Print

Print


Just passing along some information regarding multiple network issues this
AM:

--------------------------------------
"As of 12:42 AM we began experiencing serious network issues, both on and
off campus connectivity was impacted.

We have tracked at least part of the problem to what appears to be an SQL
worm attacking on UDP port 1434 which enacted what looks like a DOS attack
on the firewall.

We have found at least 3 infected machines which have been removed from
the network  (ports have been shutdown) :
 132.198.166.42
 132.198.224.82
 132.198.2.100

At this point, connectivity through the firewall to off-campus locations
has been restored; performance may be somewhat spotty.

Connectivity to central campus systems on the 101 network from off-campus
has been restored; with occasional drops.

Connectivity to systems on campus through the firewall are still not
reliable (this would mean any systems behind the firewall with waivers).
We are working with Cisco to resolve this problem.

Connectivity to parts of campus (Given, other locations) is still
disrupted; this is being restored now and will hopefully be back soon.

We have blocked all traffic to and from campus on UDP 1434.

We have blocked all traffic on this port from reaching the firewall from
on-campus connections as well."
--------------------------------------