Wednesday, January 17, 2007

Whose side are they on?

This story about the explosive growth of MySpace [no link for them -- the ex-spammers who run MySpace don't need my help to get rich, thank you very much] mentions what surely has got to be one of the craziest, misconceived, badly thought out misfeatures in Windows ever.

Last summer, MySpace's Windows 2003 servers shut down unexpectedly on multiple occasions. The culprit turned out to be a built-in feature of the operating system designed to prevent distributed denial of service attacks—a hacker tactic in which a Web site is subjected to so many connection requests from so many client computers that it crashes. MySpace is subject to those attacks just like many other top Web sites, but it defends against them at the network level rather than relying on this feature of Windows—which in this case was being triggered by hordes of legitimate connections from MySpace users.

"We were scratching our heads for about a month trying to figure out why our Windows 2003 servers kept shutting themselves off," Benedetto says. Finally, with help from Microsoft, his team figured out how to tell the server to "ignore distributed denial of service; this is friendly fire."

How's that again? A "Denial Of Service" attack is designed to prevent people from accessing the server being attacked; Windows 2003 defends from such a DOS attack by... er, shutting itself down, thus preventing people from accessing the server being attacked.

Oh man, I'd give my right eye to have been in the meeting where Microsoft's Pointy Haired Bosses suggested that to their tech people.

No comments: