News

From red run to red alert

Antony Adshead
Tarek Meliti, technical director of the TDM Group, which runs a managed hosting service was skiing down a red run at Zermatt, Switzerland, when he received a call from his management team in London with news that Slammer had hit them.

The company hosts servers for about 30 customers, but is not always responsible for updating software patches, a key factor in the spread of this code.

"The team had noticed that routers were not as responsive as they should be and started checking with upstream ISPs and bulletin boards for news of a problem. Then the news media publicised Slammer as the culprit after the FBI identified the worm, so we first blocked access at port 1434 and set about isolating the SQL network.

"Then we identified the worm and set about getting the patch, installing it and bringing the servers back on one-by-one when we were certain they were secure. We were back up in a few hours.

"Those most affected will have been those not in at weekends, which means the knock-on slowing of the internet is prolonged."

Anti-worm advice
  • Ensure patching is up-to-date, though you must also ensure the patch itself does not contain harmful bugs

  • When news breaks block access at the firewall

  • Split your team: one team isolates affected machines, the other researches the virus and how it works

  • Apply remedial action to affected machines

  • Once you are entirely happy they are safe bring them back on.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy