For Microsoft and Users, Questions Remain
- By Scott Bekker
While the DNS servers have been reconfigured and Microsoft’s
Web sites brought back to public life, the questions surrounding the blackout have
just begun, and show no signs of slowing down anytime soon.
In addition to the mystery still surrounding the blackout,
yesterday Microsoft Corp. issued a release on its Web site that the site was hit with
a denial of service (DoS) attack which targeted the routers that direct traffic
to the company’s Web sites. While Microsoft denies that the DoS attack had
anything to do with the site blackouts, the possibility that the two incidents
are at least marginally connected remains. Microsoft’s main site,
Microsoft.com, is running today, albeit extremely slowly.
According to Russ Cooper of the watchdog Web site NTBugtraq.com, the DoS attack was targeted
at a single router that gave access to all of Microsoft’s DNS servers. While “it’s
hard to believe that right after working 24 hours on a DNS outage” Microsoft
sites would be brought down by a similar problem, Cooper says it’s likely that
a hacker could have gained access and perpetrated the attack unnoticed during
the DNS outages and not begun the hack until after the initial outages were
Cooper points to Microsoft’s relationship with Akamai Technologies
Inc. as a key to unraveling what exactly went on. He suggests that there be “more
scrutiny on the Akamai-Microsoft relationship”, because Microsoft has hired
Akamai to host its DNS servers. That, says Cooper, is one explanation as to why
Microsoft thought the DNS problem was fixed on Thursday morning while Microsoft’s
sites were actually still unavailable.
Sam Yee, senior software engineer at Incognito Software Inc., agrees that the blackouts were the result of a routing problem, rather than a specific application problem. He points out that DNS servers are one of the key points that hackers will attempt to exploit.
Several questions still remain unanswered. Chief among these
is the concern that in the wake of the site outages, Microsoft will fail to
live up to its new ad campaign’s billing as “Software for the Agile Business.”
Microsoft, predictably, was tight-lipped regarding this
concern. “This is a one-time mistake, we stand by the products and services,
customers are reasonable and will know what happened and understand,” said a
The fact is, however, that not many in the IT community do
understand what happened. Cooper, for one, poses the obvious question back to
Microsoft: “How is the Internet based on such a fragile protocol that can so
easily wreak havoc?” Confidence in Microsoft’s abilities to manage its .NET
strategy will almost certainly be shaken after the events of this week.
“Imagine … when doctors are giving you prescriptions over
the Net, and at the drugstore they can’t access the Microsoft Web site” to fill
the prescription, said Cooper by way of example.
Incognito's Yee, also, points to the inherent fragility of DNS as a fundamental problem in preventing future site blackouts. The situation "brings to light how critical a robust DNS server is," says Yee.
Cooper says that Microsoft may have “spoken too quickly in
explaining the problem” and by withholding most information about the outages,
has done everyone in the industry “a great disservice.”
As for the question of Microsoft’s DNS servers all being on
the same network, the Microsoft spokesman was similarly mum. A similarly vague
answer was given by the spokesman to the question of how much revenue Microsoft
lost due to the blackouts.
Yee posits that the problem arose because Microsoft had its servers all on one network, effecting a single-point failure. Had its servers been distributed across the network, Yee theorizes, a total site blackout would have been less likely simply due to the distribution of DNS servers.
Finally, as to the employment status of the initial
technician responsible for the blackout, Microsoft refused to comment.
Cooper suggests that because no one can seem to come up with
a satisfactory explanation for what happened to Microsoft’s DNS servers this
week, we may be facing a new or at least previously unseen form or service
Yee finds some positives in this week's blackouts, namely that they demonstrate the importance of robust DNS servers and careful management of them. – Isaac Slepner
Scott Bekker is editor in chief of Redmond Channel Partner magazine.