The Microsoft Web Outage: What Went Wrong? - Page 2
Solving the Puzzle
Now that you've seen all the pieces of the puzzle, let's look at the situation as a whole:
- The hacker decides to launch a DoS attack against Microsoft's primary router.
- A legitimate user tries to access the Microsoft Web site. When the user enters the URL of any Microsoft site into his browser, the browser looks to a DNS server for the location of the Web site. (Keep in mind that the TCP/IP configuration information on a PC includes addresses for a couple of DNS servers, which usually are supplied by the user's Internet service provider.)
- The browser checks the DNS server for the IP address corresponding to the Web site. If the DNS server knows the address, then the address is sent to the browser and the browser tries to access the Web site--but it can't, because the router is under attack.
- On the other hand, if the ISP's DNS doesn't know the IP address of the Web site, it consults other DNS servers along the line until a DNS server does know the address. Many times, this process may mean accessing one of Microsoft's DNS servers directly. However, the ISP's DNS can't access the Microsoft DNS, because the router is under attack and every one of Microsoft's DNS servers are behind that router.
As you can see, although you can't prevent a DoS attack, a problem like this one could have been avoided. All that Microsoft had to do was distribute its DNS servers around the network and provide some redundant Internet connections through different routers. Does your network architecture protect you from the same fate? //
Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it's impossible for him to respond to every message, although he does read them all.