Information Security News mailing list archives
FEMAs Love potion
From: William Knowles <wk () C4I ORG>
Date: Sun, 7 May 2000 18:13:47 -0500
http://www.fcw.com/fcw/articles/2000/0501/web-fema-05-04-00.asp BY Dan Caterinicchia 05/05/2000 The Federal Emergency Management Agencys remedy for the "ILOVEYOU" virus running rampant worldwide was to limit the size of incoming and outgoing e-mail messages at the agencys national firewall. G. Clay Hollister, FEMAs chief information officer, said being aware of the problem early and building that quick fix into the firewall helped limit the severity of the virus effect on the agency. "Our enterprise security manager and national e-mail administrator learned about it last night, and the first message with it arrived at about 8:30 this morning," Hollister said. "At 8:32 a.m., a throttle was built into our national firewall that limited any messages in or out to 10K...since they knew the message itself was about 15K." Hollister said FEMA only had to shut down one of its 20 exchange servers, which happened at 8:47 a.m., and the server was back up and running at 9:27 a.m. He said the firewall limits were taken off by 1:30 p.m., and only 145 machines were affected out of the agencys more than 3,000 machines nationwide. FEMA used a patch from Symantec Corp., which the agency downloaded at about 10 a.m. The patch encapsulates the infected files so that even the 145 infected machines are still operational, Hollister said. "The smartest thing they did, and what made all the difference, was putting that throttle in our national firewall at Mount Weather, [Berryville, Va.,]" he said. "It stopped it from propagating in or out." *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- FEMAs Love potion William Knowles (May 08)