In what company officials are describing as a "fast" and "intense" assault on its network, the US-based Web sites of Yahoo and some of its companion sites were unreachable for around three hours on Monday.
"At 10:30am PST (Pacific Standard Time) it appears a Yahoo router experienced a distributed denial of service attack," a Yahoo spokesperson said on condition of anonymity. " We believe it was coordinated, coming from multiple points on the Internet."
It hit not only the main US Yahoo site but also some companion sites, such as Yahoo Mail and the Yahoo-owned Geocities Web site.
A denial of service attack doesn't involve breaking into the target Web site but simply overloading it, or in this case the router connecting it to the rest of the Internet, with so much fake traffic that it becomes unable to cope. Once this is achieved and the site is overloaded, genuine users find themselves unable to get connections. The distributed denial of service attack described by Yahoo differs in that the fake traffic comes from multiple points on the Internet rather than a single point.
The amount of data hitting the router took engineers at Yahoo by surprise.
"This was so fast and so intense that we couldn't even redirect our traffic," the spokesperson said. It was not until three hours later, at 1:30pm PST, that the company began restoring access to most of its sites through the use of filters which removed most of the fake traffic before it had a chance to hit the router.
"From what I gather from the engineers, this was immense," said Secret Fenton, a spokeswoman for GlobalCenter, the company that hosts Yahoo's Web sites. "Nobody has ever seen one like this before. It was truly huge," she added.
The outage, coming as it did in the middle of the US business day, is likely to have affected millions of users. Together, Yahoo's family of Web sites attracted 42.4 million unique visitors in December 1999, according to Web audience measurement firm MediaMetrix. This made it the second most popular Web family on the Internet after those of America Online.
The Yahoo spokesperson was keen to emphasise that no user data was compromised during the attack and that its Web sites and systems were at no time hacked.
Engineers at both Yahoo and GlobalCenter are investigating the incident and Fenton added the companies are not fully certain it was an attack although, at this stage in their investigation, all evidence points towards a distributed denial of service attack.
It was a denial of service attack that took down the Web site of the Federal Bureau of Investigations in May 1999, one of last year's most well-known Internet attacks.