Select the directory option from the above "Directory" header!

Full cause of massive Internet redirection still unclear

Full cause of massive Internet redirection still unclear

Some security analysts said it's still unclear what really happened last weekend when a technology glitch redirected Internet traffic meant for Web sites run by Yahoo, Microsoft and other companies to one owned by a Bermuda-based Web hosting and domain registration firm.

On Saturday, an estimated 100,000 Internet users trying to access various Web sites were instead routed to a page operated by, which is part of a Hamilton, Bermuda, company called Global Internet Investments under an acquisition that was announced last spring. The traffic eventually caused's Web site to crash. claims to host more than 350,000 Internet domains. Richard Lau, the company's president, this week said the redirecting problem started with faulty entries in's Domain Name System (DNS) table but was then compounded by misconfigured systems being run by different Internet service providers.

"Our situation reveals a massive flaw in some DNS resolution server software being used by some ISPs," Lau said, asserting that the prospect of an incorrect setting at affecting other ISPs on its own "goes against all fundamentals".

But while ISPs may indeed bear some fault, the incident also appears to have been the result of taking advantage of a well-known DNS vulnerability, said Ryan Russell, an incident analyst at the online bulletin board and security information portal in California. By putting the bulk of the blame on unnamed ISPs, Russell said, is "trying to . . . save face a little bit."

When a user enters a Web site address into his browser, a request for the corresponding numeric IP address is sent to a so-called "authoritative" name server, many of which are distributed around the world. To speed up the process, Lau said, some ISPs construct DNS tables containing the IP addresses of commonly requested Web addresses or use DNS lists belonging to hosting companies such as

Because of "human error", Lau said,'s DNS list became corrupted last Saturday and incorrectly redirected users to its own servers instead of the Web addresses they had requested. But the problem wouldn't have been so bad if ISPs used the appropriate name servers instead of relying on data provided by's DNS table, Lau claimed.

However, Russell said itself may have had a hand in encouraging ISPs to do that, based on information that received from an employee at the company. By taking advantage of the DNS vulnerability, he said, appears to have actively presented itself as a sort of name server authority to users who visited the domains it hosts.

That may have contributed to last Saturday's incident, Russell said, although he noted that ISPs also are responsible for making sure holes such as the DNS vulnerability are closed in the first place.

In addition, Russ Cooper, an analyst at US-based security consulting firm TruSecure, said it appears that some of the mapping information in's DNS tables shouldn't have been there because it doesn't belong to the company.

There's also no evidence that external ISPs were knowingly using's DNS lists, Cooper said. "If they were, then customers have a right to know who they were and why they were relying on ['s] information," he added.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments