This isn't geographically focused. My missing sites are in London.

... and the site Mat mentions is down from here.

Anyone other than Lawman back up yet?

All my sites are down as are my hosting company to. Just about the only thing I can access is webmasterworld! My servers are in London.

The link I posted is talking about massive Ddos attacks in the US, so this might be about DNS servers again, at least partially. If you switch DNS server, are the sites still 'down'? Can you ping your sites on IP number, or even bring them up in a browser on IP?

Mat

I have been told by my ISP that a large section of the UK is down right now. Went down at 4,30 this morning, lots of engineers running around like headless chickens from what I hear.
Interested in how many of us in the UK are down.

Mine are back down again. Grrr.

lawman

This seems to be a Global Problem.

It's getting worse. Sites that were up an hour ago are now down. I'm hoping WebmasterWorld stays up, as its the only place left that I can find to communicate on the problem.

And yes, it's global. I have sites down in the US, UK and the Far East.

The ONLY blessing is that some of my competitors are down.

I could have done without this!

This thread sheds some light ...

Just for the moment would anyone posting URLs pointing to news of what's happening please post a synopsis as well because I for one can't reach any of the sites so far mentioned. It's amazing I can get to WebmasterWorld....

Cut and paste the news please.

I think we could all do with out this. But at least with it being so widespread if Goggle is doing a major crawl it might be delayed. I too hope and pray that WebmasterWorld stays up.

It does make you question what is going on!

[news.google.com...]
[cnn.com...]

AP newswire reported around 6:45am EST and all news channels are carrying it

It's believed to be a world-wide attack
(though you know how the newspeople like to say "virus" when its really other means).
They say its very similar to the "Code Red" virus (isn't that a microsoft server only issue?)

Bush's internet advisor, Howard Schmidt, is quick to say its not "debilitating"
(but he's probably not trying to get work done on the internet right now eh?)

Cert is supposedly monitoring this, but there is no update on their site as of 7:15am EST.

[edited by: amznVibe at 12:17 pm (utc) on Jan. 25, 2003]

OK, I'll not cut and paste as I don't think the TOS allows that, but I've just read that this is being compared to Code Red.

The attack is going after SQL Server, but the scale of scanning and probing is so enormous that it's drowning servers indiscriminately.

Block port 1434 to stop it, if you're able to. This is apparently exploiting a bug that was discovered in July 2002 - MS released a patch, but it doesn't look to have been widely applied.

Mat

[edited by: mat at 12:13 pm (utc) on Jan. 25, 2003]

OK.... we know a hefty percentage of the web is down.

The question is, how long will it take to recover? Has anyone any feel, based upon previous similar incidents?

The ISP I spoke to thinks that we can probably forget about the best part of today, but should be up before tomorrow. He admits it's a guestimate based on other incidents.

Seems there is a decided lack of several regular posters too.....

Pendanticist.

I expect cutting and pasting news-wires breaks some copyright laws but in exceptional circumstances I should imagine they will take a benign view.

Of course the b*stards choose the weekend. Who's likely to have a not-patched-up-to-the-minute MS server? - smaller set-ups. Who's unlikely to have a server-tech in at weekends? Ditto.

This, I would guess, will reduce in scale enormously before too long - once the routers and pipelines have blocked the probing activity - but it ain't going away overnight.

So its an M$ security exploit huh? -- Gee, that's a shocker...

Nick

Yahoo quote Schmidt as saying - "People need to do a better job about fixing vulnerabilities".
Can say that again....

It is caused by a vuln, that allows 2 mssql servers to pingflood eachother, creating a network storm.

Looks more like a worm than a bunch of people actually doing it, but it kinda sets of a chain reaction..

[online.securityfocus.com...]

Trust crappy MS software to bring down the internet..

Seems the bandwidth is still increasing..my servers router in Florida is reporting about 75 Mbs coming in, up from 65 an hour ago - definitely alot being shutdown (MS that is) Did anyone ever confirm anything about the fiber cut or was that just a speculation at an isp?

Back up in London, but maybe on off for a while I have been informed.

>out crawling hard today

Sorry Robert - it was short lived. They sucked about 3k pages in an hour and called it quits. Either they shut it off because of the problems associated with the virus and net traffic, or it was just a 404 checker.

Looks like the BW eating is dying off...hopefully it will stay that way

I am still completely down, anytime we reconnect we are flooded out.

In the middle of writing this I have news that the attacks are now less intense and we may have some kind of service up soon.

try this [securityresponse.symantec.com] Symantec link

what a night.....

[edited by: lawman at 4:38 pm (utc) on Jan. 25, 2003]
[edit reason] fix sidescroll [/edit]

I see the problems too -- the Symantec link has good information on the subject. The problem is the DoS (excessive traffic) caused as the worm infects systems across the InterNet -- I have been getting more "hits" to my firewall (@port 1434) than anything else -- the web DNS services seem to have the most trouble, as I'm getting a lot of failed name resolutions.

The bad part of this is that it's a weekend here in the US, and I'm afraid that many of the infected systems may not receive attention until Monday -- unless the worm crashes their server... (anyone use AlertPage?).

In my case, my DNS provider is down, so name resolutions on my sites are all failing :( -- I too thought initially that someone kicked a cable somewhere because the problems appear to be widespread at this point --- blocking ports will only prevent the "spread" (propagation) of the worm --until patches are applied, and victims are cured, it could be a rough weekend... (or an opportunity, if you're lucky enough to be unaffected)... cjw

This W32/SQLSlam-A/SQLSlammer DoS Attack ground my network to a standstill at 5.35am this morning (UK).
Tech guys resolved it by 9.55am by bringing the infected MSSQL server off-line, and blocking all requests to port 1434UDP on the entire network.

More info here:
[microsoft.com...]
and BBC report here:
[news.bbc.co.uk...]

Things back to normal now - but even WorldCom, our most major backbone provider got stuffed!

Ouch!

It would appear that things are starting to ease - enquiries through our main site are back up towards a reasonably normal level again.

Our server was never down, so the lack of traffic must have been down to people not being able to get 'out' to the site, as opposed to finding it down.

Mat

Mat,
The co-locate MS-SQL server on our network was filling ALL our available bandwidth, and so, even though the Unix (and all other) servers were up & running, the huge reduction in available bandwidth (to virtually none) meant it was near impossible for anyone to connect to any server on our network!

Nice to know that M$ found this bug last July!

Will

Hi all

I'm in L. A. and had no problem connecting.
Out of curiosity I tried two of the posted links.
The second one I tried (www.internetpulse.net/)
caused ZoneAlarm to cease all connections which
in turn caused IE to return a fatal error message.

Had to do a reboot and after all checks were made
the system is fine.

I can't say if worm tried to invade but if there was
an attempt, it failed. :)

<added>No emil access though</added>
jaybee

ish,

posted that link about 4 posts earlier - interesting read!

regards,
will