Distributed Computing Support
Management Team


Meeting Minutes

August 20, 2003
(Emergency DCSMT Meeting)

Members
Joe Adamo (Computing and IT Center), Troy Bacon (AVP Finance and Business Affairs and Controller), Craig Berry (School of Visual Arts), Ginger Boone (University Union), Allen Bradley (Computing and IT Center), Sandy Burke (Computing and IT Center), Tim Christian (College of Arts and Sciences), Chu Chuah (School of Community Service), Wil Clark (UNT System Center @ Dallas), Jim Curry (Microcomputer Maintenance/Classroom Support Services), Cyndie Harris (UNT Facilities), Mike Hatch (College of Business Administration), Pamiela Hight (UNT Libraries), Elizabeth Hinkle-Turner (Student Computing Committee, Computing and IT Center),  Paul Hons (College of Education), Abraham John (VP Student Development), Kirk Kelly (Housing), Brenda Kirk (Computing and IT Center), Maurice Leatherbury (Chair, Executive Director of Information Technology and Academic Computing), Burton Lee (College of Music), Mike Maner (Computing and IT Center), Gary Mathews (School of Library and Information Science), Dallas Newell (Registrar's Office), Bruce Pollock (ABN LAN Mgmt), Chris Strauss (Computing and IT Center), Brad Varcoe (Police and Traffic), Mike Wright (Computing and IT Center), Roy Zumwalt (Texas Academy of Math and Science)

Members Present
Joe Adamo (Computing and IT Center), Troy Bacon (AVP Finance and Business Affairs and Controller), Craig Berry (School of Visual Arts), Ginger Boone (University Union),  Tim Christian (College of Arts and Sciences),  Chu Chuah (School of Community Service), Wil Clark (UNT System Center @ Dallas), Jim Curry (Microcomputer Maintenance/Classroom Support Services), Mike Hatch (College of Business Administration), Pamiela Hight (UNT Libraries),  Elizabeth Hinkle-Turner (Student Computing Committee, Computing and IT Center), Paul Hons (College of Education), Kirk Kelly (Housing), Brenda Kirk (Computing and IT Center), Burton Lee (College of Music), Mike Maner (Computing and IT Center),  Dallas Newell (Registrar's Office), Gary Mathews (School of Library and Information Science), Bruce Pollock (ABN LAN Mgmt), Chris Strauss (Computing and IT Center), Brad Varcoe (Police and Traffic), Mike Wright (Computing and IT Center) 

Guests
Rich Anderson (Computing and IT Center), Patrick Dolan (Computing and IT Center), Dan Glass (Computing and IT Center), Axton Grams (Computing and IT Center), Jason Gutierrez (Computing and IT Center), Lance Harris (Computing and IT Center), Lee Haughton (Facilities), Scott Jackson (Libraries), Matt Kernan (Computing and IT Center), Jason Myre (Computing and IT Center), Steve Radcliffe (School of Visual Arts), Charlotte Russell (Computing and IT Center), Dennis Scroggins (Computing and IT Center), Scott Windham (Computing and IT Center)

This emergency meeting was convened by the Information Security Team.

Effects of Blaster/Nachi Worms on the Network
The large amount of ICMP traffic resulting from machines infected with the Welchia/Nachi worm caused the CPU utilization on the router to increase dramatically. Datacom reported that the UNT Denton Campus Core Router which usually runs at about 25% CPU utilization approached 75% CPU utilization. This is believed to be a direct result of approximately 200+ Nachi infected PC's across campus. If unchecked the infection could increase the CPU utilization to a point where the core router will cease to function reliably resulting in loss of service to random network segments across UNTNET.

This emergency meeting was called to in order to ask network managers to give a briefing on the current status of infected machines on their networks, to discuss any problems they had encountered and to find ways to resolve any issues.

Fluctuations in router utilization has ranged from 60-90% and in some cases 100% (as of 8-20-03).

DCSMT areas are locating infected machines and patching them.  Most areas are nearly completely patched while some have not been affected.  Due to the large number of infected machines in some areas, non-computing support staff have been requested to assist in the remediation effort. There has been difficulty in locating some machines.

In other areas, machines suffer from partial infections.  It is recommended that all infected machines be wiped to due to the payload of the Blaster worm (hacker tools are also installed when the worm infects a machine).  

DCSMT asked why ICMP traffic was not blocked (traffic resulting from machines infected by Nachi).  This solution was discussed by Datacom and Information Security but it was determined that while the recommendation would stop the pings it would not remediate the machines.  (A catch-22 situation).

Datacom is in the process of manually shutting down the ports of machines that are spewing ICMP traffic.

COBA is now requiring that machines in the Business Administration building be registered on their network.

Areas which need assistance should contact Information Security as soon possible.

The meeting began at 3:00 and adjourned at 4:00.

 


Return to Distributed Computing Support Management Team Home Page.

Page last modified on October 16, 2003.  Send comments to Maurice Leatherbury.