The Microsoft Web Outage: What Went Wrong?
Microsoft's Web site was pounded recently--and in the blinding glare of hindsight, the factors that made the attacks possible were easy to spot.
Unless you've been stranded on a desert island, you've no doubt heard about the run of bad luck Microsoft had a few weeks ago. In one week's time, Microsoft had three major Web failures. The first of these failures was related to a router configuration error. However, the two other failures were the result of a security breach. In this article, I'll explain what flaws the hackers exploited to bring Microsoft to their knees. As I do, I'll also explain what Microsoft could have done differently to prevent this terrible situation.
Denial of Service
The DoS attacks against Microsoft were unique, however, because they weren't targeted toward a Web server. Instead, these attacks were aimed at a router. Apparently, the hacker had learned of two critical design flaws in Microsoft's network that made it vulnerable to attack.
The first of the design flaws was that the router represented a single point of failure. The router that the hacker attacked stood between Microsoft's internal network and its Internet connection. Therefore, by clogging the router, the attack made it nearly impossible for anyone to access Microsoft through the Web. If Microsoft had a secondary Internet connection that was linked to a different router, this problem could have been avoided. Even if a hacker managed to shut down a router, the second router would keep traffic moving between the Web and the internal network.
However, the router was only half the problem. As you probably know, routers not only connect networks to the Internet, but they are also used to divide networks into segments. Although Microsoft had divided its network into segments, all of the company's DNS servers were located on a single segment. Unfortunately, this segment was shut down by attacking the router.
So what does this have to do with blocking access to Microsoft's Web sites? Keep in mind that when you enter "www.microsoft.com" in your Web browser, the browser has no idea where to go. Because the browser can't work directly with domain names, it must consult a DNS server for the IP address associated with the domain name. Only after the Web browser knows the Web site's IP address can it actually go to the site.