Information Security News mailing list archives
New attacks block access to Microsoft sites
From: InfoSec News <isn () C4I ORG>
Date: Sun, 28 Jan 2001 20:25:18 -0600
http://news.cnet.com/news/0-1003-201-4615691-0.html?tag=mn_hd By Robert Lemos Special to CNET News.com January 26, 2001, 11:25 p.m. PT Update: For the fourth consecutive day, technical problems hindered access to Microsoft's vast network of Web sites and services. Microsoft acknowledged late Friday that another round of attacks had briefly blocked access to the software giant's Web sites. The outage followed a similar attack Thursday and a technical glitch that made its sites inaccessible for a nearly 24-hour period on Tuesday and Wednesday. Friday's attack "was similar to Thursday's attack, in which someone attempted to block legitimate access to our Web properties by flooding our network routers with large volumes of bogus requests," the company said in a statement. "Unfortunately, as we have learned over the last few days, we did not apply sufficient self-defense techniques to our use of some third-party products at the front-end of parts of our core network infrastructure," the statement continued, without naming the products. Friday's problems came less than 24 hours after the company said it stopped a denial-of-service attack on its systems that slowed traffic to a crawl for more than two hours on Thursday. That attack followed an outage that began Tuesday night and lasted nearly a day, which Microsoft blamed on a mistake by its own technicians. The outages came as Microsoft is trying to bolster its reputation among corporate customers. The company launched a $200 million advertising campaign Monday touting its business software in competition with Oracle, IBM and Sun Microsystems. The theme for the ads is "software for the agile business." Ironically, the technical error that caused the first outage may have exposed a weakness that was exploited in the Thursday and Friday attacks. The original problem was caused by a lack of access to the company's DNS (domain name service) servers, the computers responsible for translating domain names such as Microsoft.com into numerical addresses that are understood by computers. According to Paul Robertson, director of risk assessment for security service provider TruSecure, Microsoft or its network provider failed to create backup systems for distributing the DNS information across the Internet. Instead, all its servers seemingly shared the same physical network--a security flaw waiting to be exploited, he said. "It is a poor design choice to not hand out server addresses on different network blocks." The exposure and publicity about the flaw on Wednesday may have tempted hackers to attack the weakness on Thursday and Friday, he said. Microsoft declined to comment on its network design for this article. CNET News.com received several e-mails from readers Friday morning noting that access to Microsoft's sites was sporadic. The company's sites, which collectively rank as the third most-visited destinations on the Web, include MSN.com, Hotmail.com, Microsoft.com, Expedia.com, Carpoint.com and Encarta.com. A denial-of-service attack overloads a site's servers with a flood of data, effectively blocking surfers from accessing the site. Thursday's DoS attack was aimed not at the servers, but at the hardware switches that route data to the Web sites. Because these so-called routers were flooded, legitimate requests for Web pages were not able to be processed by Microsoft's servers. The Seattle office of the FBI confirmed to CNET News.com that it is investigating Thursday's. Earlier Friday, CNN.com had traffic stalled by unknown network problems. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- New attacks block access to Microsoft sites InfoSec News (Jan 29)