TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD

Quake help not fast enough, says Indian PM

U.S.

Bush: No help from Washington for California power crunch

POLITICS

Bush signs order opening 'faith-based' charity office for business

LAW

Prosecutor says witnesses saw rap star shoot gun in club

ENTERTAINMENT

Can the second 'Survivor' live up to the first?

HEALTH

Heart doctors debate ethics of testing super-aspirin

TRAVEL

Nurses to aid ailing airline passengers

FOOD

Texas cattle quarantined after violation of mad-cow feed ban

ARTS & STYLE

Ceramist Adler adds furniture to his creations

(MORE HEADLINES)

MAINPAGE WORLD U.S. WEATHER BUSINESS SPORTS

TECHNOLOGY

computing personal technology

SPACE HEALTH ENTERTAINMENT POLITICS LAW CAREER TRAVEL FOOD ARTS & STYLE BOOKS NATURE IN-DEPTH ANALYSIS LOCAL
EDITIONS:
CNN.com Europe change default edition
MULTIMEDIA:
video video archive audio multimedia showcase more services

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

Cause of massive Net redirection still unclear

From...

by Jaikumar Vijayan

(IDG) -- Some security analysts said it's still unclear what really happened last weekend when a technology glitch redirected Internet traffic meant for Web sites run by Yahoo Inc., Microsoft Corp. and other companies to one owned by a Bermuda-based Web hosting and domain registration firm.

On Saturday, an estimated 100,000 Internet users trying to access various Web sites were instead routed to a page operated by MyDomain.com, which is part of a Hamilton, Bermuda, company called Global Internet Investments Inc. under an acquisition that was announced last spring. The traffic eventually caused MyDomain.com's Web site to crash.

MyDomain.com claims to host more than 350,000 Internet domains. Richard Lau, the company's president, this week said the redirecting problem started with faulty entries in MyDomain.com's Domain Name System (DNS) table but was then compounded by misconfigured systems being run by different Internet service providers.

IDG.net INFOCENTER

Related IDG.net Stories

Features

Visit an IDG site

IDG.net search

"Our situation reveals a massive flaw in some DNS resolution server software being used by some ISPs," Lau said, asserting that the prospect of an incorrect setting at MyDomain.com affecting other ISPs on its own "goes against all fundamentals."

But while ISPs may indeed bear some fault, the incident also appears to have been the result of MyDomain.com taking advantage of a well-known DNS vulnerability, said Ryan Russell, an incident analyst at the SecurityFocus.com online bulletin board and security information portal in San Mateo, Calif. By putting the bulk of the blame on unnamed ISPs, Russell said, MyDomain.com is "trying to . . . save face a little bit."

When a user enters a Web site address into his browser, a request for the corresponding numeric IP address is sent to a so-called "authoritative" name server, many of which are distributed around the world. To speed up the process, Lau said, some ISPs construct DNS tables containing the IP addresses of commonly requested Web addresses or use DNS lists belonging to hosting companies such as MyDomain.com.

Because of "human error," Lau said, MyDomain.com's DNS list became corrupted last Saturday and incorrectly redirected users to its own servers instead of the Web addresses they had requested. But the problem wouldn't have been so bad if ISPs used the appropriate name servers instead of relying on data provided by MyDomain.com's DNS table, Lau claimed.

However, Russell said MyDomain.com itself may have had a hand in encouraging ISPs to do that, based on information that SecurityFocus.com received from an employee at the company. By taking advantage of the DNS vulnerability, he said, MyDomain.com appears to have actively presented itself as a sort of name server authority to users who visited the domains it hosts.

That may have contributed to last Saturday's incident, Russell said, although he noted that ISPs also are responsible for making sure holes such as the DNS vulnerability are closed in the first place.

In addition, Russ Cooper, an analyst at security consulting firm TruSecure Corp. in Reston, Va., said it appears that some of the mapping information in MyDomain.com's DNS tables shouldn't have been there because it doesn't belong to the company.

There's also no evidence that external ISPs were knowingly using MyDomain.com's DNS lists, Cooper said. "If they were, then customers have a right to know who they were and why they were relying on [MyDomain.com's] information," he added.