[unisog] should one pull the plug in worm outbreak?

Paul L Schmehl pauls at utdallas.edu
Thu Dec 6 02:32:14 GMT 2001

Join AVIEN.  You'll know about these *before* they hit your network, and 
you'll no longer have to make this decision.  (I'm dead serious.)


It's the best $99/yr (US) you will ever spend.  And I mean that.  You'll 
have sendmail blocks in place before you see the first copy.

--On Thursday, December 06, 2001 12:58 PM +1300 Russell Fulton 
<r.fulton at auckland.ac.nz> wrote:

> On Wed, 05 Dec 2001 08:21:39 -0800 Greg Francis <francis at gonzaga.edu>
> wrote:
>> We currently have around 1200 workstations on the main network so our hit
>> isn't nearly as bad as what it would be for a large university.
> We are going throught the same process with thousands of machines,  we
> have been at it for months, one faculty at a time.
> The problem is that Antivirus software (unless it is heuristic based)
> can not help with these fast spreading worms.  We go our first
> infection at least 2 hours before NAV made the updates available. Since
> this one had a simple subject line we were able to block it using
> Sendmail configs, but not fast enough to stop it hitting several large
> internal lists :(
> I'll ask another question.  Should one pull the plug on the your
> mailservers until you can control the spread (either by adhoc filtering
> or AV products) or should one try and ride the storm?
> In the past we have opted to ride the storm on the basis that without
> emial fighting the problem is actually much more difficult in a
> distributed enviroment like ours.  There are contrary views being
> expressed here and I would like to hear of others experiences.
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland,  New Zealand

Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member

More information about the unisog mailing list