Yahoo Outage Was an Attack?

[William Knowles <wk () C4I ORG>]

http://www.wired.com/news/business/0,1367,34178,00.html

Routers Blamed for Yahoo Outage
by Joanna Glasner and Declan McCullagh

5:00 p.m. 7.Feb.2000 PST
Most of the Yahoo network was unreachable for three hours on Monday as
the company weathered what it described as a widespread malicious
attack on its Web sites.

Attackers reportedly laid siege to the Internet's second most popular
destination at about 10:30 a.m. PST, snarling Yahoo's internal network
and denying millions of visitors access to mail, schedules, and the
directory service.

An engineer at another company that receives Internet access from the
same provider, Global Center, told Wired News the outage was due to
misconfigured equipment.

The person, who asked to remain anonymous, said that his firm also
lost connectivity through Global Center's Sunnyvale, California,
facility during the same time period due to apparent router problems,
not hacker attacks.

Details remained sketchy, with service provider Global Center blaming
an intentional surge in traffic and Yahoo claiming a cadre of
as-yet-unknown vandals fouled their system. No Web content appeared to
have been altered or deleted.

A Yahoo spokesperson called it a "coordinated distributed denial of
service attack" against the company's San Francisco Bay Area data
centers that originated from multiple places at the same time. The
representative said the outage caused an "intermittent ability to
access some, but not all, of our services."

But the offline sites rank among the most prominent. Yahoo's highly
visible yahoo.com, broadcast.com, and my.yahoo.com sites were
unreachable, although some other properties such as Geocities remained
unaffected.

A likely explanation: Geocities receives its connection from Exodus,
while the yahoo.com and other affected sites connect to the Internet
through Global Center.

"The Global Center network is not down. There've been no fiber cuts...
This is a specific attack on Yahoo by external forces," said Secret
Fenton, a spokeswoman for Global Center. "This affected accessibility
to Yahoo, [which] hosts servers for its site at Global Center."

Global Center -- formerly FrontierNet -- is owned by Global Crossing,
a Bermuda telecommuniations firm. Other Global Center customers, such
as Ziff Davis, MP3.com, and eToys.com, did not report any glitches.

Neither Yahoo nor Global Center representatives provided technical
details, but the snafu seemed to originate with a router, and experts
began speculating on what could have been the cause.

Jeff Schiller, MIT's network manager, said that a denial of service
attack could be mistaken for router failure at first.

"They might have thought they had a bad card in a router, and they
shut down the router and replaced the card, and the problem didn't go
away," Schiller said. "They probably replaced equipment and then
discovered that it didn't solve the problem."

Schiller speculated that any assault might have been a "Tribal Flood
Network" attack. "If this is a denial of service attack, this is the
one of the first attacks against a public business."

The outage had the unusual effect of boosting the companies' shares.
Global Crossing closed Monday at 50 5/16, up 1 1/8. Yahoo ended at
354, up half a point.

On the Motley Fool discussion groups, investors kvetched that they
couldn't access their mail, news, or movie info -- while scratching
their heads over the apparent non-effect of the snafu. "Usually, when
a portal has an outage the stock price goes down. Yahoo is holding up
surprisingly well," one person wrote.

Keynote Systems, an Internet monitoring firm, said the Yahoo outage
began between 10:15 and 10:30 a.m. (PST).

According to Media Metrix, only America Online reaches more people
online than Yahoo.


---------------------------------------------------
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*=================================================*

ISN is sponsored by Security-Focus.COM