[unisog] should one pull the plug in worm outbreak?
Paul L Schmehl
pauls at utdallas.edu
Thu Dec 6 02:32:14 GMT 2001
Join AVIEN. You'll know about these *before* they hit your network, and
you'll no longer have to make this decision. (I'm dead serious.)
It's the best $99/yr (US) you will ever spend. And I mean that. You'll
have sendmail blocks in place before you see the first copy.
--On Thursday, December 06, 2001 12:58 PM +1300 Russell Fulton
<r.fulton at auckland.ac.nz> wrote:
> On Wed, 05 Dec 2001 08:21:39 -0800 Greg Francis <francis at gonzaga.edu>
>> We currently have around 1200 workstations on the main network so our hit
>> isn't nearly as bad as what it would be for a large university.
> We are going throught the same process with thousands of machines, we
> have been at it for months, one faculty at a time.
> The problem is that Antivirus software (unless it is heuristic based)
> can not help with these fast spreading worms. We go our first
> infection at least 2 hours before NAV made the updates available. Since
> this one had a simple subject line we were able to block it using
> Sendmail configs, but not fast enough to stop it hitting several large
> internal lists :(
> I'll ask another question. Should one pull the plug on the your
> mailservers until you can control the spread (either by adhoc filtering
> or AV products) or should one try and ride the storm?
> In the past we have opted to ride the storm on the basis that without
> emial fighting the problem is actually much more difficult in a
> distributed enviroment like ours. There are contrary views being
> expressed here and I would like to hear of others experiences.
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland, New Zealand
Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member
More information about the unisog