Editor’s note: Local Tech Wire surveyed several Southeast companies involved in the SQL Slammer assault to see how they reacted and also assisted clients.
How one customer reacted to losing service: www.localtechwire.com/article.cfm?u=3208&k=03&l=21 Security, network service providers, and web hosting firms reacted aggressively to the outbreak of the SQL Slammer just a week ago.
They had to. Slammer spread quickly, clogging the Internet and forcing thousands of network administrators to reboot servers with the digital equivalent of Drano to get traffic moving once more.
Internap, the Atlanta-based firm that specializes in routing customers’ traffic across the Internet, said it not only monitored its own facilities and the Net but customer networks as well.
“When Internap becomes aware of a security threat, denial of service attack or other Internet performance affecting events, we will proactively notify our customers of the threat,” said Ali Marashi, Internap’s chief technology officer. “In the case of the SQL Slammer worm, we sent a general notice to customers informing them of the threat, explaining how the work works and what services it was affecting. Internap attached a link to the Microsoft web site where customers could download a patch to stop the SQL Slammer worm.
“We also took the additional step of determining exactly what customers were exhibiting tell-tale signs of the worm infection and contacting those customers,” he added. “Part of that notification was to again point those specific customers where to download a patch to stop the propagation of the worm”
At Peak 10, a web-hosting firm with four data facilities in North Carolina and Florida, staff was on the phone and on the Net warning companies that might get hit and helping clients that were.
“When we find out about any critical denial-of-service attacks that will affect our customers, we notify them immediately, as we did in this case,” said Peak 10’s Ben Griffith. “We also offer a service where we will apply service update patches for them.”
Peak 10 had already taken precautions against the threat. “We keep the latest updates and service packs installed as well as we protecting our network with proper firewall protection,” he said.
But clients with servers or data stored at a hosting firm such as Peak 10 or Springboard Managed Hosting in Cary often still have networks and servers at their own sites.
Springboard said none of its more than 160 clients were hit.
“We saw it coming long before last Saturday — and so did our customers,” said Jeremy Stanley, senior information security engineer at Springboard. “We take all virus alerts very seriously, keeping our servers up to date on all patches –“
Springboard’s monitoring equipment detected the outbreak early Saturday, and the company said it notified all customers about the problem and offered direction on what to do in the event “Slammer” penetrated their networks.
Internet Security Systems in Atlanta staked a claim as being the company that first discovered then named the worm as in erupted worldwide.
With a name right out of a super hero comic book, the ISS “X-Force” research and development group said it discovered the worm. Alerts were sent to various public agencies, such as the Department of Homeland Security, as well as its own customers, ISS said.
Unlike many companies, including Microsoft, which identified the potential problem hackers might exploit six months ago and issued a warning as well as a patch, ISS said it had modified its Dynamic Threat Detection Platform to keep the worm out.