Agency's emergency throttle on email stops flow of virus; patch keeps infected computers operating
The Federal Emergency Management Agency's remedy for the "ILOVEYOU" virus
running rampant worldwide was to limit the size of incoming and outgoing
e-mail messages at the agency's national firewall.
G. Clay Hollister, FEMA's chief information officer, said being aware of
the problem early and building that quick fix into the firewall helped limit
the severity of the virus' effect on the agency.
"Our enterprise security manager and national e-mail administrator learned
about it last night, and the first message with it arrived at about 8:30
this morning," Hollister said. "At 8:32 a.m., a throttle was built into
our national firewall that limited any messages in or out to 10K...since
they knew the message itself was about 15K."
Hollister said FEMA only had to shut down one of its 20 exchange servers,
which happened at 8:47 a.m., and the server was back up and running at 9:27
a.m. He said the firewall limits were taken off by 1:30 p.m., and only 145
machines were affected out of the agency's more than 3,000 machines nationwide.
FEMA used a patch from Symantec Corp., which the agency downloaded at about
10 a.m. The patch encapsulates the infected files so that even the 145 infected
machines are still operational, Hollister said.
"The smartest thing they did, and what made all the difference, was putting
that throttle in our national firewall at Mount Weather, [Berryville, Va.,]"
he said. "It stopped it from propagating in or out."
NEXT STORY: IRS: Modernization takes people