Ticket Number: HEA-NOC/20040710-3 Ticket Status: UPDATE
Ticket Type: unscheduled Resolver: HEA-NOC
Ticket Opened: 20040710 15:25 UTC+1 Problem Start: 20040710 10:00 UTC+1
Ticket Update: 20040804 10:49 UTC+1 Problem End:
Webserver on videoconferencing gateway was inaccessible
20040710 15:23 CMC Logged in to kellygk via VNC, applied pending windows
update, rebooted gatekeeper.
20040710 15:27 CMC On reboot machine found to be compromised. Machine now
shut down, examining other Windows servers now.
20040710 15:48 CMC Affected machines has now been physically unplugged, no
other servers found be affected.
20040715 16:17 WD Full Format/Reinstall required.
20040719 09:30 SOB Machine compromised with the egg drop IRC bot. Full
format and reinstall required.
Hardware doesn't have any PS2 ports or CD ROM drive, support contacted for
details on reinstalling.
Support(First connections) recomend removing hard drive and copying an
image on to it, I informed them we do not have the equipment to do this.
They will be onsite to carry this out on thursday the 22nd of July.
For now the Global ECS Secondary (That was recently removed from service)
was set up as our primary Gatekeeper and given kelly.heanet.ie and
220.127.116.11 as its address information by AB.
This machine would not detect the gateway (18.104.22.168). Support
re-enabeled DHCP on the gatekeeper and informed us that this was required
for the dynamic way in which the gatekeeper and gateway communicate. The
machine was then rebooted and the Gateway registered sucessuflly.
We then carried out some ISDN tests with support. It all seems to work
There should be no adverse effects to our clients now, Gateway, MCU and
Gatekeeper are all up and running fine now.
Will update ticket again when support are onsite.
20040721 16:50 SOB Maintaince was scheduled for Thurs, now been moved to
Monday. Keith from First connections is going to come onsite and carry out
the maintance on both gatekeeper blades.
20040722 10:35 SOB Taking ownership
20040722 12:04 SOB Had a video conference with Kieth and Dave from first
connections. They were updating me on the status of our backup gatekeeper
(22.214.171.124, hepburngk.heanet.ie) It is now up and running correctly.
We have to check it to ensure the system is uncomprimised.
Maintance on kellygk is now scheduled for Tuesday. Radvision have
informed them that re-installing windows on these machines is not an
option they provide. First connections will, however, provide us with a
HDD containing a system set up to our specifications. This will be in
stalled on Tuesday. Once that is installed HEAnet will begin
investigating security options for the future of this gatekeeper.
Intrusion Detiction system Osiris has been recomended by our security. We
will investigate this whent the system is back up.
20040726 09:26 SOB first connections have updated hepburngk.heanet.ie
(126.96.36.199) so we are moving that to the new primary gatekeeper. The
config from kellygk has been loaded onto hepburn. We must now change the
IP address off ECS secondary onto hepburn. This will result in an outage
in the gatekeeper, gateway and MCU. This outage is not expected to last
more then 10 min.
20040726 10:41 SOB Change over complete. hepburngk is now
kellygk.heanet.ie. This will remain the case until the maintance is
complete on tuesday. Gateway services still not at 100%. Outgoing
services will not register with the gatekeeper, as this is not provided
clients anyway it's not a problem but will be investigated during
20040727 09:38 SOB Maintaince has again been moved. First connections
appoligise for this. We've asked to re-arrange this again for Tuesday and
20040804 10:43 SOB Maintance completed. Kellygk.heanet.ie is now the
primary gatekeeper again and has been upgraded to win 2000. During the
maintance the MCU was upgraded to the latest version and the gatekeeper
was returned to full functionality. The equipment is now being moved to
the new Video services cab and will resume full operational status when
this move is completed.
This ticket can be monitored at http://www.hea.net/tickets/20040710-3