[Dshield] Port 113

Paul Marsh pmarsh at nmefdn.org
Fri Aug 8 14:04:59 GMT 2003


	Thanks for the info, it's kind of odd you should mention Berkeley.  The following is a an article from today's "Chronicle of Higher Education" regarding DCOM at Berkeley.

Again thanx, Paul

Network Administrators on Campuses Scramble to Fix 'Critical' Security Flaw in Windows

Following recent cybersecurity warnings from the U.S. Department of Homeland Security, computing administrators at colleges and universities have been scrambling to protect their networks and apply security patches to affected machines. 

The University of California at Berkeley, for instance, limited access to its network this week so that system administrators could apply patches to more than 2,000 computers running Microsoft's Windows operating system. Technicians acted after a scan of the university network showed that more than 150 Windows computers had already been attacked. 

In the span of three weeks, the federal government has twice issued advisories about threats posed by newly discovered security holes in most Windows operating systems, including even the latest releases. Vulnerable systems could easily be used by hackers to run malicious code; to copy, change, or delete data; or to create unauthorized user accounts. 

On Tuesday, technicians at Berkeley started limiting some off-campus access to the network to protect machines that needed the security patches, says Craig Lant, the security officer for the university's information-systems office. For those compromised systems that had already been attacked, Mr. Lant says, technicians had to go through the tedious process of reinstalling their operating systems and then installing the security patch as well. 

The people inconvenienced by the limited access were those who had configured their Windows computers in their offices so that they could access their files from home. Also inconvenienced were those who use a Microsoft Exchange server on the campus to gain access to their e-mail when they are away from the campus. 

The latest Windows security flaw was discovered by a Polish security-research group and reported to Microsoft, which then created a free software patch that it released with a security bulletin on July 16. Many Windows computer systems remain vulnerable, however, because their owners have not downloaded and applied the patch. 

Microsoft officials have recommended that organizations with large numbers of vulnerable systems, including many colleges and universities, use an Internet firewall to block external access to vulnerable computers until their operating systems can be patched or reconfigured. 

According to Microsoft officials, the only versions of Windows that do not have the flaw are Windows 98 and Windows Millennium Edition. Windows NT 4.0, Windows NT 4.0 Terminal Services Edition, Windows 2000, Windows XP, and Windows Server 2003 all have the security weakness, which Microsoft rates as "critical," requiring an immediate fix. 

Hackers are building inventories of potentially vulnerable machines so that "they don't have to go find the machines that are exploitable, because they already know where they are," says Martin Lindner, team leader for incident handling at the CERT Coordination Center at Carnegie Mellon University. 

Some Web sites are already offering code that hackers could use to exploit the newly publicized security hole. "A wide spectrum of organizations -- universities and businesses -- have been affected," Mr. Lindner says. 

Users of most newer desktop and laptop machines can protect their computers by accepting automatic security updates from Microsoft, Mr. Lant says. For older Windows machines, applying security patches is time-consuming. 

Adding security patches to computers that are used as servers is even more time-consuming, because patches must be tested thoroughly before they are applied. 

"Sometimes the patch has side effects independent of what it's trying to fix," Mr. Lindner says. Security patches for servers should always be tested, he says, "to make sure they don't have any other adverse effects on your daily operations." 

Berkeley technicians were hoping to restore full network access today. 

-----Original Message-----
From: Deb Hale [mailto:haled at pionet.net]
Sent: Friday, August 08, 2003 9:35 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Port 113

Berkley does a pretty good job of explaining Authentication. 

More information about the list mailing list