[ISN] Blackout hits major Web sites

From: InfoSec News (isn@private)
Date: Wed Jun 16 2004 - 05:46:57 PDT

  • Next message: InfoSec News: "[ISN] Putnam, Davis, propose Clinger-Cohen amendment"

    http://asia.cnet.com/newstech/personaltech/0,39001147,39183542,00.htm
    
    By Jim Hu
    CNET News.com
    June 16 2004 
    
    update: A domain name outage Tuesday morning that left many popular
    Web sites, including those of Yahoo, Google, Microsoft and Apple,
    temporarily inaccessible was the result of an Internet attack,
    according to Web infrastructure company Akamai.
    
    The attack caused problems for more than two hours--from 5:30 a.m. to
    7:45 a.m. PDT. Many of the world's most popular sites suffered from
    widespread outages, according to Keynote Systems, which compiles
    statistics related to Web surfing. On a typical day, the top 40 sites
    measured by Keynote rarely dip below 99 percent availability. On
    Tuesday, however, Keynote saw availability drop to 81 percent.
    
    Where the attack struck first has yet to be determined, and the
    affected companies are pointing to others, not themselves. An attack
    on Akamai could have rippled out to Google and the other sites, or
    those sites might have been individually targeted, which in turn could
    have put pressure on a key Internet service that Akamai runs.
    
    An Akamai spokesman said it noticed an attack against four unnamed
    "customers" that rendered their sites inaccessible. Akamai said the
    strike against those customers in turn caused a failure of its own
    domain name server (DNS) system, which translates word-based URLs into
    numeric Web addresses to link surfers to company sites.
    
    "We do know that attack was against four sites that happened to be
    Akamai customers," company spokesman Jeff Young said. "But I don't
    know if the intent was to go after Akamai or go after Web properties
    that happened to be customers of ours."
    
    Tuesday's outage comes nearly a month after Akamai reported glitches
    in its content management tools, causing some slowdowns.
    
    Other parties may not agree with that assessment. Keynote earlier
    Tuesday reported the Akamai DNS system outage and speculated that
    Cambridge, Mass.-based Akamai was the target of a denial-of-service
    attack, which then caused the Yahoo, Google, Microsoft and Apple sites
    to fail.
    
    Dug Song, security architect for network security company Arbor
    Networks, said the outage appeared to be an Akamai problem. During the
    outage, Song noticed that sites such as Google were still functional,
    but someone typing www.google.com couldn't get to that site, because
    the address would not translate into its numeric Internet Protocol
    code.
    
    "It was definitely some sort of Akamai issue," Song said in an
    interview. "Their name service for all these major sites stopped
    working. You couldn't reach these sites, even though the sites were
    up. You just couldn't get to them because the name resolution wasn't
    working."
    
    Furthermore, Song noticed that Web-wide traffic during the outage
    actually declined, making it unlikely that Google and the other sites
    were the victims of a distributed denial-of-service attack, in which
    thousands of unknowing PC "slaves" would have flooded their servers
    with useless data or requests for data.
    
    In a recent incident, the Netsky virus used such a technique to target
    Kazaa and other file-sharing networks, disrupting service at some.  
    Earlier in the year, the main Web site of the SCO Group was crippled
    after attacks from computers infected by the MyDoom virus.
    
    On Tuesday, David Krane, a spokesman for Google, confirmed that the
    search site was "affected for a short period of time earlier today"  
    and that all systems have been restored. Krane said Google was not the
    target of a denial-of-service attack.
    
    Microsoft also confirmed that its sites were affected but added that
    it was "deferring to Akamai for additional information on the reported
    outage."
    
    With the sites back up, it appears that the DNS issue has been
    resolved. But Yahoo's new Web-based e-mail service, launched Tuesday,
    continues to have problems.
    
    Since early Tuesday morning, users have been reporting glitches with
    Yahoo Mail such as site inaccessibility, slow page loads and
    inoperable buttons on the site. A Yahoo spokeswoman said the company
    is "investigating the potential impact of a widespread DNS issue on
    our services." But launch-related bugs are also a possibility.
    
    "As we upgrade tens of millions of Yahoo Mail accounts for consumers
    worldwide, some users may experience temporary fluctuations in the
    service, as we update our systems," Yahoo spokeswoman Mary Osako said.  
    "We expect Yahoo Mail accounts to resume to normal after the upgrades
    are completed."
    
    Representatives of Apple were not immediately available for comment.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)
    



    This archive was generated by hypermail 2b30 : Wed Jun 16 2004 - 06:37:06 PDT