As you all probably noticed, we had some internet issues this week. The good news: none of it was Center related. The bad news: it was completely out of our control. The problem was a result of a “Distributed Denial of Service” (DDoS) attack on Pullman’s systems. Although I did notice some interference (pixelation) to an AMS seminar I watched on Wednesday, I’m not aware of any major issues with our video conferencing during all of this. For more information about what Pullman is doing about the problem, read the excerpt below. I’ve also written a short explanation of what a “Denial of Service Attack” is following the excerpt.
-Wendy
Details about the recent internet disruption
excerpt from the System Managers listserve notice
“As you are certainly aware, Pullman has experienced two network events which severely impacted network connectivity in Pullman and indirectly the other campuses. Yesterday’s event (10/17), from approximately 1:30pm until 4:24pm, and today’s event (10/18), which lasted from approximately 1:18pm until 2:59pm, is believed to have been caused by Distributed Denial of Service (DDoS) attacks using the Domain Name System (DNS) protocol. These attacks severely degraded the ability of the Pullman firewall to send information outbound to the K-20 and IRON networks and to the rest of the world.
ITS network engineering staff, in close concert with K-20 and IRON network engineers, have confirmed the issue is with Pullman’s firewall and not the K-20 or IRON networks. It is also unknown at this time as to whether the intended targets of the attacks was Pullman or the real target is some other institution and Pullman is simply a victim.
ITS network engineers have engaged with our firewall vendor, Palo Alto Networks, and the joint team is currently working through the firewall’s configuration and log files to determine the appropriate course of action to neutralize any future attack.”
Here’s a link to the WSU ITS blog article about the “WSU Network Connectivity Disruption.”
What is a Denial of Service Attack?
There are two types of Denial of Service Attack (DoS). The first is where either a single computer or network resource is made unavailable by a cyber attack allowing the attacker to indefinitely disrupt services. This is a more localized attacked involving a single machine (eventually may spread to others on the network), but can disrupt service to everyone on the shared network. We experienced this early this summer when a device in the physiology lab got attacked.
A Distributed Denial of Service Attack (DDoS) is more serious. This is where multiple services are attacked simultaneously causing a sudden increase in traffic effectively shutting out legitimate users from having internet access. Sometimes the attack and amount of traffic can be so severe as to shut the entire system down. This is the type of attack that Pullman (and us by association) faced this week. As you can see from the notice above, they are working to fix the problem, but it could take some time to completely return to normalcy.