Network struck down in server 'firestorm'

After Perth-based construction company BGC had its network crippled by broadcast traffic originating from Windows servers its IT director has labeled them "bots" which pose a risk to the organization.

BGC IT director Andrew Buckeridge experienced a "firestorm" last month when one of his administrators identified "strange" network traffic which chewed up resources on Cisco switches and other Unix systems.

While the exact cause of the problem is yet to be determined, the problem did originate from the Windows servers because when they were isolated the problem ceased. But Microsoft believes the problem is architectural or related to configuration.

"It should be a virus with a name now that it has peaked - that is the Microsoft bot net has now been upgraded," Buckeridge said. "We had an issue with Windows 2003 where it overloaded our switch with broadcast traffic perhaps because it saw non-Windows boxes."

Buckeridge was blunt in his assessment of people who allow a Microsoft Windows machine to reach the Internet, or be reachable from the Internet, saying they should be dealt with "in the same way as arsonists".

"Willful damage does not put lives at risk, but arson and the use of Microsoft Windows on the Internet can put lives at risk," he said. "The Internet has become are large network of Windows machines that relay spam. Some spam will only impair electronic communications by rendering an inbox useless, but some is much worse."

Buckeridge believes incidents like this "harmful relay" are signs that Microsoft Windows is now approaching the limits of acceptability.

"I call this the eXtreme Pressure limit which Windows XP now exceeds," he said. "You want these things to work rather than fight you."

While he's had offers to discuss problems directly with Microsoft, Buckeridge said he would have "no idea where to start".

"I don't want to stir them up, I just want to have nothing more to do with them," he said. "You could ask Sun for a source code, including non-free parts and get it by paying a fee and entering a non-disclosure agreement that is not bad. The MSDN NDA makes MSDNs an accessory to crime."

Microsoft Australia's chief security officer Peter Watson said BGC's problems a likely to be architectural or related to configuration because Windows Server is well "locked-down" and the security configuration wizard helps determine what the server is being used for.

"We help customers with base-level configuration options but people still need to do a little bit of analysis themselves to determine if there is anything specific they need to do on top of that," Watson said, adding this will take users a long way to avoid getting into such situations.

Watson also recommends proper network segmentation and DNS validation to help prevent spam, both of which are available in Windows Server.

"There are so many potential threats out there, and because organizations have opened up more of their networks you need to look at security from an architectural standpoint," he said. "Anyone [solely] relying on a firewall and anti-virus software is putting the organization at risk. It needs to be looked at holistically."

In addition to making security information available on its Web site, Watson said Microsoft's help desk and security response teams are always available to help customers in need.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CiscoHISMicrosoft

Show Comments