Author: admin

Thu Jul 26 08:25:55 PDT 2001 — Happy birthday to Sonic.net! Domain Name: SONIC.NET Record created on 26-Jul-1994.

As we begin our eighth year, I’d like to thank our customers and our staff for their ongoing support and contributions. We’re now serving about 20,000 users, and have 45 employees. Sonic.net hosts 5000 websites, and over 2500 of our customers have PacBell DSL or BroadLink wireless broadband connections. Over a thousand customers are served by T1 or T3 dedicated circuits that Sonic.net provides to their employers. Sonic.net was listed this year in the Press Democrat’s “Sonoma County 200” business listing of top revenue producers in the county.

Over the years, our customers have always had very nice things to say about the care they receive from our staff here. For this, Scott and I would like to thank all of the people who work hard here to resolve problems, communicate with customers, build and maintain systems and software and manage and sell accounts.

As we continue to grow, we hear on an ongoing basis from our new members that they received numerous recommendations from existing customers for our services. We appreciate your support very much, and we will continue to strive to deliver a valuable and reliable service that you’ll be proud to recommend and to use.

Dane Jasper, Co-founder and CEO Scott Doty, Co-founder and CTO

Wed Jul 25 20:26:43 PDT 2001 — Another unexpected Redback Router crash, which affected PacBell ADSL and Broadlink WDSL customers between 8:09pm and 8:20pm. This appears to be the same ‘crash’ that affected us on Jul. 10th, that being a known bug in Redback’s current ‘General Deployment’ release of the router’s software. There are no known workarounds at this time, but the Sonic.net Operations team will be pressing Redback’s Support more vigorously in an effort to prevent downtime of this kind. – Eli, Kelsey

Wed Jul 25 16:04:30 PDT 2001 — Code Red audit – Yesterday afternoon, Sonic.net pro-actively audited our co-located customers’ networks, and our DSL-connected networks. The software connected to customer machines on port 80, and retrieved the Web Server software version they were running. We discovered 25 servers that were vulnerable to the Code Red worm, and notified the server administrators. – Eli, ScottR

Mon Jul 23 11:12:02 PDT 2001 — “SirCam” Virus outbreak. Yet another nasty virus is in the wild that spreads itself via MS Outlook & Outlook Express. The virus may do a number of very bad things to an infected system, including emailing random documents to every one in your address book, using up all of the free space on your hard disk, or possibly even deleting all of your files. There is more information on this virus at news.cnet.com/news/0-1003-200-6625286.html

We are filtering the SirCam virus based on a number of unique strings that always appear in an infected email. -Kelsey

Thu Jul 19 17:30:29 PDT 2001 — “Code Red” worm foiled. The “Code Red” worm was supposed to flood www.whitehouse.gov at 5pm PDT. Sonic.net staff was standing by waiting for any sign of trouble — and encountered a non-event. It turns out that, to foil the worm, www.whitehouse.gov’s IP address was changed, and some backbone providers filtered the old IP address at their borders. (A traceroute showed the old address being blocked at the other end of our UUNet T3.) Since the worm couldn’t contact the web site, the denial of service attack never happened. Meanwhile, an analysis of our web logs showed that three Sonic.net customers were infected with the worm, who we are in the process of contacting. -Scott, Kelsey, Eli

Thu Jul 19 14:26:39 PDT 2001 — “Code Red” worm results. As you may have already heard, the tenacious “Code Red” worm is winding its way through the Internet. The worm propagates via Microsoft IIS web servers, so Sonic.net web servers are invulnerable to the worm.

However, that doesn’t prevent the worm from trying to break into Sonic.net’s web servers. We are currently logging about two such attempts a second, and there have been over 33170 such attacks since midnight. Again, Sonic.net servers are unaffected by these attacks. This is obviously a very tenacious worm, and we recommend that IIS administrators ensure that their installations are up-to-date.

For more info about the “Code Red” worm, please visit the following news story:

news.cnet.com/news/0-1003-200-6616583.html

Update: as of now (3:10pm), 32840 unique hosts have attempted to break into our web servers, each which is almost certainly running a copy of the worm.

-Scott, Kelsey, Eli

Wed Jul 18 17:58:59 PDT 2001 — Strange routing problem. The issue earlier today turned out to be due to a strange denial of service attack (DoS) sourced from a colocated customer. Bandwidth used by the attack, at times, exceeded 60 megabits/sec. Neither our DoS detector or the usual graphs showed the DoS, as the traffic took a path through new parts of our redundant network. We know now where to look for this type of attack, and will be watching for it in the future.

As part of troubleshooting this issue, we rebooted our core switch — unfortunately, the Black Diamond crashed on boot. Booting the other image stored in the switch worked — however, it is newer code, from which we’ve seen some problems before related to icmp. (It is, however, a general deployment release of the BD’s OS.) We also discovered some curious misbehaviors that it exhibits with our server vlan, discovered a misconfiguration in one of the core router’s Fast Ethernet interfaces, optimized routing for our mail servers, and generally gave the network a serious once-over.

-Scott, Kelsey, Eli, Nathan, Russ

Wed Jul 18 13:36:38 PDT 2001 — Strange routing problem. We have disabled one of our edge routers in response to intermittent packet loss between our internal network and the edge. We are still determining the source of the trouble. For the time being, Internet performance may be impacted. We will update as soon as we have a resolution or ETR. – Scott, Eli, Kelsey

Fri Jul 13 13:31:45 PDT 2001 — Our MySQL accounting server is offline right now for emergency maintenance. While it is down our member tools are inaccessible but all of our services should otherwise be unaffected. We should have it back online in 10 to 20 minutes. -Russ and Kelsey

Wed Jul 11 13:08:08 PDT 2001 — We received a response from RedBack about a the crash yesterday. Apparently we tickled a known bug in the new OS release which is slated to be fixed in the ‘next major release.’ We are currently investigating to see if there are any workarounds so we can prevent the same crash from occurring until we have a new OS. -Kelsey