[unisog] CHE 3/15: The Growing Vulnerability ofCampus Networks

Tom Perrine tep at SDSC.EDU
Mon Mar 11 21:23:20 GMT 2002


>>>>> On Mon, 11 Mar 2002 13:38:18 -0500, "H. Morrow Long" <morrow.long at yale.edu> said:

    H> And I would venture to say that some Universities are likely easier
    H> targets for cr/hackers looking for vulnerable NT/W2K and Unix/Linux
    H> hosts to compromise and take over.  In particular I'd say that our IP
    H> networks may be more concentrated "target-rich" environments for someone
    H> looking for these platforms.

I suspect that it is also the high-speed connections that are
popular.  Cable and some DSL and many .COM sites have less
bandwith/host than many .EDUs.

Heck, we're sitting on OC-48s, OC-12s and OC-3 (just for backup) and
that's for ~1000 hosts.  I think that UW has bigger pipes for its
campus than most big .COMs.

A network admin in .CA who does lots of investigations told me once
that he was convinced that .EDU.CA was a prime target only for its
high-speed links to US networks.

Depends on the motive of the intruder, too.  Way back when, intruders
wanted lots of fast hosts to run "crack" and lots of file storage for
WAREZ.  Then they wanted places to host IRC bots.  Now it seems to
just be who has the biggest list of owned hosts.  Since most of the
web defacement mirrors have gone away, my *perception* is that
defacements have declined (but I could be wrong).

Tom "Monday is Cynicism Day!" Perrine

-- 
Tom E. Perrine <tep at SDSC.EDU> | San Diego Supercomputer Center 
http://www.sdsc.edu/~tep/     | 



More information about the unisog mailing list