Early this morning, networks across the world were hit hard by the "SQL Slammer" virus that exploited a vulnerability in Microsoft's Sequel Server 2000. AT&T was forced to shut down a portion of their backbone that affected our connectivity to the outside world for much of Saturday. Additionally, several tenant machines in the CRC were affected by the virus causing them to broadcast constantly and flood our network backbone. These computers were disconnected and the network returned to a normal operating status around 10pm. Please check all servers running SQL Server 2000 and ensure that they are protected from this virus. Patches are available from Microsoft and other security-related websites. Networks elsewhere are still being affected by the virus so you may experience slow connections to such affected networks.
 

August 8, 2002
 

Garvin BLDG had a switch failure causing some network outage both to the internet and internal. The switch was replaced with a spare switch. Time of outage approx 1645, service has been restored as of approx 1735 today.
 

February 7, 2002 11:20
 

Last night a Linux computer of one of the tenants in the park was compromised and began scanning ip addresses in a massive fashion for vulnerabilities. While the network itself was not overburdened traffic wise, this did cause some sort of problems at our router which was trying to process connections at a massive rate. In trying to process these connection attempts, most of which failed, the router's cpu was operating at over 99%, starting at around 8am this morning.

This sort of problem is hard to figure out, but we did, closed down the port of the offending computer, and all is well again.

This is the second time this week that Linux computer/servers have been hacked in the park and caused problems. We'd like to inform our users that while Linux or any other UNIX flavor are good stable operating systems, they require constant vigilance for security holes that are easily exploited. Many of the companies here at the Park don't' have the in-house expertise to manage this type of server, so it is not recommended that these are implemented unless you have the time, money, and expertise to manage these servers.

Please take this as a warning and to contact your UNIX sysadmin to have them check for recent patches. Configure your machines to listen only to necessary ports. Disable telnet and all unnecessary ports.

The CRC sysadmin reserve the right to shut down any portals that are producing problems for our network here.

Self Serving Adverstisement

Biz Net Technologies, and possibly other companies here at the Park, offer sysadmin services for UNIX or Windows Servers. Please don't hesitate to call on us for any services that you don't have the in-house expertise to handle. An ounce of prevention is worth a pound of cure.

http://home.bnt.com, 961-7560
Doug Mauer
hostmaster@vtcrc.net
 

January 30, 2002 09:23
 

ATT fixed their problem. The problem was that two of the router interfaces on their end were dropping packets but didn't shutdown the interface. This caused 1/2 of our connection attempts to fail since our router thought all four interfaces were working, it continued to try and send traffic on the bad interfaces. We shutdown the two that were not working and traffic began to flow on the other up to 3 mbps. Our auto-alarm system could not have caught this, only folks complaining. Please don't hesitate to let us know about problems. All looks good now, we'll continue to monitor closely with human eyes.
 

ATT circuit. Two of the T-1's are dropping packets at ATT end. They are informed and will be up asap. We've shutdown the two bad interfaces, network traffic is flowing, slowly.