LISTSERV - UTCSTAFF Archives

UTCSTAFF Archives

January 2003

UTCSTAFF@RAVEN.UTC.EDU

	LISTSERV Archives
	UTCSTAFF Home
	UTCSTAFF January 2003

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: UTC network problem
From:	Richard Gambrell <[log in to unmask]>
Reply To:	Richard Gambrell <[log in to unmask]>
Date:	Sun, 26 Jan 2003 11:13:43 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (113 lines)

Here is aupdate on the network.  Sunday morning the campus
network continues to be stable, however, there remain a few issues.

utconline, which runs Blackboard, the Online Course system, has
been down since Sat. evening.  We do not believe it is infected,
but it may have suffered from the extensive network effects of the
MS SQL worm attack since it does run the MS SQL database.

We know there are 3 network switches in Grote that have been
disabled to prevent the MS SQL worm from attacking the network
and from spreading further.  This means a number (up to 150) of
computers and servers in Grote will not have access to the campus
network.

Any campus or academic services that depend upon MS SQL may
not be working.  This includes the EMS room reservation system,
Blackboard, and the LIbrary's Illiad interlibrary loan system, but it also
include other departmental servers probably used for classes and labs.

We will restore these services as soon as practical, but only after
we can verify that it is safe to do so.  In some cases, faculty or staff
needed to correct a problem may not be available until Monday.

The world wide Internet continues to have a health status of Yellow,
as assessed by the Internet Storm Center, which means there are some
slowdowns and some failures to connect.

There are articles in the media about this worm, including Sunday's Times
Free Press.  There is a CNN store at:
http://www.cnn.com/2003/TECH/internet/01/25/internet.attack/index.html

There is a nice graph about the spread of the worm and the obvious
effects of network and system administrators working to reduce it's
effect at http://isc.sans.org/port1434start.gif .

I'll post another message when there is news.

Richard

Richard Gambrell wrote:

> Thanks to Jeff Kell's hard work today, the campus network and Internet
> access has been stabilized and is now working.   The problem was due
> to a new Internet worm that is spreading extremely rapidly across the
> Internet by attacking servers running MS SQL database.
>
> Several servers on campus that use MS SQL were vulnerable and have
> become infected.  As a result, there are a few network switches in Grote
> that had to be disconnected from the campus network and, to defend
> the campus network, we have had to temporarily block MS SQL
> communication between buildings on campus.   The result is that
> some network jacks in Grote will not be working and any service that
> depends on MS SQL will (likely) not be working.   We will remove these
> as soon as we can verify it is safe to do so.
>
> We are in the process of identifying and notifying the system administrators
> responsible for the infected machines, so they can fix them.  This experience
> illustrates the importance of following good practices in maintaining *all*
> campus computer servers.
>
> We have posted additional technical information about the MS SQL worm
> on the UTCIT mailing list that is used to discuss and share technical
> matters related to information technology on campus.
>
> Due to the ongoing effect of the MS SQL worm across the Internet the
> Internet Storm Center currently lists the health of the Internet as Yellow,
> downgraded one level from Green.  This means, at times, access to Internet
> resources may be slower than normal or may not work at all, which this
> worm persists.
>
> Richard
>
> Richard Gambrell wrote:
>
> > There is a problem with the UTC network reaching the
> > Internet and, at times apparently, internal campus network
> > issues that may be a result.  Access to campus network
> > servers may be slow.
> >
> > The world wide Internet is experiencing a serious denial
> > of service attack and some UTC servers have been experiencing
> > serious performance degradation from that.
> >
> > We are working on the campus network problems. We will
> > also take action to protect the campus network from Internet
> > vulnerabilities as best we can.
> >
> > Richard
> > --
> > Richard L Gambrell, Director of Computing Systems and Networks
> > Information Technology Division, University of Tennessee at Chattanooga
> > Fax: 423-425-4150                Support Help-Desk: 423-425-4000
> > Direct phone: 423-425-5316       ITD Business Office: 423-425-1755
> > Mobile (urgent): 423-432-5122    Main UTC: 423-425-4111
> > Email: [log in to unmask]
>
> --
> Richard L Gambrell, Director of Computing Systems and Networks
> Information Technology Division, University of Tennessee at Chattanooga
> Fax: 423-425-4150                Support Help-Desk: 423-425-4000
> Direct phone: 423-425-5316       ITD Business Office: 423-425-1755
> Mobile (urgent): 423-432-5122    Main UTC: 423-425-4111
> Email: [log in to unmask]

--
Richard L Gambrell, Director of Computing Systems and Networks
Information Technology Division, University of Tennessee at Chattanooga
Fax: 423-425-4150                Support Help-Desk: 423-425-4000
Direct phone: 423-425-5316       ITD Business Office: 423-425-1755
Mobile (urgent): 423-432-5122    Main UTC: 423-425-4111
Email: [log in to unmask]

ATOM RSS1 RSS2

RAVEN.UTC.EDU