In what company officials are describing as a "fast" and "intense" assault on its network, the U.S. Web sites of Yahoo and some of its companion sites were unreachable for around three hours Monday.
"At 10:30 a.m. PST [Monday] it appears a Yahoo router experienced a distributed denial of service attack," a Yahoo spokesperson said on condition of anonymity. " We believe it was coordinated, coming from multiple points on the Internet."
It hit not only the main U.S. Yahoo site but also some companion sites, such as Yahoo Mail and the Yahoo-owned Geocities Web site.
A denial of service attack doesn't involve breaking into the target Web site but simply overloading it, or in this case the router connecting it to the rest of the Internet, with so much fake traffic that it becomes unable to cope. Once this is achieved and the site is overloaded, genuine users find themselves unable to get connections. The distributed denial of service attack described by Yahoo differs in that the fake traffic comes from multiple points on the Internet rather than a single point.
The amount of data hitting the router took engineers at Yahoo by surprise.
"This was so fast and so intense that we couldn't even redirect our traffic," the spokesperson said. It was not until three hours later, at 1:30 p.m. PST, that the company began restoring access to most of its sites through the use of filters that removed most of the fake traffic before it had a chance to hit the router.
"From what I gather from the engineers, this was immense," said Secret Fenton, a spokeswoman for GlobalCenter, the company that hosts Yahoo's Web sites. "Nobody has ever seen one like this before. It was truly huge."
The outage, coming as it did in the middle of the U.S. business day, is likely to have affected millions of users. Together, Yahoo's family of Web sites attracted 42.4 million unique visitors in December 1999, according to Web audience measurement firm MediaMetrix. This made it the second most popular Web family on the Internet after those of AOL.
The Yahoo spokesperson was keen to emphasize that no user data was compromised during the attack and that its Web sites and systems were at no time hacked.
Engineers at both Yahoo and GlobalCenter are investigating the incident and Fenton added the companies are not fully certain it was an attack although, at this stage in their investigation, all evidence points towards a distributed denial of service attack.
It was a denial of service attack that took down the FBI's Web site in May 1999, one of last year's most well-known Internet attacks.
Yahoo can be found at www.yahoo.com/. GlobalCenter can be found at www.globalcenter.com/.
RELATED LINKS
Cisco.
Security Alert: Denial of service
Network World.
Denial of service and the worm
Network World, 06/28/99.
Do you have an intrusion detection response plan?
Network World Fusion Focus on Security, 09/13/99.
How we did it: Intrusion detection
Network World, 10/04/99.
RELATED LINKS
