---

It’s Confirmed: Denial Of Service Hits Microsoft

By the seattle.internet.com team

After recent Microsoft outages were blamed on what company
officials are saying was a “mistaken configuration,” a statement
just issued by Microsoft acknowledges that yesterday’s outages were
the result of a denial of service attack against the routers that
direct traffic to the company’s Web sites.

As a result of yesterday’s attack, access to some of the
Microsoft Internet properties, including Microsoft.com and MSN.com,
was intermittent for many customers throughout the morning.

A Denial of Service attack paralyzes network and Web site
operations by flooding them with useless traffic, blocking customer
access, and can even cause entire networks to crash. Yesterday’s
attack was an attempt to interfere with the routers in one of
Microsoft’s Internet data centers. While Microsoft’s servers were
running normally throughout the event, the attack prevented access
to some of the company’s Web sites.

While officials at Microsoft still assert that yesterday’s issue
was completely separate from the previous outage, there are some
who question whether the separate incidences are in fact
related.

“I don’t find it plausible that (the two outages) were
completely separate, given that the symptoms appear to be the
same,” says Ric Steinberger, technical director of Seattle-based
SecurityPortal. “It’s hard to believe that one thing went bad on
Tuesday and Wednesday, and a completely different thing, a
denial-of-service attack, happens today.”

According to Steinberger, there were steps that Microsoft could
have taken to improve their chances against this kind of
attack.

“It’s fair to say that they should have been a bit more robust
then they were in fighting this off,” says Steinberger. “Microsoft
made themselves particularly vulnerable in this case, by apparently
placing all their domain name servers very close together, either
topologically, physically, or both.”

According to the statement released by Microsoft late yesterday
afternoon, the company has made the FBI aware of this situation,
and has taken immediate steps to ensure customers can gain access
to its Web sites. The company also assured customers that they will
be taking more steps in the days and weeks ahead to further protect
the sites from additional disturbances.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis