By Jim Wagner
Wednesday morning’s domain name server problems at Microsoft
Corp. might just well be the result of crackers (the hacker
community’s term for malicious hackers), despite the company’s
claim it was an internal data center problem.
In what looks like a Denial of Service attack, Microsoft
technicians are trying to correct problems with its four domain
name servers, which respond only sporadically to DNS queries.
Hardware problems could be the reason, but indicators are pointing
to a break in.
Magnus Bodin, a network developer at Internet consultancy
company Framfab in Sweden, noted that all four Microsoft DNS
servers were located under one network segment and one IP subnet
(207.46.138.xx), making it easy for infiltrators to compromise.
“It makes it easier because you just have to attack one single
subnet, that’s the reason I first suspected the server was
attacked,” Bodin said. “If you’re hosting a lot of domains, and you
have delegated those domains to separate servers, they should
always be on separate subnets. No one real professional DNS host
would do (what Microsoft did), and that’s a fact.”
Reports have also been coming in from readers who noted entries
in Microsoft’s whois record at Internic contained entries littered
with “graffitti,” like
“MICROSOFT.COM.INSPIRES.COPYCAT.WANNABE.SUBSERSIVES.NET”
This, despite Microsoft’s claim that the problems were due to
internal problems at its data center.
“Right now we’re having a problem with our DNS server,” Adam
Sohn, Microsoft spokesperson said Wednesday morning. “Our sites are
up and running, but they can’t connect because of the name server.
We expect to have it back to normal soon.”
Microsoft-owned properties, including MSNBC.com, Encarta.com,
Zone.com and Hotmail.com, were put out of commission Tuesday night
and only recently have started to come back online, in fits and
starts.
As of press time, Encarta.com, Hotmail.com and MSNBC.com are up
and running, but other Microsoft sites continue to have
problems.
Earlier this morning, www.microsoft.co.uk had a message on its
Web page apologizing for the disruption in service to its Web site,
saying all Microsoft sites would be back in business as soon as
possible.
This is the software giant’s second DNS issue in less than a
week. Saturday, users were unable to access the company’s MSN sites
was for more than 12 hours due to an error-filled
DNS table published by the domain registrar, MyDomain.com.
Richard Lau, MyDomain.com president, said the problem was human
error.
“Our situation revealed a massive flaw in some DNS resolution
server software being used by some ISPs,” Lau said. “At first we
thought it was a Denial of Service attack but then learned that
some DNS resolution software used by other ISPs has bugs that cause
it to ask our non-authoritative name servers what are the IP
addresses for these domains, which we are not listed as
authoritative for.”
Microsoft’s problems this week are sure to be the subject of its
next meeting at the Information Technology Information Sharing and
Analysis Center, a joint
effort between Microsoft and 18 other industry
heavyweights.
Companies like AT&T, Hewlett-Packard Co., Symantec Corp. and
Oracle Corp. banded together to share information on the security
threats that threaten its networks.
Microsoft is building a reputation as a leaky network. On late
October, 2000, crackers were able to access
top-secret source code files using the QAZ trojan. The virus,
when opened by an unsuspecting user, replaces the Windows Notepad
with a copy of its own and opens a “back door” to computer. And
earlier this week, Microsoft’s New Zealand site was cracked.