Town Recovers from DDoS Attack on Servers

During Monday night’s school committee meeting Superintendent Lisa Howard shared the details surrounding the recent Distributed Denial-of-Service (DDoS) attacks that interrupted learning time throughout the district.

On February 4, after several days of slow internet service and bouts of disrupted service, the district’s technology investigations team informed administrators that the Town and school servers were the target of a malicious computer attack which prevented students and teachers from utilizing internet-based resources such as Google Classroom, email, video conferencing and other services while in school buildings. The attack, which also caused a disruption for town municipal offices, eventually caused the services to shut down from 8:00 am until 2:30 pm, the exact timeframe when students are in school.

Howard also confirmed that the outages only occurred on days during in-person learning.

“Over the past few days I’ve learned far more about technology than I ever knew before, and despite the issues this has caused for learning, we have a solid plan in place that will prevent this from happening again.”

After recruiting the help of the Winthrop Police Department, Comcast, Lan-Tel Communications, and Balsam Technologies, to get to the source of the problem, a mitigation package was put in place, and going forward, Comcast will be alerted of any suspicious activity before it reaches the district’s system. Added NetFlow monitoring on the sonic wall will collect and record real time information going in and out. In addition, Simple Network Management Protocol (SNMP) has been put in place as another layer of monitoring and protection.

“This will help us as we move forward, and he SNMP monitoring will allow a network map to show where things are connected, and any unrecognized devices will be alerted and shut down.”

Howard said that the revised bandwidth management will prevent any device in the system from exceeding more than one gigabyte of bandwidth, which is more than enough bandwidth to support the schools’ systems. The initial DDoS emergency mitigation services fees were waved by Comcast, and going forward, the district will pay a monthly subscription fee to ensure that a DDoS attack does not happen again.

“It’s important to note that these attacks have occurred in multiple public school districts across the state. At this point we believe the issue has been resolved and we are grateful to have the collaborative efforts of everyone involved.”

The attack, known as a Distributed Denial of Service attack (DDoS), is designed to overwhelm the bandwidth resources with large amounts of data, which is what prevented students and teachers from accessing the online learning resources. No student, employee or financial data was accessed as a result of the attack.