[ISN] DoubleClick downed by denial-of-service attack

From: InfoSec News (isn@private)
Date: Wed Jul 28 2004 - 00:48:48 PDT


By Paul Roberts
JULY 27, 2004 

Internet advertising company DoubleClick Inc. was shut down today by a
denial-of-service attack launched from computers on the Internet, a
company spokeswoman confirmed.

The massive DoS attack began at about 10:30 a.m. EDT in the U.S. and
crippled the company's Web site and its advertising servers, which
distribute Web advertisements to other Web sites on the Internet.  
Ripple effects from the attacks were felt across the Internet, as Web
pages that display DoubleClick ads struggled to retrieve them from the
company's servers, causing "severe disruption" for DoubleClick
customers, according to a company statement.

Leading Web sites all experienced significant slowdowns during the
period covered by the attack, including Web pages for the Washington
Post Co., New York Times Co., Cnet Networks Inc., Nortel Networks
Corp. and InfoWorld magazine, according to Keynote Systems Inc., a Web
performance measurement company in San Mateo, Calif.

Keynote measurements for the period covered by the attacks show that
the "base page" -- or basic HTML documents -- served by those Web
sites loaded quickly, but that the "full page," which includes any
content the Web page points to, suddenly began to load very slowly,
said Lloyd Taylor, vice president of operations at Keynote.

DoubleClick's DNS servers were the target of the attack, which came
from unidentified "outside sources" and lasted for approximately four
hours, said Jennifer Blum, vice president of corporate communications
at DoubleClick.

DNS is the system of servers that matches up reader-friendly names
such as DoubleClick.net with the numeric Internet Protocol addresses
used by machines on the Internet to route traffic.

Keynote recorded a threefold slowdown in response time for Web pages
beginning at about 7 a.m. EDT and ending at 1:30 p.m. EDT. The company
doesn't know what caused the slowdowns, but the behavior of the pages
is consistent with a DoS attack, Taylor said.

The performance of DoubleClick's servers had returned to normal by
late this afternoon, Taylor said.

Staff members are taking steps to "resolve the situation permanently,"  
Blum said.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Wed Jul 28 2004 - 02:00:15 PDT