Surfers headed to Yahoo.com, Microsoft.com, went to MyDomain.com instead
January 21, 2001
A computer glitch is being blamed for cutting off Web traffic headed for Yahoo.com and Microsoft.com on Saturday. For about 12 hours, thousands of Internet users trying to visit those two popular Web sites and dozens of others were instead sent to a Web page owned by MyDomains.com. The president of the Web hosting company, Richard Lau, said he was “a little bit in shock at the ease with which this has gotten out of control.” He added that the episode proves a computer criminal could “easily” hijack all traffic on a part of the Internet.
“THIS IS A RECIPE for disaster,” Lau said, exhausted from fighting the glitch until the wee hours of Sunday morning. He said teams were working to resolve the problem deep into the night.
The glitch involved a critical component of the Internet’s inner workings, the Domain Name System — it matches familiar Web site names like Yahoo.com and Microsoft.com to their underlying IP addresses, like 22.214.171.124.
The database that includes this information is called a DNS Table. On Saturday, MyDomain.com accidentally released a DNS table to the world that was full of errors, Lau said. The mistakes meant a small fraction of Web surfers trying to visit Yahoo.com were instead sent to an IP address inside MyDomains.com.
At that IP address is a default “under construction” page full of pay-per-click links. An earlier MSNBC report initially suggested the incident might involve an attempt by a criminal to generate traffic and make easy money off these links. Lau denied that, adding he will pay much more in extra bandwidth costs than he might make from pay-per-click links.
Lau said engineers discovered the problem Saturday afternoon, but initially thought the bug would only have internal consequences. Not until about 11 p.m. PT did he realize the error was causing outside surfers to be sent to the wrong Web site.
The extra traffic bombarded MyDomain.com’s Web servers, causing the company’s home page to crash. Lau said the accidental increase in bandwidth would cost his firm some $4,000.
In addition to misdirecting Yahoo.com and Microsoft.com visitors, surfers trying to reach MSN.com and a host of .net sites also ended up at MyDomains.com. In about a four-hour period Saturday, some 50,000 new clicks were registered on the MyDomains page, and the number was still rising at 5 a.m. ET.
The president blamed the size of the problem on Internet Service providers for having misconfigured systems.
The flawed DNS entries had been entered long ago into his firm’s database over time by customers hoping to hijack traffic, he said. But they were kept in a “holding bin” until they were published to the Internet as the result of human error on Saturday. While Lau admitted fault for that, he blamed other forces for escalating the problem. Each time a surfer looks up a Web page, there should be only one source for finding the correct IP address — the so-called “authoritative” name server. The only way to find that is to ask one of the 13 so-called “root nameservers” hosted around the Internet.
But that can be time consuming. So sometimes ISPs take a shortcut and look at the nearest DNS table instead.
That’s what happened Saturday — escalating the consequences of MyDomains.com’s mistake rapidly.
“Us putting Yahoo.com incorrectly in our name servers should not bring down Yahoo,” Lau said. “Imagine if we were malicious. ... It doesn’t take much for a 16- year-old to set up a name server. People could set up a name server ... and hijack all traffic. It’s mind-boggling that ISPs out there have their systems misconfigured.”
Lau is hardly the first person to suggest the Internet’s name system has flaws.
“DNS is one of the biggest weaknesses on the Internet,” said security consultant Joel de la Garza of Securify.com. “It’s surprising we haven’t seen more of these.”
He suggested other alarming potential attacks. For example, a cybercriminal hijacked clicks headed for a bank, then convinced bank customers to enter account information into a fake duplicate Web page.
Shortly after MSNBC reported the problem to Yahoo, the Web’s site’s entry in MyDomains.com DNS table was adjusted. Others sites seemed to be returning to normal by 1 a.m. ET.
By early Sunday morning, most of the problem was fixed, but there could be lingering effects for up to 24 hours, Lau said.
Bob Sullivan, msnbc.com