'The Internet Has Broken'

What could be the largest denial of service (DOS) attack in history overtook the Internet early Saturday morning, blanking out access to an unknown number of Websites. "It's the biggest attack I've seen," said a U.K. representative of WorldCom Inc. (OTC: WCOEQ). He confirmed that the attack was generated by a worm, with the first signs of trouble appearing at 5:30 a.m. U.K. time, or 12:30 a.m. Eastern Standard Time in the United States. Later on, WorldCom said that it had taken proactive steps to deal with any potential trouble on its own network, which was running normally. However, it said other ISPs were still experiencing difficulties in what it called an "industry-wide" problem.

The attacks used Microsoft SQL servers as their vector, according to early reports from Sonic.Net, a service provider located in the northern San Francisco Bay area. Sonic first caught wind of the problem around 1:30 a.m. Eastern Time, as technicians were investigating delays and dropped packets throughout Sonic's network. Within an hour, they had isolated the problem, confirmed it with UUNet, and posted this dramatic message to users:
    The Internet has broken. We do not yet know the source of the DoS but we believe that it may be another worm that attacks Microsoft servers. At this time, large portions of the Internet are still unreachable. There have been widespread reports that this DoS also took the lives of many Cisco routers, including one of our 7500 border routers. Our internal network is functioning at 100% but many sites have yet to restore service and I would anticipate, may not return for some time.
Oddly enough, the problem seems to have gone unnoticed by the Internet Storm Center, which was reporting Condition Green even as ISPs were scrambling to recover from the worm. But the effects were clearly visible on the real-time charts posted at Matrix NetSystems Inc.. Check out these charts in particular:

Other U.S. ISPs weren't immediately reachable Saturday morning, partly because of the early hour, and partly because, well, the Internet was broken. Update

It appears that systems running SQL Server 2000 are vulnerable to the attack. The Light Reading Website doesn't use this software, which may be why it's still up. Earlier difficulties in accessing our Website were probably caused by an evaluation copy of SQL Server 2000 running on a single desktop PC, which saturated a T1 line, according to our ISP.

Light Reading is monitoring a number of corporate Internet access lines as part of its Traffic Tracker project (see Track Your Traffic). This indicates outages on access lines supplied by the following service providers: It also indicates no problems on access lines supplied by the following service providers: — Craig Matsumoto, Senior Editor, and Peter Heywood, Founding Editor, Light Reading
Page 1 / 12   >   >>
LeCastor71 12/5/2012 | 12:48:18 AM
re: 'The Internet Has Broken' Things seem to be improving. It seems funny as I was using my Netscape webmail and on their website with no problems at all the whole time.

Yet many other sites were unavailable.

Perhaps this is another argument to stop using cookie-cutter solutions and "me-too" Microsloth solutions. if we had more people using more unique and tailored solutions, innovation might thrive and in doing so, the internet would become a more customized experience.

And those differences would make it all the harder for DoS attacks to damage internet performance so easily.

Maybe an exact 50/50 split in ALL Internet design should be done:

50% Microsoft/Cisco/Oracle etc.
50% Sun-NS/Juniper/SAP etc.

Same applies to hardware selection for the servers and storage solutions as well as cache methods. If the backdoors can only ever be exploited half the time and the hackers are divided in their targets we'd have something and that's gotta be better than nothing!

Peter Heywood 12/5/2012 | 12:48:17 AM
re: 'The Internet Has Broken' http://www.reuters.com/newsArt...
Peter Heywood 12/5/2012 | 12:48:17 AM
re: 'The Internet Has Broken' It looks as though the worm attacks SQL Server 2000 software, which might explain why its impact is patchy.

As it happens, our Traffic Tracker project enables us to see what's going on on a number of corporate access lines, so I've been able to deduce some names of ISPs that look as though they have problems.

If you know more, please contribute to this message board.
Peter Heywood 12/5/2012 | 12:48:16 AM
re: 'The Internet Has Broken' http://www.sophos.com/virusinf...
Peter Heywood 12/5/2012 | 12:48:15 AM
re: 'The Internet Has Broken' Message on Nanog:

"Anybody here on list using Extreme products (Summit/Alpine/Blackdiamond)?
They sure don't like this traffic one bit. It causes them to not only drop
traffic, but spew out every available error message under the sun."

Extreme notice:

BlueFox 12/5/2012 | 12:48:14 AM
re: 'The Internet Has Broken' Article states:

It appears that systems running SQL Server 2000 are vulnerable to the attack. The Light Reading Website doesn't use this software, which may be why it's still up.

Interestingly, late last night (PST) the LR site became unaccesible, but other sites I read/use were okay. Maybe, LR uses Extreme boxes. :)
bsd_devil 12/5/2012 | 12:48:03 AM
re: 'The Internet Has Broken' Cisco must have done this! Connect the dots:



Friday say a 5% drop in their stock price!! Now, now! You need money for aquisitions and also to sue Huawei's a$$. So, you unleash an attack so that the world sees how important and intelligent an aquisition you made. And kaboom! Your stock price soars! You live happily ever after. :)

Its time to bring the death-star down. Break up CSCO. Abandon CSCO stock.
geof hollingsworth 12/5/2012 | 12:48:00 AM
re: 'The Internet Has Broken' We run the Okena StormWatch product in our office-I am guessing that if all of those MicroSoft SQL servers had it installed the attack would have been stopped dead (or at least throttled back significantly).
geof hollingsworth 12/5/2012 | 12:47:59 AM
re: 'The Internet Has Broken' I can't access the article you refernced or anything else at their domain.
teng100 12/5/2012 | 12:47:56 AM
re: 'The Internet Has Broken'

The IP network are not suitable in the backbone, When all the internet(including the IP backbone)are full of the firewall boxes, the internet will be dead totally.
Page 1 / 12   >   >>
Sign In