Never a dull. I was wrangling with the PacketShaper all day, trying to get the student network to behave in any kind of reasonable fashion, and now I find that part of my Internet bandwidth problems were due to a veritable flood of spam that managed to be sent from a library computer through our e-mail gateway.
A few tens of thousands of spam messages were sent from LLYA019 through TAIKA, starting around 3:00 this afternoon. I don’t know how the spam malware gets the IP address of a good gateway to send its wares through, but I have two good guesses (and in case any nasties are reading this, I’m not going to elaborate — full disclosure of my thoughts, this ain’t). I didn’t discover this until just recently. I managed to clean up all the messages from the box still queued up on TAIKA (plenty, since I’d throttled outgoing SMTP from campus), and now the shaper reports a reasonable bandwidth utilization for that traffic class. I also blocked the infected box at both the shaper and the firewall, and I’ve seen no further mal-traffic from it (I also gave it a bogus IP in NetReg, with the hopes of kicking it off the net the next time it tries to renew its lease).
Tomorrow I need to stop mucking with the shaper and the firewall and get a handle on some other tasks in desperate need of my attention; perhaps Friday or next week I can get back to this and see if my tunings are having any kind of positive effect (without killing the rest of campus in their wake…). I can’t say I enjoy being on the student network, but it is instructive to feel their pain.
Posted by Rowan Littell at September 14, 2005 09:32 PM