Slashdot Mirror

← Back to Stories (view on slashdot.org)

China's Great Firewall Infects Other Countries

Posted by Soulskill on from the trial-run-successful dept.

angry tapir writes "A networking error has caused computers in Chile and the US to come under the control of the Great Firewall of China, redirecting Facebook, Twitter, and YouTube users to Chinese servers. Security experts are not sure exactly how this happened, but it appears that at least one ISP recently began fetching high-level DNS information, from what's known as a root DNS server, based in China. That server, operated out of China by Swedish service provider Netnod, returned DNS information intended for Chinese users, effectively spreading China's network censorship overseas."

4 of 178 comments (clear)

  1. Nice headline by oldhack · · Score: 5, Informative

    The headlines now tell you absolutely nothing about the actual stories.

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  2. Re:Uh Huh by sopssa · · Score: 4, Informative

    Can't say that I'm surprised that it did happen.

    Especially now when Google has decided to pull out. And China does have an urge to control any information that they don't like. Which would be the majority of the internet.

    And still this has nothing to do with the Chinese government. It's the ISP's fault that erroneously configured their servers to use the Chinese root DNS server.

  3. Re:Misleading by Anonymous Coward · · Score: 4, Informative

    It's more than that. According to the post at https://lists.dns-oarc.net/pipermail/dns-operations/2010-March/005266.html someone is actively spoofing DNS replies to DNS request packets bound for entire class A and B net ranges.

  4. Re:Net views censorship as damage by FliesLikeABrick · · Score: 4, Informative

    As far as I know, NetNod was not operating this i-root instance that was returning the censored answers.

    I was following along with this on the dns-operations mailing list. This pertained to i-root in Asia, and various i-root node operators said "this is not our box". It was a rogue root server (whether installed by the Chinese government or an ISP guided by the government's hand) (as far as netnod/i-root is concerned) announcing the anycast block used by i-root. In doing so they basically advertised themselves as a root node for i-root and it doesn't seem like this was Netnod-affiliated at all. The summary (I didn't re-read the article to see if that said the same) implies that netnod was running this intentionally and serving up Chinese-censored results for affected sites. All this would take is a person with the ability to have their upstreams accept BGP announcements for the anycast block for i-root and run the server. Then any requests to i-root that are topologically "close" will start using this node.

    Before anyone continually says that an ISP must have intentionally configured their servers to use this root, they should read up on IP anycasting and read the thread on the dns-operations mailing list instead of these 2nd/3rd/4th-hand summaries that are beginning to skew the facts.

    https://lists.dns-oarc.net/pipermail/dns-operations/2010-March/005260.html