[unisog] DShield and Symantec report MSBlast in wild
flynngn at jmu.edu
Tue Aug 12 17:24:57 GMT 2003
Jeff Bollinger wrote:
> Speaking of which, anyone have any good plans to prevent another uprising
> for when the students do come back?
I just thought of another thing I'm checking with our support
1. Divide your residence halls into areas based on network or vlans.
Something that is managable to filter.
2. Disable all access from student networks to the Internet except for
web sites. This will break Instant Messaging.
3. Scan systems with open port 135. We're using the IIS RPC/DCOM command
line scanner with good results.
4. When the number of patched systems in a particular area goes above
some percentage, say 90-95, enable normal Internet access.
I'm calling it the "Student Network Windows Update Incentive Program" :)
This assumes that the Microsoft Windows Update site or a local SUS server
Desperate times call for desperate measures.
If I had more time, I'd try tying an SUS server into our registration
Security Engineer - Technical Services
James Madison University
More information about the unisog