If you don’t see many images on the site, then the UNC network is still down. It’s suffering through its second attack of the of the day, thanks to what appears to be a modified version of the Randex virus. I save on bandwidth charges by hosting most of my images files on the UNC servers, but when the network goes, so do they.
We think it’s a modified version of Randex due to the fact that the virus initially slipped through what were fully up-to-date filters, yet it shares many of the same characteristics of the orginal Randex; Netbios scans, attempts to crack weak passwords, trying a DOS attack on an anti-spam site, etc. The first attack happened last night on the stroke of midnight, the second at noon today. We’ve stopped the Netbios scans it uses to propagate at out our border routers, so the virus hasn’t propagated outside of the internal UNC network, and we’ve also managed to prevent the DOS attack from hitting its intended target, but the amount of internal traffic is hellishly large right now.
So, nothing works. When I left an hour or so ago, people were wandering aimlessly around the halls, waiting for the network to come back up. Since we didn’t recover from the midnight attack until seven this morning, they’re probably in for a bit of a wait.
What’s unnerving about the attack is that it came from computers that did not participate in the midnight attack. The original attackers were disconnected from the network and penalty-boxed as each was tracked down, where they have since remained.
So this newest attack came either from machines penetrated by the virus last night, or there are more infected machines on campus than we originally realized, and they don’t always participate in an attack.
Either way, I suspect the network admins aren’t looking forward to the witching hour tonight.