the timing of these recent outages and redirects. Attacks on Google's systems, believed to have originated in China, have been partly behind the company's decision to move it's search engine to Hong Kong earlier this week. Many feared that the move could prompt reprisals from Chinese officials, who denounced the decision as "totally wrong".
tvnewswatch, Beijing, China
No comments:
Post a Comment