dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


UPDATE: Break-In Cripples Microsoft Site, Not DNS Problems

Jan 24, 2001, 19:45 (26 Talkback[s])
(Other stories by Jim Wagner)

WEBINAR:
On-Demand

Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers


By Jim Wagner

Wednesday morning's domain name server problems at Microsoft Corp. might just well be the result of crackers (the hacker community's term for malicious hackers), despite the company's claim it was an internal data center problem.

In what looks like a Denial of Service attack, Microsoft technicians are trying to correct problems with its four domain name servers, which respond only sporadically to DNS queries. Hardware problems could be the reason, but indicators are pointing to a break in.

Magnus Bodin, a network developer at Internet consultancy company Framfab in Sweden, noted that all four Microsoft DNS servers were located under one network segment and one IP subnet (207.46.138.xx), making it easy for infiltrators to compromise.

"It makes it easier because you just have to attack one single subnet, that's the reason I first suspected the server was attacked," Bodin said. "If you're hosting a lot of domains, and you have delegated those domains to separate servers, they should always be on separate subnets. No one real professional DNS host would do (what Microsoft did), and that's a fact."

Reports have also been coming in from readers who noted entries in Microsoft's whois record at Internic contained entries littered with "graffitti," like "MICROSOFT.COM.INSPIRES.COPYCAT.WANNABE.SUBSERSIVES.NET"

This, despite Microsoft's claim that the problems were due to internal problems at its data center.

"Right now we're having a problem with our DNS server," Adam Sohn, Microsoft spokesperson said Wednesday morning. "Our sites are up and running, but they can't connect because of the name server. We expect to have it back to normal soon."

Microsoft-owned properties, including MSNBC.com, Encarta.com, Zone.com and Hotmail.com, were put out of commission Tuesday night and only recently have started to come back online, in fits and starts.

As of press time, Encarta.com, Hotmail.com and MSNBC.com are up and running, but other Microsoft sites continue to have problems.

Earlier this morning, www.microsoft.co.uk had a message on its Web page apologizing for the disruption in service to its Web site, saying all Microsoft sites would be back in business as soon as possible.

This is the software giant's second DNS issue in less than a week. Saturday, users were unable to access the company's MSN sites was for more than 12 hours due to an error-filled DNS table published by the domain registrar, MyDomain.com.

Richard Lau, MyDomain.com president, said the problem was human error.

"Our situation revealed a massive flaw in some DNS resolution server software being used by some ISPs," Lau said. "At first we thought it was a Denial of Service attack but then learned that some DNS resolution software used by other ISPs has bugs that cause it to ask our non-authoritative name servers what are the IP addresses for these domains, which we are not listed as authoritative for."

Microsoft's problems this week are sure to be the subject of its next meeting at the Information Technology Information Sharing and Analysis Center, a joint effort between Microsoft and 18 other industry heavyweights.

Companies like AT&T, Hewlett-Packard Co., Symantec Corp. and Oracle Corp. banded together to share information on the security threats that threaten its networks.

Microsoft is building a reputation as a leaky network. On late October, 2000, crackers were able to access top-secret source code files using the QAZ trojan. The virus, when opened by an unsuspecting user, replaces the Windows Notepad with a copy of its own and opens a "back door" to computer. And earlier this week, Microsoft's New Zealand site was cracked.

Related Stories: