1/3 of entire internet search traffic directed to single server in error

26 Jan 2015

A small software firm in North Carolina, USA, found itself the focus of more than one-third of the internet’s search traffic – with almost 13,000 requests per second – after a supposed glitch in China’s networks.

Running a small, four-core CPU with one IP address, software engineer at Iconfactory, Craig Hockenberry,  found himself dealing with a task that, according to his blog post about the incident, left him only capable of saying, “holy s**t”.

As he attempted to process how this could have possibly occurred, the raw information about the obvious error appeared to show that at its peak, the server was attempting to process 52mbps-worth of requests which is over 100 times more stressful on a CPU than what would usually be considered a strain on such a server.

By Hockenberry’s calculations, if each request equated to 500bytes, then this would be as many as 13,000 requests a second, which would equal the same amount of traffic as one-third of Google’s entire search traffic at any given time.

Further investigation into the bizarre error appeared to show that the culprit was the domain name system (DNS) for the whole of China which failed to look up the correct IP address when trying to connect to websites including Twitter Facebook and YouTube.

Creating the second ‘firewall of China’

In the end, Hockenberry decided to only recourse was to create his own ‘firewall of China’ at China’s own expense and block the country from accessing the server.

“I’m a big believer in the power of an open and freely accessible Internet: I don’t take blocking traffic from innocent people lightly,” he said of his decision. “But in this case, it’s the only thing that worked. If you get a DDOS [denial of service attack] like what I’ve described above, this should be the first thing you do.”

Moe worryingly for sites in the US, he believes that their server is not alone in experiencing such issues and that China’s web traffic might be being used as a weapon of cyber-warfare.

“I took some comfort in knowing that we weren’t alone on the 20th. But at the end of the day, every machine in China has the potential be a part of a massive DDOS attack on innocent sites. As my colleague Sean quipped, ‘They have weaponised their entire population.’”

Burning hard drive image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com