January 24, 2001, 8:05 AM PST

Microsoft Sites Suffer Large-Scale Blackout

Key Microsoft sites are unreachable for several hours Wednesday morning, because of a domain-name system glitch. The company says it has yet to identify the cause of the error. By Joris Evers

Microsoft (MSFT) confirmed Wednesday that most of its online properties became unreachable Wednesday morning because of a problem in the system that maps Web addresses to Internet protocol addresses.

Sites that were affected include the Web-based e-mail service Hotmail.com, the Web portal MSN.com, the news Web site MSNBC.com and the company's corporate site Microsoft.com.

"The Internet's Domain Name System (DNS) does not return the correct response when it is queried for a Microsoft Web site," said Ruud de Jonge, support manager at Microsoft Benelux.

The first reports of the problem started coming in "very early" Wednesday morning, said De Jonge. "It will take some time; this can't be restored by hitting one switch," he said.

Microsoft has yet to pin down the cause of the DNS error. "It can be a system or human error, but somebody could also have done this intentionally," De Jonge said. "We don't manage the DNS ourselves; it is a system controlled by the Internet Corporation for Assigned Names and Numbers with worldwide replicas."

A team at Microsoft's headquarters in Redmond, Wash., is working on the problem, which has been given top priority, said De Jonge.

Because of the blackout, some 60 million Hotmail users worldwide could not access their e-mail, Microsoft customers could not download software updates or get online support, and MSNBC.com had no audience. Other services that couldn't be reached include Windowsupdate.com, which contains updates for the Windows operating system, Passport.com, Microsoft's online identification service, and bCentral.com, a portal for small and medium-sized businesses.

Hackers could be responsible for the outage that continued for hours, said Simon Hania, spokesman for Dutch Internet service provider XS4ALL Internet. "The name server that is authoritative for Microsoft's Web sites might have crippled under a denial-of-service attack," he said.

Hania said, however, that it is more likely that a network error or system failure caused the problem.

The DNS consists of many machines around the world that are set up in a hierarchy. "It looks like the machine hit is in the top of the DNS tree," Hania said. "Once it is fixed it can take a couple of hours for all DNS systems around the world to pick up the correct DNS information."

Joris Evers writes for the IDG News Service.

http://www.thestandard.net/article/display/0,1151,21633,00.html

-- Martin Thompson (mthom1927@aol.com), January 24, 2001

Answers

This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- Microsoft's site outages--are attackers to blame? By Robert Lemos, ZDNet News, and Melanie Austria Farmer,, Special to ZDNet January 24, 2001 7:32 AM PT URL: Microsoft scrambled Wednesday evening to find the cause of an extensive outage that blocked traffic to many of its major Web sites for nearly a full day, acknowledging the problem may have been caused by an attack rather than a technical glitch.

Since Tuesday night, Microsoft has experienced problems with access to its various properties, including Microsoft.com, MSN.com, WindowsMedia.com, Encarta.com, Carpoint.com and Expedia.com, said Adam Sohn, spokesman for the software giant. He could not confirm reports that popular e-mail service Hotmail.com also was affected.

Around 1 p.m. PST Wednesday, some of Microsoft's Web sites had again become accessible from some parts of the country, but access was inconsistent. Microsoft.com and Hotmail.com also were largely inaccessible.

"We are not ruling anything out," Sohn said. "If we know for sure if it's a denial-of-service (DoS) attack, we will tell everyone."

The problem had limited access for some Web surfers, depending on how recently the DNS (domain name system) server used by the visitor's browser had been updated. DNS servers translate a domain name-- Microsoft.com, for example--into a numerical Internet addresses. Microsoft's problem seemed to be a glitch that crept into the latest DNS update.

Microsoft sites in Europe also appear to have been affected. "We've heard some customers in Europe are having problems as well," said Sohn, who added that the outage may have affected customers globally.

In addition, a reader in Hokkaido, Japan, sent an e-mail reporting that from "MSN's mobile service on my cell phone to Hotmail, nothing Microsoft works."

Microsoft's network of Web properties ranks as the third most-visited destination on the Internet. According to Net research company Jupiter Media Metrix, Microsoft Web sites drew 54 million unique visitors in December, trailing only America Online's 61 million and Yahoo's 55 million.

The timing and duration of the outage comes as Microsoft is trying to bolster its reputation among corporate customers. The company launched a $200 million advertising campaign Monday touting its business software in competition with Oracle, IBM and Sun Microsystems. The theme for the ads is "software for the agile business."

"Businesses today need to be fast, nimble and responsive to compete and respond to customer needs, yet a lot of the technology for business is big, slow and expensive," Microsoft CEO Steve Ballmer said in a statement about the campaign.

While Microsoft worked to track down the cause, security experts said it's possible that Microsoft DNS servers, or possibly the routers that direct traffic to those servers, were under attack.

"It is either a denial of service at the router, or there are a lot of router failures," said "Weld Pond," manager of research and development for network security firm @Stake, who prefers to use his hacker handle.

Weld Pond investigated the problem Wednesday morning using several network administration tools and found that the four Microsoft servers listed in Internet directories were unavailable.

That narrowed the problem to three possibilities, he said. Those servers were "hacked under a DDoS attack or there (was) a configuration problem."

In addition, Microsoft may have made a poor choice in setting up its servers, putting all four on the same network--sort of like putting all the company's executives on the same airplane.

"I don't know why they did that," Weld Pond said. "It's a DDoS attack waiting to happen."

According to the Whois directory of Internet domains, other major networks, including America Online and Yahoo, have backup DNS servers on other networks.

CNET News.com received numerous complaints about the lack of access to several Microsoft sites, such as Zone.com. Correspondents said that for several hours Tuesday night and Wednesday morning, they were locked out of a number of Microsoft Web properties, including news site MSNBC.com, Internet service provider MSN.com, free e-mail service Hotmail.com and online travel site Expedia.com.

The outage came just a few months after a hacker broke into the company's corporate network.

It also comes after several other Net outages caused primarily by server errors. Earlier this month, online auctioneer eBay suffered a day of lengthy outages. During the outages, eBay visitors could access the company's home page and its category listings but weren't able to view individual auctions, place bids or list items. The company said the interruption resulted from a series of failures that affected its primary and backup systems.

Last month, some Hotmail members were locked out of their e-mail accounts for several days because of system upgrades to the free service. That was not the first time that Hotmail had experienced such problems; a similar outage occurred in 1999, when the company failed to pay a $35 registration fee for the domain name Passport.com.

-- Martin Thompson (mthom1927@aol.com), January 24, 2001.