From: Allen Chang (allen_at_rescomp.berkeley.edu)
Date: Thu Aug 28 2003 - 18:41:49 PDT
Residential Computing is fine with this. As long as we receive timely
notification(or a web page where we can check). Otherwise, our technicians
spend lots of time trouble-shooting someone's connection when they've
actually been blocked.
~---------------------------------~
Allen Chang
Lead Network Security Coordinator
Office of Residential Computing
UC Berkeley
~---------------------------------~
On Tue, 26 Aug 2003, Craig Lant wrote:
> The Blaster worm is beginning to spread rapidly across the campus
> network. This is, no doubt, exacerbated by the fact that thousands of
> computers are suddenly being connected to our network and many of them
> are already infected. SNS is finding hundreds of new infections every day.
>
> Our standard procedure is to send notifications to security contacts,
> wait one to two working days, then block them if the problem isn't
> resolved. Unfortunately, this is hampering our ability to stay on top
> of the problem and it's giving the virus more time to spread.
>
> We are proposing a change in our procedures to handle this particular
> problem. We would like to send another CalMail warning to all faculty,
> staff, and students explaining that we need to begin immediately
> blocking computers that are found to be infected and attacking other
> computers. We'll still send individual notifications to security
> contacts as hosts are blocked. But, we would no longer allow infected
> computers to continue attacking others for a day or two before taking
> action.
>
> I'm distributing this proposal as widely as I can (short of CalMail).
> If you feel that this proposal is unacceptable or will cause more harm
> than good, let us know ASAP. I also welcome alternative ideas at any time.
>
> Thanks,
> Craig
>
> Craig Lant
> ------- Campus Information Systems Security Officer -------
> ----- University of California, Berkeley -----
> 510-643-0596 craig_at_ack.Berkeley.edu
>
> -------------------------------------
> Sent via the ucb-security mailing list.
>
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Thu Aug 28 2003 - 18:43:49 PDT