Attack knocks out
Microsoft Web sites
By Robert
Lemos
Special to CNET News.com
January 25, 2001, 5:25 p.m. PT
update Network
attackers overwhelmed Microsoft's connection to the Internet on Thursday,
causing traffic to the company's major Web sites to slow to a crawl.
"During the morning of
Jan. 25, Microsoft was the target of a denial-of-service attack against the
routers that direct traffic to the company's Web sites," Microsoft said in
a statement late Thursday afternoon. "As a result, access to some of the
Microsoft Internet properties, including Microsoft.com and MSN.com, was
intermittent for many customers throughout this morning."
The company emphasized that
Thursday's attack, which began in the morning and extended into the afternoon,
was not related to the technical glitch that crippled its sites late Tuesday and
most of Wednesday.
Microsoft said it has asked
the FBI to investigate and that the company's Web sites were fully functioning
late Thursday.
The timing and duration of
the embarrassing outage came as Microsoft--which operates the third most-visited
sites on the Web--is trying to bolster its reputation among corporate customers.
The company launched a $200 million advertising campaign Monday touting its
business software in competition with Oracle, IBM and Sun Microsystems. The
theme for the ads is "software for the agile business."
A denial-of-service attack
overloads a site's servers with a flood of data, effectively blocking surfers
from accessing the site. In this case, the attack was aimed not at the servers,
but at the hardware switches that route data to the Web sites, Microsoft said.
After hackers flooded these so-called routers, legitimate requests for Web pages
could not be processed by Microsoft's servers.
According to networking
consultancy Keynote Systems, at the height of the attack, as little as 2 percent
of the requests for Microsoft Web pages were being completed Thursday. Normally,
sites are able to fulfill 97 percent of all page requests, said Keynote
representatives.
"For about two hours,
the attack was a hundred percent successful," said Eric Siegel, senior
Internet consultant for Keynote.
Siegel noted that a flaw in
Microsoft's network design--which was highlighted by Tuesday's and Wednesday's
outages--may have given the attackers the idea to flood Microsoft's key routers.
The flaw: The Redmond, Wash., company connected its key DNS (domain name
service) servers to a single switch that acted as the spigot for data going to
the Internet.
DNS servers act as phone
books for the Internet, linking Web sites names, such as Microsoft.com and
Yahoo.com, to the numerical computer addresses that locate the proper server on
the network.
"If Microsoft is using
a single router as the entrance to a series of DNS servers and you take down
that router, then the attack would be very successful," Siegel said.
Essentially, Microsoft's Web sites would virtually disappear from the Internet.
Which is precisely what
happened, according to the software giant.
Thursday's attack comes
almost exactly one year after massive distributed denial-of-service (DDoS)
attacks slowed, and in some cases halted, access to eight major Web sites,
including Yahoo, eBay and CNN.com. DDoS attacks are denial-of-service attacks
that use hundreds of servers to attack a single target, which makes finding the
source of the attack much more difficult.
Canadian and United States
law-enforcement officials are prosecuting a Canadian teenager--who allegedly
used the handle "Mafiaboy"--as the culprit in the attacks last
Feburary.
Such attacks are fairly
common but rarely so damaging, said Elias Levy, chief technology officer for
security Web site SecurityFocus.com.
"They tend to occur
nowhere near the magnitude of taking down Microsoft," he said. "But
they do happen quite often to individual Web sites--more often than most people
know."
Microsoft's network of Web
properties ranks as the third most-visited destination on the Internet.
According to Net research company Jupiter Media Metrix, Microsoft Web sites drew
54 million unique visitors in December, trailing only America Online's 61
million and Yahoo's 55 million.
No suspects have been named
in the current investigation. FBI officials in Washington, D.C., and San
Francisco could not be reached for comment late Thursday.
|