From: John Ives (jives_at_cchem.berkeley.edu)
Date: Wed Aug 27 2003 - 11:35:43 PDT
The unfortunate thing is that this is a problem that will not be going away
any time soon. We still see code red on Campus, and its only a subset of
the Windows boxes that are vulnerable to RPC exploits (including Blaster
and Welchia). Having said that I don't want anyone to get the idea that I
oppose this plan, in fact I am all for it, I just think everyone needs to
be prepared for the fact that this may be an ongoing issue for years to come.
John Ives
At 09:58 AM 8/27/2003 -0700, Debra Bartling wrote:
>At 11:12 AM 8/26/2003 -0700, Craig Lant wrote:
>>We are proposing a change in our procedures to handle this particular
>>problem. We would like to send another CalMail warning to all faculty,
>>staff, and students explaining that we need to begin immediately blocking
>>computers that are found to be infected and attacking other
>>computers. We'll still send individual notifications to security
>>contacts as hosts are blocked. But, we would no longer allow infected
>>computers to continue attacking others for a day or two before taking action.
>
>I'm in support of just about anything you want to do to get the problem
>under control. But need to know the procedure to find out which hosts are
>blocked and how to get them unblocked when they are fixed. The first
>information I had about any hosts being blocked at all was in Jon
>Forrest's message asking if there was a web page to look up this
>information. (An excellent suggestion!)
>
>Debra Bartling
>
>
>
>------------------------------------------------------------------------
>The following was automatically added to this message by the list server:
>
>For information about Micronet, including subscribing to
>or unsubscribing from its mailing list and finding out
>about upcoming meetings, please visit the Micronet Web site:
><http://micronet.berkeley.edu/>.
-------------------------------------------------
John Ives, GCWN, GSEC
Systems Administrator
College of Chemistry
(510) 643-1033
"If you spend more on coffee than on IT security, Then you will be hacked.
What's more, you deserve to be hacked." - Richard Clarke
Any opinions expressed are my own and not those of the Regents of the
University of California.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Wed Aug 27 2003 - 14:20:44 PDT