Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

utv br0ke?

  • 25-01-2003 9:32am
    #1
    Registered Users, Registered Users 2 Posts: 10,846 ✭✭✭✭


    Can't get onto any of their sites here from work, ping requests time out, can't get my mail....

    Couldn't browse the web or get my mail at home this morning....anyone else getting this?


Comments

  • Closed Accounts Posts: 160 ✭✭Mark_irl


    Same here very bad,


  • Registered Users, Registered Users 2 Posts: 10,846 ✭✭✭✭eth0_


    It's not UTV, it's the internet at large, was attacked around 5am so a lot of sites are down.


  • Closed Accounts Posts: 160 ✭✭Mark_irl


    So I just read, sad cases


  • Registered Users, Registered Users 2 Posts: 15,544 ✭✭✭✭Supercell


    Where did you read that?, any links?

    Have a weather station?, why not join the Ireland Weather Network - http://irelandweather.eu/



  • Closed Accounts Posts: 3,082 ✭✭✭Chris_533976


    Worldcom are in bits this morning. I've heard just about their entire American East Cost network is down, which handles 45% of all American traffic.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 10,846 ✭✭✭✭eth0_


    Originally posted by Longfield
    Where did you read that?, any links?

    http://average.matrix.net/Daily/markR.html

    m33p!


  • Closed Accounts Posts: 649 ✭✭✭The Cigarette Smoking Man


    More info on it here:

    http://www.webhostingtalk.com/showthread.php?threadid=107128

    Apparently 5 of the 13 root DNS servers were down at one point. Wonder if it has anything to do with the current US foreign policy decisions....

    Looks like Cogents network in the US was down for four hours last night, but that's hardly suprising.

    More news here:
    http://www.cnn.com/2003/TECH/internet/01/25/internet.attack.ap/index.html


  • Registered Users, Registered Users 2 Posts: 23,212 ✭✭✭✭Tom Dunne


    I've been called into work - they say it's some kind of worm. It is having a devestating effect on the whole company, both here and our all our sites in the US.

    Anybody have any specific info - I can't get to those web sites listed above.


  • Closed Accounts Posts: 649 ✭✭✭The Cigarette Smoking Man


    What ISP is your company using?

    Here's the text of the CNN article:
    WASHINGTON (AP) -- Traffic on the many parts of the Internet slowed dramatically for hours early Saturday, the apparent effects of a fast-spreading, virus-like infection that overwhelmed the world's digital pipelines and interfered with Web browsing and delivery of e-mail.

    Sites monitoring the health of the Internet reported significant slowdowns globally. Experts said the electronic attack bore remarkable similarities to the "Code Red" virus during the summer of 2001 which also ground traffic to a halt on much of the Internet.

    "It's not debilitating," said Howard Schmidt, President Bush's No. 2 cyber-security adviser. "Everybody seems to be getting it under control." Schmidt said the FBI's National Infrastructure Protection Center and private experts at the CERT Coordination Center were monitoring the attacks.

    The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp., called "SQL Server 2000." But the attacking software code was scanning for victim computers so randomly and so aggressively -- sending out thousands of probes each second -- that it overwhelmed many Internet data pipelines.

    "This is like Code Red all over again," said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. "The sheer number of attacks is eating up so much bandwidth that normal operations can't take place."

    "The impact of this worm was huge," agreed Ben Koshy of W3 International Media Ltd., which operates thousands of Web sites from its computers in Vancouver. "It's a very significant attack."

    Koshy added that, about six hours after the attack, commercial Web sites that had been overwhelmed were starting to come back online as engineers began effectively blocking the malicious data traffic.

    "People are recovering from it," Koshy said.

    Symantec Corp., an antivirus vendor, estimated that at least 22,000 systems were affected worldwide.

    "Traffic itself seems to have leveled off a little bit, so likely only so many systems are exposed out there," said Oliver Friedrichs, senior manager with Symantec Security Response. The attacking software, technically known as a worm, was overwhelming Internet traffic-directing devices known as routers.

    "The Internet is still usable, but we're definitely receiving reports from some of our customers who have had it affect their routers specifically," Friedrichs said.

