[unisog] CHE 3/15: The Growing Vulnerability of Campus Networks

Tom Perrine tep at SDSC.EDU
Mon Mar 11 21:16:37 GMT 2002

>>>>> On Mon, 11 Mar 2002 11:45:15 -0600 (CST), Glenn Forbes Fleming Larratt <glratt at io.com> said:

    Glenn> Interesting indeed. I'd like to only get 12 portscans a month 
    Glenn> (per the "Network Incidents at One University" sidebar); we
    Glenn> get 8+ per *day*. I wonder what threshold criteria they're using?

    Glenn> 	-g

Our single lab (SDSC.EDU) often sees more than 10 scans per day, almost
always from overseas, more than 80% are often from "wanadoo.fr".  The
main campus UCSD.EDU) probably see about the same number; I'll let
them chime in with their own data.

We are at the point where the only reason to notice scans is for our
security research, to generate some statistics and to "prove" that we
still need to "do" security.


Reporting these scans to J. Random ISP in the US or anywhere is almost
always a waste of time.  All the people who care have worked hard to
fix their systems and you won't get scanned from them, and those that
haven't fixed their systems are never going to.


Cable modems and cheap DSL in the US, and public-access systems
(kiosks) in .FR seem to be the greatest single contributor to scans in
the last 2-3 years.  .BR and .PT seem to have cleaned up thier acts in
the last year of so?

Tom E. Perrine <tep at SDSC.EDU> | San Diego Supercomputer Center 
http://www.sdsc.edu/~tep/     | 

More information about the unisog mailing list