Blackout hits major Web sites

[InfoSec News <isn () c4i org>]

http://asia.cnet.com/newstech/personaltech/0,39001147,39183542,00.htm

By Jim Hu
CNET News.com
June 16 2004 

update: A domain name outage Tuesday morning that left many popular
Web sites, including those of Yahoo, Google, Microsoft and Apple,
temporarily inaccessible was the result of an Internet attack,
according to Web infrastructure company Akamai.

The attack caused problems for more than two hours--from 5:30 a.m. to
7:45 a.m. PDT. Many of the world's most popular sites suffered from
widespread outages, according to Keynote Systems, which compiles
statistics related to Web surfing. On a typical day, the top 40 sites
measured by Keynote rarely dip below 99 percent availability. On
Tuesday, however, Keynote saw availability drop to 81 percent.

Where the attack struck first has yet to be determined, and the
affected companies are pointing to others, not themselves. An attack
on Akamai could have rippled out to Google and the other sites, or
those sites might have been individually targeted, which in turn could
have put pressure on a key Internet service that Akamai runs.

An Akamai spokesman said it noticed an attack against four unnamed
"customers" that rendered their sites inaccessible. Akamai said the
strike against those customers in turn caused a failure of its own
domain name server (DNS) system, which translates word-based URLs into
numeric Web addresses to link surfers to company sites.

"We do know that attack was against four sites that happened to be
Akamai customers," company spokesman Jeff Young said. "But I don't
know if the intent was to go after Akamai or go after Web properties
that happened to be customers of ours."

Tuesday's outage comes nearly a month after Akamai reported glitches
in its content management tools, causing some slowdowns.

Other parties may not agree with that assessment. Keynote earlier
Tuesday reported the Akamai DNS system outage and speculated that
Cambridge, Mass.-based Akamai was the target of a denial-of-service
attack, which then caused the Yahoo, Google, Microsoft and Apple sites
to fail.

Dug Song, security architect for network security company Arbor
Networks, said the outage appeared to be an Akamai problem. During the
outage, Song noticed that sites such as Google were still functional,
but someone typing www.google.com couldn't get to that site, because
the address would not translate into its numeric Internet Protocol
code.

"It was definitely some sort of Akamai issue," Song said in an
interview. "Their name service for all these major sites stopped
working. You couldn't reach these sites, even though the sites were
up. You just couldn't get to them because the name resolution wasn't
working."

Furthermore, Song noticed that Web-wide traffic during the outage
actually declined, making it unlikely that Google and the other sites
were the victims of a distributed denial-of-service attack, in which
thousands of unknowing PC "slaves" would have flooded their servers
with useless data or requests for data.

In a recent incident, the Netsky virus used such a technique to target
Kazaa and other file-sharing networks, disrupting service at some.  
Earlier in the year, the main Web site of the SCO Group was crippled
after attacks from computers infected by the MyDoom virus.

On Tuesday, David Krane, a spokesman for Google, confirmed that the
search site was "affected for a short period of time earlier today"  
and that all systems have been restored. Krane said Google was not the
target of a denial-of-service attack.

Microsoft also confirmed that its sites were affected but added that
it was "deferring to Akamai for additional information on the reported
outage."

With the sites back up, it appears that the DNS issue has been
resolved. But Yahoo's new Web-based e-mail service, launched Tuesday,
continues to have problems.

Since early Tuesday morning, users have been reporting glitches with
Yahoo Mail such as site inaccessibility, slow page loads and
inoperable buttons on the site. A Yahoo spokeswoman said the company
is "investigating the potential impact of a widespread DNS issue on
our services." But launch-related bugs are also a possibility.

"As we upgrade tens of millions of Yahoo Mail accounts for consumers
worldwide, some users may experience temporary fluctuations in the
service, as we update our systems," Yahoo spokeswoman Mary Osako said.  
"We expect Yahoo Mail accounts to resume to normal after the upgrades
are completed."

Representatives of Apple were not immediately available for comment.



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
(Broke? Spend 15 minutes a day on the project!)