Blackhole and Wireless Turnoff Handling Information

Overview of Blackhole and Wireless turnoff and the required call information.

Campus computers identified by DoIT Security as being compromised will have their network access disabled. For Campus Network (wired) users, this means their computer's IP address is will be blackholed. For campus wireless users, this means their NetID will not longer be able to authenticate.

Note: Blackhole refers to a network computer that has been taken off the network by DoIT Security. The computer is still physically connected to the network, and has a valid IP address, however, campus routers are instructed to discard packets to and from this machine. For the computer user, this means that any network connections they try will not work (web pages cannot be displayed, email clients will timeout, they cannot ping things, etc).

  • Service Users: Users of compromised computers attempting to connect to the UW Madison networks.

  • Availability: 24 x 7 by the SNCC.

  • Server Information: None

  • Unique Support Conditions: Customers can have their computers checked in to Repair for virus/malware removal. If they would like to do this, see Virus or Malware Handling Information.

Select an appropriate service, category and subcategory from the options below.

  • Security

    • BadgIRT
      • Submit Incident


For ALL incidents, gather the following minimum required information:

Clear, detailed description of the problem

Complete customer contact information

Copy/paste the following additional required information into the WiscIT Description field:

Click the text box to select all, copy with Ctrl+C.


Example Case:

  • NetID (Wireless UWNet users only): bbadger
  • Is this the only computer that accesses Wireless UWNet with that NetID?: Yes
  • LAN Admin contact name (Campus Network users only): N/A
  • IP address(es) to be unblocked (Campus Network users only): N/A41
  • Date of the Virus Definitions (these should be within the last three weeks): August 20th (four days ago)
  • Viruses that were found (can be found in the scan history): Trojan-Spy.Win32.Zbot
  • Has customer installed current Windows service packs and patches? If not, ask customer to install auto updater: Yes, Windows is completely up-to-date

Response time for removing a blackhole is 2 hours.

For a visual depiction of this workflow, see the following image: Process Diagram

  1. The Help Desk receives one or more customer contacts for an issue that is identified as a potential outage.

  2. HDQA checks the outages page for any related open planned outages. HDQA then chats SNCC via Service Support Chat Room and confirms an outage should be declared.

  3. If an outage is identified, SNCC should immediately begin creating an Outage.

  4. HDQA receives the Incident from the agent(s) who handled the initial contact(s).

  5. HDQA creates a problem in Cherwell by selecting New > Problem. HDQA then fills out the fields in the Identify and Classify section of the Problem with the information they gathered from the Incident(s). For assistance with Problem creation, reference: Help Desk Training - Create a Problem in WiscIT without the Problem Manager or Help Desk Training - Create a Problem in WiscIT with the Problem Manager.

    1_new_problem
  6. When the Problem has been created and saved, HDQA clicks the team name in the Owned by pane and assigns the Problem to 'SNCC-Sysops' or 'SNCC-Network' as directed by the service handling doc or SNCC staff.

    2_owned_by_team
  7. SNCC receives the Problem and links the Problem to the Outage from the Problem screen.

  8. HDQA links the original Incident(s) and any additional relevant Incidents they have received to the Problem. For instructions on performing this step, see WiscIT - Linking an Incident to a Problem.

  9. As calls continue to come in, Help Desk agents should link the Incidents to the Problem themselves. Level 1 agents should simply save the Incident at this stage; do NOT resolve these Incidents or escalate them to HDQA.

  10. When the outage is resolved, SNCC will go into the open Problem and select the Resolve Attached Incidents link on left side of screen; this will email all customers that their Incidents should be resolved. The email will direct customers to contact the Help Desk if they believe the issue is still occurring.

    3_resolve_attached
  11. If the problem needs follow-up investigation, SNCC will assign the Problem to the appropriate team.

None.



Keywords:
Blackhole wireless uw net uwnet Turnoff Handling Information Security Network Access quarantined quarantine CAMPUS NETWORK
Doc ID:
8645
Owned by:
Wanjiru P. in DoIT Help Desk
Created:
2008-12-09
Updated:
2025-06-03
Sites:
DoITHelpDesk-internal, hd-cps-internal, NetworkSrvcs-internal, SNCC-internal