Staff report
CIRT has had a rough month, and its troubleshooters are working overtime to solve problems that have affected UNM users’ Internet access.
The UNM network has been experiencing intermittent connection problems from a variety of campus locations since the installation of new network equipment on May 19 in the Electrical Engineering and Computer Engineering Buildings.
The work included the expansion of the campus gigabit backbone. Since that times, users have experience slow or non-existent connections. The problems have affected systems on campus, dial-up access and branch campus connections.
CIRT representatives could not be reached for comment, but the CIRT Web site states that the department’s networking group is working to determine the cause of and solve the problems.
“CIRT is continuing to use every available resource to resolve the problem, but currently cannot give a reliable estimate of when the network will be back to normal operation,” the Web site states.
Get content from The Daily Lobo delivered to your inbox
The notice on the site added that updates will be posted at www.unm.edu/cirt/sysinfo-l as they become available.
“We apologize for any inconvenience this may cause anyone using the UNM Network,” the Web site stated.
CIRT also experienced technical difficulties at the end of the spring semester when a worm virus attacked the University’s Web servers. When students logged on to UNM’s I-TEL-UNM Web site to register for summer and fall classes during finals week, the site was either down or redirected them to a page that included explicit anti-government propaganda.
A group of hackers called the Honker Union of China has claimed responsibility for most of the attacks on American Web sites but, according to a report filed last week by Reuters, is ready to call a truce.
Dubbed the sadmind/IIS — after the exploits used — the worm targets computers running Sun’s Unix-based operating system Solaris to attack insecure versions of Microsoft’s Web server Internet Information Server (IIS).
The worm exploits a two-year-old vulnerability in Solaris systems and then installs software which in turn attacks servers running Microsoft’s IIS software that have not been updated with a patch to fix a seven-month-old security hole. Once the payload software has been installed on the Solaris system, it searches for IIS-based servers elsewhere on the Internet — possibly, say security experts, by scanning or by using a pre set range of IP addresses. Once the software has found an IIS-based server with the vulnerability still unpatched, it defaces any Websites hosted on that server.
The release of the worm coincided with an increase in activity by hackers supporting the two sides in the U.S. spy plane controversy. The incident prompted the escalation of political defacements by Chinese and U.S. hackers over the international incident.
For more information, contact the CIRT Support Center at 277-4848. The center is open from Monday through Thursday from 7:30 a.m. to 7 p.m., Friday 7:30 a.m. to 5 p.m. and Sunday from 1-5 p.m. After hours, call the CIRT Command Center at 277-4646.
