DDoS, Baidu, and China’s Great Cannon

Recently the New York Times announced that CloudFlare has partnered with Internet search giant Baidu in China, Google’s eerily similar competitor, to deliver Yunjiasu, a CloudFlare-like service in China. The service is aimed at speeding up Internet connectivity and providing some level security services for its customers, including limited DDoS mitigation. It will likely operate similar to CloudFlare itself, with the exception of falling within the jurisdiction of the Chinese government and therefore Chinese censorship and draconian Internet laws. The New York Times considers this as possibly a “new model for American tech firms that are considering doing business in the delicate areas of China’s tech industry.”

China and Its Internet

There are many countries that provide some level of censorship and control over their population, especially with regards to the Internet. China, however, stands fairly unique in the world in this regard. It has managed to shield the entire country – all 1.35Bn people from what it deems as inappropriate or subversive to the current political regime. This is by no means a trivial matter. The sheer volume of data that passes in and out of China is immense. They’ve managed to control this flow with a comprehensive firewall known as the Great Firewall. This is a defensive system.

The Great Cannon

With this complex control of comes the opportunity for preemptive defensive measures. Recently it was discovered that the Great Firewall was turned into the Great Cannon, with the aid of Baidu. If there was ever doubt that the Chinese government was in bed with major Chinese firms, this story should put those doubts to rest. The Chinese government felt content being hosted in GitHub outside the country was inappropriate and therefore they had the sovereign right to take down GitHub. They did by DNS poisoning a portion of Baidu’s visitors into visiting GitHub, in effect causing a DDoS attack on the code repository service.

The Deal

In this deal, CloudFlare will theoretically provide technology to Baidu that it lacks. Let’s take a step back and really think this through. Couldn’t Baidu throw up NginX with some WAF modules to provide security and on-premises caching to replicate much of what CloudFlare does? There are free software packages like OpenResty and FreeWAF that make this process even simpler. They already have a significant hardware and network presence throughout the country so they could do this with little to no technical difficulty. They certainly have the financial backing to erect a project like this.

For CloudFlare, this is obvious. They have the opportunity to partner with a major player in China and continue their relentless and amazing marketing campaign to put CloudFlare front and center in the news. Even if they don’t earn much revenue from this or really provide any level of notable security, it’s a huge business win.

It’s also curious how much security CloudFlare can actually provide to customers hosted in China. The majority of the security will likely be from other users in China as the government controls the ingress and egress points into and out of the country. Since CloudFlare’s system relies heavily on a reputation engine, that means that its security system will rely on honeypots hosted internally in the country. Another interesting point of concern is whether CloudFlare’s newly deployed systems will be used by the Great Cannon to launch attacks against American companies. Will CloudFlare then target those companies to sell them security? It’s certainly a slippery slope that we may see play out in the news in the next few years.


International partnerships, even if they seem problematic immediately (and this certainly has a great deal of questions surrounding it), generally end up benefiting the community. They allow the hopefully free exchange of knowledge and information, allowing both countries, companies, and people to learn and grow from each other. China has generally been blocked off. Perhaps this is a first step in the Asian superpower’s stride towards a more open and free internet.

Leave a Reply

Your email address will not be published. Required fields are marked *