TrainWeb Appears To Be Under Attack
by the NIMDA Virus as of Sep. 18, 2001
Our servers appear to be under attack by the NIMDA virus.
The virus does not reside on our servers themselves.
All the servers used by TrainWeb are either LINUX or BSDI Unix servers
which can not themselves be infected by the NIMDA virus.
The NIMDA virus only infects Windows, NT and other Microsoft based systems.
We do not run any Microsoft based servers in our shop.
However, the NIMDA virus can reside on Windows, NT and other Microsoft based systems and servers outside of TrainWeb
and attempt to attack TrainWeb's systems from those outside locations.
The NIMDA virus blindly attempts to infect other systems on the internet, regardless of whether or not they are
Microsoft based systems. Even though the NIMDA virus can not infect our web servers, it is clogging up our bandwidth
and slowing down our servers by flooding our servers with requests. It is doing this in a futile attempt to
locate the specific Microsoft files that it targets to breach security and infect the servers.
It won't find the files that it needs since those files are not on our servers.
Our servers respond to each request indicating that the target files do not exist.
However, the sheer number of requests that our servers have to respond to is slowing down our servers and
taking up bandwidth. Our servers can also freeze or crash when this load becomes too much for them.
According to Interactive Week:
Because it is spreading so quickly and has a much larger pool of potential victims, Nimda is creating an ad hoc denial-of-service attack
on the Internet. The worm is hogging bandwidth resources and hindering access to thousands of Web sites, said Stefan Savage,
co-founder of DoS specialist Asta Networks.
The main www.TrainWeb.com domain was down for most of the day on Tuesday, Sep. 18, 2001.
Some of the other rail domains operated by TrainWeb, including some of the sites hosted at TrainWeb.org,
might also have been down. After doing extensive analysis of the problem, we have been able to take some
corrective measures to keep www.TrainWeb.com up and running most of the time, even while we are still under attack.
TrainWeb was up and running most of the day on Wednesday, Sep 19, 2001, and continues to remain up most of the time.
Even though TrainWeb is up and running, you might see some odd behavior in loading web pages from time to time.
From time to time, you might find that banners do not display, the header is missing from the page, or the
page counters do not display at the bottom of the pages. You might also experience delays when clicking on various
links at TrainWeb. Hopefully, a solution to this problem will be found soon so that TrainWeb and the rest of the
internet can get back to normal functioning.
The TrainWeb RAILcams at http://www.RAILcams.com have been up and down since the initial attack.
Unfortunately, there is little we can do about the RAILcams.
The Internet Service Provider (ISP) for the RAILcam systems is a different provider than the one for the rest of TrainWeb.
The RAILcam ISP is also under attack and they have been turning on and off their services in an attempt to deal with
this virus. We don't have any control over that so all we can do is hope that they find a resolution to this problem
from their end as soon as possible.
Click any of the below links for more information about the NIMDA virus: