From red run to red alert


From red run to red alert

Antony Adshead
Tarek Meliti, technical director of the TDM Group, which runs a managed hosting service was skiing down a red run at Zermatt, Switzerland, when he received a call from his management team in London with news that Slammer had hit them.

The company hosts servers for about 30 customers, but is not always responsible for updating software patches, a key factor in the spread of this code.

"The team had noticed that routers were not as responsive as they should be and started checking with upstream ISPs and bulletin boards for news of a problem. Then the news media publicised Slammer as the culprit after the FBI identified the worm, so we first blocked access at port 1434 and set about isolating the SQL network.

"Then we identified the worm and set about getting the patch, installing it and bringing the servers back on one-by-one when we were certain they were secure. We were back up in a few hours.

"Those most affected will have been those not in at weekends, which means the knock-on slowing of the internet is prolonged."

Anti-worm advice
  • Ensure patching is up-to-date, though you must also ensure the patch itself does not contain harmful bugs

  • When news breaks block access at the firewall

  • Split your team: one team isolates affected machines, the other researches the virus and how it works

  • Apply remedial action to affected machines

  • Once you are entirely happy they are safe bring them back on.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy