[unisog] CHE 3/15: The Growing Vulnerability of Campus Networks

Pat Wilson paw at noh.ucsd.edu
Mon Mar 11 22:13:16 GMT 2002


I'm not sure we're _averaging_ 10 scans a day, but things have
been busy this month and we're pushing ~8/day.  Mind you, we're
no longer reporting Code Red or vanilla Nimda - that might push
the numbers higher.  Oh, and we're blocking a bunch of stuff at
the border (snmp, tcp 53, sunrpc, lpr), so those don't generally
get counted, either.

But 12 a *month*?  I can only dream of such things - I might be
able to get something else done!


Pat Wilson
Network Security Manager
UCSD ACS/Network Operations
paw at ucsd.edu
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015

Tom Perrine <tep at sdsc.edu> writes:
>  >>>>> On Mon, 11 Mar 2002 11:45:15 -0600 (CST), Glenn Forbes Fleming Larratt
 <glratt at io.com> said:
>  
>      Glenn> Interesting indeed. I'd like to only get 12 portscans a month 
>      Glenn> (per the "Network Incidents at One University" sidebar); we
>      Glenn> get 8+ per *day*. I wonder what threshold criteria they're using?
>  
>      Glenn> 	-g
>  
>  Our single lab (SDSC.EDU) often sees more than 10 scans per day, almost
>  always from overseas, more than 80% are often from "wanadoo.fr".  The
>  main campus UCSD.EDU) probably see about the same number; I'll let
>  them chime in with their own data.



More information about the unisog mailing list