[unisog] Blocking Windows Networking at the Border?

Daxter Gulje dgulje at housing.ucsb.edu
Tue Apr 23 15:33:57 GMT 2002


	We began blocking said ports here at UC Santa Barbara a couple of weeks ago, and since then the only time we've experienced the fun Windows hacks that you mention are from students compromised prior to our blocking those ports.  Works like a charm so far, and not a single complaint yet...
(//jinx)

/Dax
__________________________________________
Daxter Gulje
Assistant ResNet Coordinator
University of California, Santa Barbara
805.893.4747
 

-----Original Message-----
From: Phil.Rodrigues at uconn.edu [mailto:Phil.Rodrigues at uconn.edu]
Sent: Thursday, April 18, 2002 11:05 AM
To: unisog at sans.org
Subject: [unisog] Blocking Windows Networking at the Border?


Hi,

The University of Connecticut experienced all the fun Windows hacks of the 
last few weeks that everyone else did ("Got Warez?" XDCC bots, 
W32Time/FluxaySensor Trojan/Password crackers, MIRC-DOS scripts), all 
pretty much as a result of allowing Windows Networking across our Internet 
link.  With 8,500 students and a few thousand staff computers on the 
network *someone* will have a weak share.

We have been considering blocking ports 135-139/445 at the routers for a 
few weeks now for privacy issues (the assumption that things shared on the 
"local network" are only accessible by other University computers) and 
after all of this we are considering it for security reasons as well.  We 
have never blocked anything before, and none of us really wants to start 
down this slippery slope, but user education about open shares and strong 
passwords only seems so effective.

What are other schools doing to combat these types of problems?  Are many 
of you blocking Windows Networking at the border?  Do those that choose 
not to block it have compelling reasons to keep it open, or do you leave 
it open because "it has always been that way"?

Thanks for your input, and shoot me a private reply if you prefer.

Phil

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================



More information about the unisog mailing list