FC: Microsoft websites blacked out -- but what happened?

Peter Kosenko kosenko at netwood.net
Wed Jan 24 15:36:03 PST 2001


Well, their DNS servers are certainly off-line; the first two DNS numbers of the block you mention no longer give a response to ping. But don't ask me why. I noticed a little trouble from MS late last night (after 12:00) trying to get some development information. Perhaps certain sites were already going off-line.

c:\>ping 207.46.138.12 > ping_ms.txt

Pinging 207.46.138.12 with 32 bytes of data:

Request timed out. Request timed out. Request timed out. Request timed out.

Ping statistics for 207.46.138.12:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

See this:

http://www.cnn.com/2001/TECH/computing/01/24/microsoft.blackout.idg/index.html

Now the way that DNS works is that a large database propagates DNS associations to other ISP DNS servers around the world. That's why when you change your underlying web site DNS (the number associated with the name -- e.g., 207.46.230.218 = microsoft.com) it sometimes takes a few days for the change to register everywhere (depends on how often various DNS servers update). When I surf the web, my computer connects to MY ISP's DNS server and tries to find the number that is associated with the name that I sent. In other words, if my ISP is Concentric, Concentric is looking up microsoft.com = 207.46.230.218 for me. If it has no record of the association, I get an error message. But I can always go to the site directly by using the number rather than the alphabetical address in my URL.

If someone screwed with the Microsoft computers, that would be one thing. If they screwed with the main Internet DNS routing database to delete references to Microsoft sites, that is something entirely different and not something that Microsoft alone can tackle.

It has happened that people have rerouted traffic from one address to another. Don't know how they do it, though, nor do I care to know the details.

It would seem very hard to me to just call up Internic and tell them that you are Microsoft and you want to cancel all your name-number associations.

Whoever would do that obviously would have to have one big grudge to risk the likely legal consequences.

Peter Kosenko

---------- Original Message ---------------------------------- From: kelley <kwalker2 at gte.net> Reply-To: lbo-talk at lists.panix.com Date: Wed, 24 Jan 2001 16:57:13 -0500


>notice that the story they're telling to the press isn't the story ...
>
><forwarded>
>
>Millions of people have been prevented from visiting dozens of Microsoft
>websites today.
>
>Here's my notes on what happened. Briefly, four Microsoft computers
>somewhere in Redmond aren't working properly:
>
>* a.root-servers.net for microsoft.com, msnbc.com and others points to four
>DNS servers
>* those DNS servers are dns4.cp.msft.net through dns7.cp.msft.net
>* all four are alive: they respond to ping requests
>* that netblock appears to be owned by microsoft, so this is almost
>certainly not a hacker attack
>* the DNS servers seem to be physically close together, a terrible design
>decision, with IP addresses from just 207.46.138.11 to 207.46.138.21. they
>could even be in the same machine room.
>* those DNS servers don't respond to dns lookup requests
>* therefore, things are screwed and people can't get through.
>* other affected sites: expedia.com, slate.com, encarta.com, passport.com
>* that is, unless your computer knows the ip address to microsoft.com etc.
>since your isp/corporation/university has it cached
>* but caches expire, so microsoft properties have been fading from the web
>all day
>* the web servers are working fine; microsoft.com is at http://207.46.230.218/
>* the first person to identify the problem seems to be sean donelan at
>11:05 pm PT last night
>* even though hotmail.com uses other DNS servers, it's still affected.
>reason: it redirects to http://lc1.law13.hotmail.passport.com/cgi-bin/login
>(per my attempt to connect to port 80)
>* my mail to microsoft.com addresses goes through fine, except to
>exchange.microsoft.com addreses, which had intermittent errors. that seems
>to be working because the DNS servers are still responding to requests for
>MX records.
>* normally when a website can't be reached, internet explorer defaults to
>auto.search.msn.com, which, ironically, is also offline. talk about a
>catastrophic failure. (this is one of the risks of moving services, like
>error messages and search functionality, to the net.)
>* at 4:26 pm ET, microsoft.com was still offline for me.
>
>One Microsoft representative blamed ICANN, which as we can tell from the
>above has nothing to do with the problems:
> http://www.idg.net/ic_386962_1793_1-1681.html
> Microsoft has yet to pin down the cause of the DNS error. "It can
> be a system or human error, but somebody could also have done this
> intentionally," De Jonge said. "We don't manage the DNS ourselves,
> it is a system controlled by the Internet Corporation for Assigned
> Names and Numbers (ICANN) with worldwide replicas."
>
>That said, this remains a mystery. Why would it take so long to get even
>one of those computers back online? Any network admins want to speculate?
>
>-Declan
>
>
>
>
>-------------------------------------------------------------------------
>POLITECH -- Declan McCullagh's politics and technology mailing list
>You may redistribute this message freely if it remains intact.
>To subscribe, visit http://www.politechbot.com/info/subscribe.html
>This message is archived at http://www.politechbot.com/
>-------------------------------------------------------------------------
>
>
>



More information about the lbo-talk mailing list