Wednesday, when Microsoft's largest Web sites became unavailable, it seemed like a nonevent: Web sites are often unreachable and, well, Microsoft's sites aren't exactly reliable. But when the outage stretched past the 24-hour mark, things began to get interesting. In the end, Microsoft issued a statement explaining that a company technician had misconfigured one of Microsoft's routers, making the sites inaccessible from the outside. After many hours of investigation, Microsoft said, the company reversed the changes the technician made and the sites came back up--until the next morning, that is. Just hours after its mistaken self-imposed outage, Microsoft was offline again. But this time, the outage was deliberate, and the company found itself the victim of a Denial of Service (DoS) attack.
"This type of DoS attack isn't related to any Microsoft product," the company said in a statement. "Such an attack is an attempt to interfere with the routers in one of Microsoft's Internet data centers. Microsoft's servers were running normally throughout the event, but the attack prevented access to some of the company's Web sites. It's unfortunate that an individual or group of individuals would engage in this kind of illegal activity. Microsoft has made the FBI aware of this situation and has taken immediate steps to ensure \[that\] our customers can gain access to our Web sites. These steps will also make sure that our networks have improved protection from this type of attack."
The DoS attack affected microsoft.com, msnbc.com, msn.com, expedia.com, and other Microsoft sites. DoS attacks don't directly involve the software that runs on the affected servers; instead, the attacks overload servers with bogus requests and shut out real users. That Microsoft might be a target of such an attack is not improbable, given its sites' popularity. But analysts say the timing is interesting, considering the company's problems the day before. Although a "kick 'em while they're down" scenario is likely, some analysts believe that Microsoft's problems on Wednesday also were related to the DoS attack, despite Microsoft's denial. Popular sites such as yahoo.com, cnn.com, and amazon.com have suffered similar attacks in recent months.
Security analysts have another beef with Microsoft, however. Given its propensity for attack, they feel that the company could be doing more to ward off such intrusions. Microsoft has four DNS machines for redundancy, but they're all on the same network, making it easy to bring down the whole system. If a hacker brings down the DNS servers, no one will be able to resolve "microsoft.com" and other Microsoft domains to the IP addresses that are actually used behind the scenes. To eliminate the single point of failure, security experts suggest moving the DNS servers to different networks or even to different countries.