Akamai provides an internet-wide caching system, which can act as a symmetric defence to distributed denial of service attacks. Just as a denial of service attack funnels traffic from many different points to a single destination, Akamai’s DNS servers multiplex requests for a specific hostname to the nearest point to each attacking machine in its global caching system, diminishing the effect of the attack by dividing the inbound requests amongst its many servers, and limiting the amount of DDoS traffic by localising the distance between attacker and target. Akamai presents a more challenging target for a DDoS than any single network, and would seem to be the best practical step where a distributed denial of service is directed at a hostname that the target organisation cannot reasonably take offline.
Microsoft was able to defend against an earlier DDoS aimed at windowsupdate.com by taking that hostname out of the DNS, as windowsupdate.com was less important to its operations than the attackers expected.
Many web forums, including those at Anandtech and Slashdot are discussing the irony of the www.microsoft.com site apparently running Linux. Additionally, we are seeing a quantity of mail asking why we are reporting www.microsoft.com running the “impossible” combination of the Linux operating system and Microsoft-IIS/6.0 web server.
When we request www.microsoft.com the DNS directs us to a server operated by Akamai. If you repeat this test, note that the actual Akamai server you connect to will differ according to your location on the internet and may vary from request to request. Akamai’s http caching servers run Linux, and so we report Linux as the operating system. However Akamai also forwards the http Server: header from the original server as part of the cached content, and so we report “Microsoft-IIS/6.0” as the web server.
$ telnet www.microsoft.com http Trying 18.104.22.168… Connected to a562.cd.akamai.net. Escape character is ‘^]’. HEAD / HTTP/1.1 Host: www.microsoft.com HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 P3P: CP=’ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI’ X-Powered-By: ASP.NET Content-Length: 45238 Content-Type: text/html Expires: Sun, 17 Aug 2003 15:35:25 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 17 Aug 2003 15:35:25 GMT Connection: keep-alive