    The attack sought to take advantage of a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the problem "critical" and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.

    "People need to do a better job about fixing vulnerabilities," Schmidt said.

    The latest attack was likely to revive debate within the technology industry about the need for an Internet-wide monitoring center, which the Bush administration has proposed. Some Internet industry executives and lawyers said they would raise serious civil liberties concerns if the U.S. government, not an industry consortium, operated such a powerful monitoring center.


  • Registered Users, Registered Users 2 Posts: 10,846 ✭✭✭✭eth0_


    It's using UDP port 1434, http://average.matrix.net/Daily/markR.html

    Seems to be recovering a little


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 511 ✭✭✭Nuphor


    3 domain's of mine have gone down. Mail servers, ftp servers the whole freaking lot. This is one hellova a DOS attack.

    For the love of jesus, anyone with hosting here get their admins to download SP3 for MS SQL Server.

    http://winxp.bink.nu/


  • Closed Accounts Posts: 649 ✭✭✭The Cigarette Smoking Man


    UUNet/Worldcom are still experiencing problems:

    http://www.internetpulse.net/


  • Registered Users, Registered Users 2 Posts: 511 ✭✭✭Nuphor


    Maybe CS 1.6 is out? Heh. Things are still not working. I can't call hostroute either. God damnit.


  • Registered Users, Registered Users 2 Posts: 3,739 ✭✭✭BigEejit


    Heh .. this thread was the first I heard of it ... I was cursing twinhead for their web****e ... it looked like it was being served from a 286 or something ... I'll have a go again next week for those sound drivers...


  • Registered Users, Registered Users 2 Posts: 511 ✭✭✭Nuphor


    Update: All 3 domains have come on back again. Looks like hostroute got my mail. DNS server issue.

    I'm happy again.


  • Closed Accounts Posts: 649 ✭✭✭The Cigarette Smoking Man


    Here's a good summary of what's up (taken from the Webhosting talk site):
    At approximately 2130hrs (PST) or 0530hrs (GMT) an
    apparent worm (still being analyzed for payload content)
    began distributing itself across the Internet via port
    1434/UDP (Microsoft-SQL-Monitor). It apparently is
    making effective use of the buffer overrun security issue
    as outlined in http://www.intelenet.net/news/mssql-udp.txt

    So far several of the major backbone providers have gone
    down due to the nature of how this system propigates.
    Since it is using UDP across a blanket of IPs (no
    specific target), routers, switches, and other network
    devices are being flooded with the UDP port openings.
    Most router CPUs were maxing at 100% and began dropping
    ASN advertisements causing huge segments of the Internet
    to "flap" in place.

    All major backbone providers are rapidly installing port
    1434/UDP filters at all borders and within colocation
    spaces to attempt to isolate this as fast as possible.

    Current speculation is that stopping and restarting the
    SQL process will clear the worm until another hit is
    made. Suggest not only patching your SQL server
    (assuming that there is a patch for this) as well as
    installing any firewall rules that you can to filter out
    BOTH inbound and outbound port 1434/UDP.


  • Closed Accounts Posts: 2,161 ✭✭✭steve-hosting36


    Bit more here, we were effected also:

    http://hosting365.ie/phpBB2/viewtopic.php?t=126


  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    It looks like we've all been affected:
    http://www.blacknightsolutions.com/mrtg

    quite scary!


  • Closed Accounts Posts: 649 ✭✭✭The Cigarette Smoking Man


    Looks like you had a busy morning :)

    Are there any graphs of all of the traffic in DEG (like Rackshacks)?


  • Registered Users, Registered Users 2 Posts: 1,862 ✭✭✭flamegrill


    You could say we were kinda busy since about 9am :p

    well over 150GB of data fired at our boxes today.

    Its crasy.

    Paul


  • Advertisement
  • Closed Accounts Posts: 2,161 ✭✭✭steve-hosting36


    Nope, DEG do not make their transit figures public, but I can tell you that our chunk (the bit boards is also on) was hit with 100mbps this morning, which we have throttled to about 20Mbps atm.


Advertisement