[rfc-i] RFC Server Outage Report

Glen glen at amsl.com
Fri Apr 6 15:09:51 PDT 2012

All -

Yesterday (April 5) at 8:54 AM Pacific time the RFC Editor server was attacked
and compromised by an outside party.  As a result of this hack, the server's
operation became erratic.  Staff were unable to login, and the website was
returning invalid search results for searches against the RFC Editor database.

AMS IT staff took immediate action, halting the server and performing an
investigation.  We restored service 90 minutes later, after repairing and
restoring the damaged server, and doing a thorough check to make sure we
hadn't missed anything.

At the time, notifications were sent out to RFC and IETF leadership; this
follow-up message is being sent to the community at the request of the
IAOC chair.

AMS took steps to identify the attack vector and remove the discovered
vulnerability.  A variety of other steps were taken to ensure that no other
systems were compromised, and that future attacks of the same type would fail.
No data was lost, no permanent damage was done, and the total downtime for
the website was 90 minutes.

The game of hack vs. hack-prevention is, unfortunately, an ongoing one.  
There are many who believe that attacking servers is an appropriate course
of action.  Reality (and various international laws) prevents us from 
totally eliminating those type of threats.  This attack was caught, handled
quickly, and AMS staff continues to watch for any future threats that
doubtless will come our way at some point.

Thank you for your attention.

Glen Barney
IT Director
AMS (IETF Secretariat, RFC Publisher)

More information about the rfc-interest mailing list