[unisog] DShield and Symantec report MSBlast in wild

Gary Flynn flynngn at jmu.edu
Tue Aug 12 17:24:57 GMT 2003



Jeff Bollinger wrote:

> Speaking of which, anyone have any good plans to prevent another uprising
> for when the students do come back?

I just thought of another thing I'm checking with our support
folks about:

1. Divide your residence halls into areas based on network or vlans.
    Something that is managable to filter.

2. Disable all access from student networks to the Internet except for
    web sites. This will break Instant Messaging.

3. Scan systems with open port 135. We're using the IIS RPC/DCOM command
    line scanner with good results.

4. When the number of patched systems in a particular area goes above
    some percentage, say 90-95, enable normal Internet access.

I'm calling it the "Student Network Windows Update Incentive Program" :)

This assumes that the Microsoft Windows Update site or a local SUS server
is available.

Desperate times call for desperate measures.

If I had more time, I'd try tying an SUS server into our registration
system.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list