Catching Wind in a Net: The Effects of the CrowdStrike Outage on Internet Traffic

On July 19th, 2024, CrowdStrike rolled out a faulty update for their endpoint protection software, reportedly affecting over eight million Windows devices. The effects were diverse and global. Most notably, workplace infrastructure was disrupted and multiple airlines grounded their airplanes. The outage exhibited unique characteristics, affecting seemingly unrelated services all over the world, while the network continued to work as expected. Considering the widespread effect on IT systems, the outage should have effects on Internet traffic. However, it is not clear how these effects have substantiated. Indeed, the effects of large service outages on global traffic patterns have not been systematically studied. In this paper, we use data from four European ISPs and one IXP to study the effects of the CrowdStrike incident on Internet traffic. Despite the scale of the outage, we find that aggregate network-level metrics fail to capture the outage effectively. However, by correlating DNS traces with flow data, we show considerable effects on the application layer, including secondary effects, such as airline customers checking for flight cancellations. We find that, despite the large scale of the outage, effects on global Internet traffic were geographically and temporally bounded and quickly remediated. Furthermore, our analysis shows that application-level monitoring can be a valuable tool to better understand service-level outages.