Interval
Measurable lag developing about 9:30am Tue 18-Sep-2001.
Countermeasures apparently becoming effective around 17:30 Tue 18-Sep-2001 for
on-campus connections.
Off-campus problems persisted through to about 22:00 Thu 20-Sep-2001 when response was observed to be noticably improved. Approximate total outage 2.5 days.
Cause
A powerful new hybrid worm known as "W32/Nimda worm" or the
"Concept Virus (CV) v.5." is affecting the entire Internet.
You Can Help
Get FREE anti-virus software (NJIT students/faculty/staff). See
http://mailhost.njit.edu/announcements/outage.20010920.txt. Help us help you!
Losses
Exceedingly slow connections into and out of the NJIT Intranet. Frequently
connections timeout and result in an assortment of failures such as:
Minor but noticeable delays within the NJIT intranet, decreasing through out the day due to efforts of Telecom department. No e-mail or other data losses anticipated beyond inconveniently slow delivery.
Technical Details
Nimda combines multiple exploits including "Code Red" and "MIME
multipart/alternative" email propagation. See
Nimda Worm Advisory
and also
Code Red
as described by CERT.
Preventive Measures
NJIT has arranged for filtering with our Internet service providers (ISPs).
Updating or disabling internal systems for Intranet defense. There is
unfortunately very
little at all that can be done about the Internet beyond NJIT's own ISPs.
Private owners of systems running Microsoft IIS should disable this service or install latest updates from Microsoft to prevent their system from being infected and in turn spreading the worm.
Contacts
22:30 20-Sep-2001 /KJW