[unisog] CHE 3/15: The Growing Vulnerability of Campus Networks
paw at noh.ucsd.edu
Mon Mar 11 22:13:16 GMT 2002
I'm not sure we're _averaging_ 10 scans a day, but things have
been busy this month and we're pushing ~8/day. Mind you, we're
no longer reporting Code Red or vanilla Nimda - that might push
the numbers higher. Oh, and we're blocking a bunch of stuff at
the border (snmp, tcp 53, sunrpc, lpr), so those don't generally
get counted, either.
But 12 a *month*? I can only dream of such things - I might be
able to get something else done!
Network Security Manager
UCSD ACS/Network Operations
paw at ucsd.edu
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015
Tom Perrine <tep at sdsc.edu> writes:
> >>>>> On Mon, 11 Mar 2002 11:45:15 -0600 (CST), Glenn Forbes Fleming Larratt
<glratt at io.com> said:
> Glenn> Interesting indeed. I'd like to only get 12 portscans a month
> Glenn> (per the "Network Incidents at One University" sidebar); we
> Glenn> get 8+ per *day*. I wonder what threshold criteria they're using?
> Glenn> -g
> Our single lab (SDSC.EDU) often sees more than 10 scans per day, almost
> always from overseas, more than 80% are often from "wanadoo.fr". The
> main campus UCSD.EDU) probably see about the same number; I'll let
> them chime in with their own data.
More information about the unisog