[unisog] Sightly OT: Re: [unisog] University virus-writing
Phillip G Deneault
deneault at WPI.EDU
Thu May 29 03:09:17 GMT 2003
On Wed, 28 May 2003 Valdis.Kletnieks at vt.edu wrote:
> On Wed, 28 May 2003 20:59:13 EDT, Phillip G Deneault <deneault at WPI.EDU> said:
> > If they miss(mistyping an IP), or students on either side try to attack
> > other unrelated systems(DNS, switches, routers, or other hosts) in an
> > attempt to disable or break into the project, I'll need to block those
> > sites and point out the fact that the project is in violation of our AUP,
> > not to mention clean up the mess. I'd rather not do that and head of the
> > problem at the pass.
> > Does anyone have any thoughts this problem? Does anyone think this is
> > lunacy or that I'm way off base? I'd like people's 2 cents if they've
> > come across this problem before and possibly what they did to solve it.
> Give them each a playground subnet on their campuses using a RFC1918
> address space, VPN them together, and then aggressively ingress/egress
> filter all the sandbox subnets. That should suffice.
I appreciate the feedback, but the problem isn't so much technical in
nature. Its about the overall policy issues it creates, the problem of
the lack of knowledge, and what happens after. I'm trying to be
proactive about the situation and fit it into an evolving security policy.
I'd also not like to throw technology at the problem if the problem is
education or policy problems. The mice have a tendancy to get smarter
when I make better traps. I don't like smart mice. :-)
Phil Deneault "We work in the dark, We do what we can,
deneault at wpi.edu We give what we have. Our doubt is our passion,
WPI NetOps and our passion is our task. The rest is the
InfoSec maddness of art." - Henry James
More information about the unisog