AMO.NET America's Multimedia Online (MAJOR Microsoft Outage Part 2)

Microsoft is down...
01/25/2001 9:30:00pm MST Albuquerque, Nm
By Dustin D. Brand; Owner AMO

Microsoft cites 2 reasons for the distinct outage of their Web Family... You can read part 1 of my report on Microsoft's Web Family here.

Part 2 of my report starts here. Initially, I had 2 reports. 1 explaining my idea for Microsoft being down, and the other placing their excuse above mine. It seems now though, that I was right the first time and shouldn't have pulled my initial report on Microsoft's WEB-FAMILY Outage.

Investigating from here in Albuquerque, NM, using California as my route, I attempted to reach Microsoft's sites and began to notice a problem. The problem that prompted me to write my initial report was that I was accessing internal parts of Microsoft because of my relationship with Microsoft. These sites are mainly for ISV's who work closely with Microsoft. Well while accessing these internal portions of Microsoft, I noticed a slow delay. With the kind of bandwidth we pull into AMO, any delay usually denotes a problem.

Continuing to delve into the problem, I was able to get responses back from Microsoft telling me the site was too busy. This is a red flag in the case of Microsoft, because they set the land speed record for internet traffic. Microsoft has plenty of bandwidth, very healthy servers, and an overall good set of resources. This means basically a huge problem when Microsoft tells me their server is too busy. Knowing there was a problem I intensified my reasearch. I quickly found the source of the problem being the DNS (Domain Name Servers) or noteably the servers that route traffic from the web to the web-sites by transforming the name Microsoft.com or msn.com into the actual server the site resides on. Tracing the problem to MSFT.NET and the numerous DNS Servers which are redundant meant there was an overall outage. All of Microsoft's WEB-FAMILY was down and essentially unreachable. In lamens terms, Microsoft was not on the Internet.

The disturbing part came later. I had determined that there was a DNS attack on MSFT that was ongoing from 9:30am this morning on the 25th of January, 2001 or Thursday. However less than 4 hours from when I had placed part 1 of my report up, I was able to reach Microsoft and found their excuse. Seeing as it wasn't fair for me to go against their report of what the cause of thier outage was, and seeing their outage could be explained by such a stupid mistake, I replaced my initial report from 9:30am with theirs around 1:47pm.

Finding out later that Microsoft stated that there were 2 distinct instances and 2 distinct causes of their outage prompted me to write this report, or a subset of my original report.

Doing the research I did today, I was able to determine there was an ongoing attack to Microsoft's Domain Servers. However, this was a new type of Denial Of Service attack that I don't think anyone had seen before, and thus was unprepared for. Microsoft's initial excuse however may be wrong. Although this excuse of a technician making a bad configuration error to MSFT's family of domain name servers is logical. The problem is, Microsoft doesn't explain my ability to reach the servers period. A router configuration error would cause the sites to be completely unreachable, especially since Microsoft.com was unreachable. The logic is, if you can't reach Microsoft.Com, then you can't reach anything Microsoft.com.

Knowing this, I also tested other sites like MSN.com and of course the internal portions of Microsoft which I did have access to. Having access to parts and not the whole does not indicate a total DNS failure, or router problem, but indicates an attack. Using odds, statistics and mathematics, it simply dosn't make logical sense that Microsoft's WEB-FAMILY was taken down by both a technicians router configuration error and a DNS attack within the same 48 hour time period.

It looks like my first report on Microsoft's WEB-FAMILY being taken down by an attack was both sound and logical. Having Microsoft release 2 reasons for their WEB-SITES being down, one citing an error one of their Technicians made to the configuration of their DNS Router, and the other citing an attack today Thursday the 25th of Jan, 2001 is completely reasonable understanding the position Microsoft is in.

One thing NOT mentioned by the major media about this story is that the well known "Mafiaboy" who is 16 years old pleaded guilty to the now infamous Denial Of Service attacks and was sentenced to 2 years in a Canadian Juvenille facility. Mafiaboy pleaded guilty to 74 of 85 charges, and was sentenced just this week. This is an obvious tie to Mafiaboy.

Although DNS is the system of the internet that translates domain names to the actual IP Addresses that the servers and sites reside on, clearly Microsoft was able to be reached by their IP's. However also noteable, People on the internet don't use IP's to access web sites, they type in the FQDN(fully qualified domain names) because words are easier to remember than 12 digits. This problem with the DNS system of the internet showed a lack in redundancy on the Microsoft DNS system which was a single point of failure in Microsofts internet Design. Redundancy means no single point of failure and you can count on Microsoft to fix this design flaw in their system sooner than later.

MICROSOFT.COM