Wednesday morning’s domain name server problems at Microsoft Corp. could be the result of a break in, despite the company’s claim it was an internal data center problem.
If so, that would make it the second time in less than a year Microsoft’s network has been compromised.
In what could very well be a Denial of Service attack, Microsoft technicians are trying to correct problems with its four domain name servers, which respond only sporadically to DNS queries. Hardware problems could be the reason, but indicators are pointing at a possible break in.
Magnus Bodin, a network developer at Internet consultancy company Framfab in Sweden, noted that all four Microsoft DNS servers were located under one network segment and one IP subnet (207.46.138.xx), making it easy for infiltrators to compromise.
“It makes it easier because you just have to attack one single subnet, that’s the reason I first suspected the server was attacked,” Bodin said. “If you’re hosting a lot of domains, and you have delegated those domains to separate servers, they should always be on separate subnets. No one real professional DNS host would do (what Microsoft did), and that’s a fact.”
Microsoft, however maintains that the problems were due to internal problems at its data center.
“Right now we’re having a problem with our DNS server,” Microsoft spokesperson Adam Sohn said Wednesday morning. “Our sites are up and running, but they can’t connect because of the name server. We expect to have it back to normal soon.”
Microsoft-owned properties, including MSNBC.com, Encarta.com, Zone.com and Hotmail.com, were put out of commission Tuesday night and only recently have started to come back online, in fits and starts.
As of press time, Encarta.com, Hotmail.com and MSNBC.com are up and running, but other Microsoft sites continue to have problems.
Earlier this morning, www.microsoft.co.uk had a message on its Web page apologizing for the disruption in service to its Web site, saying all Microsoft sites would be back in business as soon as possible.
This is the software giant’s second DNS issue in less than a week. Saturday, users were unable to access a number of the company’s sites for more than 12 hours due to an error-filled DNS table published by the domain registrar, MyDomain.com.
Richard Lau, MyDomain.com president, said the problem was human error.
“Our situation revealed a massive flaw in some DNS resolution server software being used by some ISPs,” Lau said. “At first we thought it was a Denial of Service attack but then learned that some DNS resolution software used by other ISPs has bugs that cause it to ask our non-authoritative name servers what are the IP addresses for these domains, which we are not listed as authoritative for.”
Microsoft’s problems this week are sure to be the subject of its next meeting at the Information Technology Information Sharing and Analysis Center, a joint effort between Microsoft and 18 other industry heavyweights.
Companies like AT&T, Hewlett-Packard Co., Symantec Corp. and Oracle Corp. banded together to share information on the security threats that threaten its networks.
Microsoft is building a reputation as a leaky network. In late October 2000, crackers were able to access top-secret source code files using the QAZ trojan. The virus, when opened by an unsuspecting user, replaces the Windows Notepad with a copy of its own and opens a “back door” to computer. And earlier this week, Microsoft’s New Zealand site was cracked and defaced by a group calling itself Prime Suspectz.