CL2-WIN12 down - Resolved - 2 subnets blocked

[Stephen]

Win12 is having an issue starting services at the moment and being checked, it is on a node that has had some issues with packetloss and network, but this does not seem entirely related.

 

[Stephen]

Two interesting items, I disabled the network port to the server switch for Win12 (virtual) and all services started right up, and the node passed its prior since crashing uptime mark without packetloss.

I am right now installing 8 updates available on the server with the network disabled and will reboot it, as it seems possible this is some sort of attack, but I am not 100% sure at this time.

 

[Stephen]

Rebooting Win12 with updates applied, then going to enable network and see if it works properly, if the node reboots after bringing Win12 online we will get it back working and disable win12 until it is moved to a node by itself and others can run stable then.

 

[Stephen]

I have re-enabled network access to Win12 and watching it very closely now.

 

[Stephen]

Watching connections I am seeing 1000s of connections from multiple 100s of IPs in one particular country that look to be very suspect, I will be blocking them off temporary from reaching Win12.

 

[Stephen]

Blocked off networks of the attacking country for a while, this may make Win12 inaccessible to a bit of the Middle East temporary, once the attacks are lifted I will re-enable. This is not network wide, just Win12 CL2.