CWL Authentication Service (Auth2) is experiencing degraded performance due to DDoS November 18, 2014 17:32 UPDATE

CWL Authentication Service (Auth2) is experiencing degraded performance as a result of a targeted Distributed Denial of Service (DDoS) attack.

Users accessing CWL Auth2 enabled services may encounter slow logons or timeouts during the authentication process.

The following services are dependent on CWL Auth2:

  • Authentication to PeopleSoft portals (Administrator and Employee Self-Service),
  • API transactions by Academic System Support applications.
  • You.ubc.ca prospect account creation.
  • CWL UIs for account management (example: password reset, account creation, administrator management of account).

Other IAM services, such as CAS, Shibboleth, AccessUBC, and Enterprise Active Directory, are currently unaffected.

Attacking IP addresses include:
2.92.125.81
2.95.181.238
209.203.212.4
213.153.211.66
222.76.147.91
37.187.76.190
37.212.208.218
37.239.46.26
37.239.46.50
46.164.234.59
46.29.21.176
49.77.148.249
5.167.111.169
58.253.10.177
63.141.243.27
72.46.132.178
78.154.174.186
78.160.166.78
78.160.76.14
78.184.43.120
79.105.116.39
79.112.200.72
80.178.137.6
83.149.21.112
85.107.210.216
85.99.96.6
91.200.12.14
91.200.12.29
91.200.12.52
91.200.12.55
91.226.154.20
93.109.125.205
93.116.67.137
94.181.34.64
94.251.123.116
94.255.63.159
95.132.119.206
95.133.164.114
95.7.207.59
95.71.204.191
97.77.104.22
112.111.185.189
115.47.46.170
117.248.118.125
119.138.46.75
125.77.135.186
130.193.154.76
130.204.99.2
142.54.184.243
148.251.145.252
176.214.128.216
178.172.154.28
178.42.26.23
178.45.146.179
178.45.148.111
178.66.122.242
178.71.221.238
180.110.119.148
181.135.81.208
183.95.63.124
188.18.200.45
192.3.66.2
192.99.20.14
193.201.224.128
193.201.224.166
193.201.224.168
193.201.224.36
193.201.224.4
193.201.224.92
195.155.252.24
198.100.158.213
198.204.243.117

Mitigations have been put in place but attacking IP addresses are changing daily and likely belong to compromised systems, running as part of one or more botnets. IT support staff are encouraged to check their logs for successful connections, for the period of Nov 15th to today, from these addresses. Please report any suspected compromised systems or accounts to security@ubc.ca.