[unisog] Blocking Windows Networking at the Border?
dgulje at housing.ucsb.edu
Tue Apr 23 15:33:57 GMT 2002
We began blocking said ports here at UC Santa Barbara a couple of weeks ago, and since then the only time we've experienced the fun Windows hacks that you mention are from students compromised prior to our blocking those ports. Works like a charm so far, and not a single complaint yet...
Assistant ResNet Coordinator
University of California, Santa Barbara
From: Phil.Rodrigues at uconn.edu [mailto:Phil.Rodrigues at uconn.edu]
Sent: Thursday, April 18, 2002 11:05 AM
To: unisog at sans.org
Subject: [unisog] Blocking Windows Networking at the Border?
The University of Connecticut experienced all the fun Windows hacks of the
last few weeks that everyone else did ("Got Warez?" XDCC bots,
W32Time/FluxaySensor Trojan/Password crackers, MIRC-DOS scripts), all
pretty much as a result of allowing Windows Networking across our Internet
link. With 8,500 students and a few thousand staff computers on the
network *someone* will have a weak share.
We have been considering blocking ports 135-139/445 at the routers for a
few weeks now for privacy issues (the assumption that things shared on the
"local network" are only accessible by other University computers) and
after all of this we are considering it for security reasons as well. We
have never blocked anything before, and none of us really wants to start
down this slippery slope, but user education about open shares and strong
passwords only seems so effective.
What are other schools doing to combat these types of problems? Are many
of you blocking Windows Networking at the border? Do those that choose
not to block it have compelling reasons to keep it open, or do you leave
it open because "it has always been that way"?
Thanks for your input, and shoot me a private reply if you prefer.
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut
email: phil.rodrigues at uconn.edu
More information about the unisog