Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, June 15, 2004

Blackout hits major Web sites (A future form of a DoS)

A domain name outage Tuesday morning that left many popular Web sites such as Yahoo, Google, and temporarily inaccessible was the result of an Internet attack, according to Web infrastructure company Akamai.

The attack caused problems for more than two hours—from 5:30 a.m. to 7:45 a.m. PDT.

Many of the world’s most popular sites suffered from widespread outages, according to Keynote Systems, which compiles statistics related to Web surfing.  On a typical day, the top 40 sites measured by Keynote rarely dip below 99 percent availability.  On Tuesday, however, Keynote saw availability drop to 81 percent.

Bottom line: The attack caused problems for Web surfers for about two hours.

It’s taking a lot longer for the affected companies and Internet monitoring firms to get to the root of the problem.  Where the attack struck first has yet to be determined, and the affected companies are pointing to others, not themselves.  An attack on Akamai could have rippled out to Google and the other sites, or those sites might have been individually targeted, which in turn could have put pressure on a key Internet service that Akamai runs.  An Akamai spokesman said it noticed an attack against four unnamed “customers” that rendered their sites inaccessible.  Akamai said that the strike against those customers in turn caused a failure of its own domain name server (DNS) system, which translates word-based URLs into numeric Web addresses to link surfers to company sites. 

“We do know that attack was against four sites that happened to be Akamai customers,” said company spokesman Jeff Young.  “But I don’t know if the intent was to go after Akamai or go after Web properties that happened to be customers of ours.”

Tuesday’s outage comes nearly a month after Akamai reported glitches in its content management tools, causing some slowdowns.

Other parties may not agree with that assessment.  Keynote earlier Tuesday reported the Akamai DNS system outage and speculated that Cambridge, Mass.-based Akamai was the target of a denial-of-service attack, which then caused the Yahoo, Google, Microsoft and Apple sites to fail.  Dug Song, security architect for network security company Arbor Networks, said that the outage appeared to be an Akamai problem.

During the outage, Song noticed that sites such as Google were still functional, but someone typing couldn’t get to that site because the address would not translate into its numeric Internet Protocol code.  “It was definitely some sort of Akamai issue,” Song said in an interview.  “Their name service for all these major sites stopped working.  You couldn’t reach these sites even though the sites were up.  You just couldn’t get to them because the name resolution wasn’t working.”

In a recent incident, the Netsky virus used such a technique to target Kazaa and other file-sharing networks, disrupting service at some.  Earlier in the year, the main Web site of the SCO Group was crippled after attacks from computers infected by the MyDoom virus.

Since early Tuesday morning, users have been reporting glitches with Yahoo Mail, such as site inaccessibility, slow page loads and inoperable buttons on the site.

More info:

Posted on 06/15