News

For Microsoft and Users, Questions Remain

• By Scott Bekker
• January 26, 2001

In addition to the mystery still surrounding the blackout, yesterday Microsoft Corp. issued a release on its Web site that the site was hit with a denial of service (DoS) attack which targeted the routers that direct traffic to the company’s Web sites. While Microsoft denies that the DoS attack had anything to do with the site blackouts, the possibility that the two incidents are at least marginally connected remains. Microsoft’s main site, Microsoft.com, is running today, albeit extremely slowly.

According to Russ Cooper of the watchdog Web site NTBugtraq.com, the DoS attack was targeted at a single router that gave access to all of Microsoft’s DNS servers. While “it’s hard to believe that right after working 24 hours on a DNS outage” Microsoft sites would be brought down by a similar problem, Cooper says it’s likely that a hacker could have gained access and perpetrated the attack unnoticed during the DNS outages and not begun the hack until after the initial outages were remedied.

Cooper points to Microsoft’s relationship with Akamai Technologies Inc. as a key to unraveling what exactly went on. He suggests that there be “more scrutiny on the Akamai-Microsoft relationship”, because Microsoft has hired Akamai to host its DNS servers. That, says Cooper, is one explanation as to why Microsoft thought the DNS problem was fixed on Thursday morning while Microsoft’s sites were actually still unavailable.

Sam Yee, senior software engineer at Incognito Software Inc., agrees that the blackouts were the result of a routing problem, rather than a specific application problem. He points out that DNS servers are one of the key points that hackers will attempt to exploit.

Several questions still remain unanswered. Chief among these is the concern that in the wake of the site outages, Microsoft will fail to live up to its new ad campaign’s billing as “Software for the Agile Business.”

Microsoft, predictably, was tight-lipped regarding this concern. “This is a one-time mistake, we stand by the products and services, customers are reasonable and will know what happened and understand,” said a Microsoft spokesman.

The fact is, however, that not many in the IT community do understand what happened. Cooper, for one, poses the obvious question back to Microsoft: “How is the Internet based on such a fragile protocol that can so easily wreak havoc?” Confidence in Microsoft’s abilities to manage its .NET strategy will almost certainly be shaken after the events of this week.

“Imagine … when doctors are giving you prescriptions over the Net, and at the drugstore they can’t access the Microsoft Web site” to fill the prescription, said Cooper by way of example.

Incognito's Yee, also, points to the inherent fragility of DNS as a fundamental problem in preventing future site blackouts. The situation "brings to light how critical a robust DNS server is," says Yee.

Cooper says that Microsoft may have “spoken too quickly in explaining the problem” and by withholding most information about the outages, has done everyone in the industry “a great disservice.”

As for the question of Microsoft’s DNS servers all being on the same network, the Microsoft spokesman was similarly mum. A similarly vague answer was given by the spokesman to the question of how much revenue Microsoft lost due to the blackouts.

Yee posits that the problem arose because Microsoft had its servers all on one network, effecting a single-point failure. Had its servers been distributed across the network, Yee theorizes, a total site blackout would have been less likely simply due to the distribution of DNS servers.

Finally, as to the employment status of the initial technician responsible for the blackout, Microsoft refused to comment.

Cooper suggests that because no one can seem to come up with a satisfactory explanation for what happened to Microsoft’s DNS servers this week, we may be facing a new or at least previously unseen form or service disruption.

Yee finds some positives in this week's blackouts, namely that they demonstrate the importance of robust DNS servers and careful management of them. – Isaac Slepner