If you use the Internet, even just get e-mail from off campus, or if
you run a server on campus, please take a few minutes to read this.

You may have heard on the news about the "Code Red" Internet attack
expected to happen at any moment now.  Major alerts have been issued
by all Internet security agencies (FBI, CERT, SANS, Microsoft, etc.).
A good summary is at http://www.pbs.org/cringely/pulpit/pulpit20010730.html

Code Red infects and subverts Microsoft NT and Windows 2000 servers
running IIS (the web server service) to "attack"  other computers on
the Internet.  The level of attack is such that it is expected to
disrupt normal traffic on the Internet, at least between some, or maybe
many or all locations.   It is estimated to be capable of causing
20 Gigabits per second of network messages to be sent to a system or
network under attack.  By comparison, our campus network, which normally
can handle up to a 100 Megabits per second, is 200 times slower than
this.

Two weeks ago, Code Red infected 250,000 computers across the Internet
in 9 hours, then shut itself down temporarily.  It is expected to get
back to attacking and infecting networked computers this evening.

At UTC, we have taken extraordinary steps to attempt to identify all
Microsoft servers running IIS on campus and insured that they have been
patched to prevent the Code Red infection.  This means computer servers
at UTC should not be infected, therefore UTC will not become part of the
world wide Code Red problem on the Internet.

I'd like to thank Mike Ward of CECA, and Tony Parsley and Michael Torres
of Systems and Networks/ITD for setting aside other projects to spend time
to protect UTC's computers from the Code Red infection.

Code Red is an example of why it is critically important for Systems and
Networks to know about every server being run on campus.  We appreciate
the cooperation we have seen from departmental faculty and staff who run
servers.  If you run a server and believe we may not know about it,
please call the Help Desk (4000) and work with us to identify every server
in use on campus.

It is extremely important for *all* servers on campus to have security
patches installed very quickly after they are announced.  This is the
responsibility of the person who owns and runs each server.

It takes a lot of staff time to chase down servers and find the
administrator to install a patch, or worse yet, help clean up a machine
after it has been infected and compromised.  Perhaps worse yet, the
information on an infected machine may be in the hands of anybody in
the world. Or, the infected machine may be used to attack other machines
at other places, risking UTC's public reputation and, perhaps, creating
a liability for UTC.  ALL servers need security patches to be installed
proactively, right after they are announced, not weeks later or after
getting a call, for example, from Mr. Torres.

Please also note that access to the Internet, e-mail exchanges, access to
web sites, etc., may be affected by heavy traffic on the Internet caused
by Code Red infections and attacks.  We at UTC have done our part to stop
it's spread, but there will be others who have not.

Sincerely,
Richard
--
Richard L Gambrell, Director of Computing Systems and Networks
Information Technology Division, University of Tennessee at Chattanooga
Fax: 423-755-4150                Support Help-Desk: 423-755-4000
Direct phone: 423-755-5316       ITD Business Office: 423-755-5284
Mobile (urgent): 423-432-5122    Main UTC: 423-755-4111
Email: [log in to unmask]