Linux Today: Linux News On Internet Time.

It's Confirmed: Denial Of Service Hits Microsoft

Jan 26, 2001, 16:41 (22 Talkback[s])
(Other stories by seattle.internet.com Team)

By the seattle.internet.com team

After recent Microsoft outages were blamed on what company officials are saying was a "mistaken configuration," a statement just issued by Microsoft acknowledges that yesterday's outages were the result of a denial of service attack against the routers that direct traffic to the company's Web sites.

As a result of yesterday's attack, access to some of the Microsoft Internet properties, including Microsoft.com and MSN.com, was intermittent for many customers throughout the morning.

A Denial of Service attack paralyzes network and Web site operations by flooding them with useless traffic, blocking customer access, and can even cause entire networks to crash. Yesterday's attack was an attempt to interfere with the routers in one of Microsoft's Internet data centers. While Microsoft's servers were running normally throughout the event, the attack prevented access to some of the company's Web sites.

While officials at Microsoft still assert that yesterday's issue was completely separate from the previous outage, there are some who question whether the separate incidences are in fact related.

"I don't find it plausible that (the two outages) were completely separate, given that the symptoms appear to be the same," says Ric Steinberger, technical director of Seattle-based SecurityPortal. "It's hard to believe that one thing went bad on Tuesday and Wednesday, and a completely different thing, a denial-of-service attack, happens today."

According to Steinberger, there were steps that Microsoft could have taken to improve their chances against this kind of attack.

"It's fair to say that they should have been a bit more robust then they were in fighting this off," says Steinberger. "Microsoft made themselves particularly vulnerable in this case, by apparently placing all their domain name servers very close together, either topologically, physically, or both."

According to the statement released by Microsoft late yesterday afternoon, the company has made the FBI aware of this situation, and has taken immediate steps to ensure customers can gain access to its Web sites. The company also assured customers that they will be taking more steps in the days and weeks ahead to further protect the sites from additional disturbances.

Related Stories: