Microsoft's Domain Seizure Apparently Causing Outages For Some SonicWall Customers

Printer-friendly version Email this CRN article

In an email to CRN, a Microsoft spokesperson said a "technical error" caused some legitimate customers to experience "a temporary loss of service," but all service was restored to those customers as of 6 a.m. Pacific Time.

But Silicon East's Harrison said this isn't accurate, at least from his perspective. After doing tests on his own domains, he discovered that traffic was looping back to Microsoft instead of to his Lakewood, N.J., location, as is normally the case.

Meanwhile, on Twitter, the court of public opinion appears to be strongly against Microsoft in this case.

Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based security consultancy, told CRN he considers Microsoft's seizure of's domains to be "heavy-handed," but said such services are regularly abused by malware authors.

"These big DNS take-downs are very effective. They can quickly nullify huge botnets in a single move," Plato said of Microsoft's malware-fighting tactics. "With DNS names black-holed, the botnet essentially becomes useless. It cannot communicate back to its command infrastructure."

It is unclear how much of a long-term benefit Microsoft's latest antimalware actions will have, according to Plato. "Malware creators are developing new strategies around this, including the use of multiple DNS names, resolvers, or fail-safe measures to reconnect to their command-and-control systems," he said.


Printer-friendly version Email this CRN article