sasser virus (was Re: [unisog] student fees for cleaning.)

Peter Van Epp vanepp at sfu.ca
Fri May 7 19:49:58 GMT 2004


<snip>
> 
> Additionally, rumor has it that the University Utah only had some
> ridiculously small number of sasser infections?  Anyone here from
> utah.edu who can help the rest of us who had quite a larger number of
> infections?
> 
> Regards,
> -Peter
> -- 
> Peter Moody                             <peter at ucsc.edu>
> Information Security Administrator      831/459.5409
> Communications and Technology Services. UC, Santa Cruz.
> http://security.ucsc.edu/pgp/peter.moody.pub
> :wq

	While I'm not from the U of Utah, sasser here was a non event. There
were 5 or 7 machines hit last week sometime in one day and then 1 and 2s as
people bring in laptops or dial in from home among our 8,000+ machines.
	Ports 135, 137, 139, 445 are blocked in and out at the border (and
attempting to scan out is logged and whacked) is presumably the reason why
we didn't see a large number of infections. 500 or so machines (and several
months of recovery) from blaster may have also helped convince those 
responsible for the machines that 1) an infection will get caught and network
access will be removed, and 2) the pain of 1) isn't worth it :-). Thanks to 
you kind beta testers on unisog they also got several warnings that sasser 
was coming.
	Argus outside my border isn't even seeing an abnormal amount of 
scanning from external sources.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada



More information about the unisog mailing list