sasser virus (was Re: [unisog] student fees for cleaning.)

Ken Connelly Ken.Connelly at uni.edu
Fri May 7 20:36:10 GMT 2004


Peter Van Epp wrote:

><snip>
>  
>
>>Additionally, rumor has it that the University Utah only had some
>>ridiculously small number of sasser infections?  Anyone here from
>>utah.edu who can help the rest of us who had quite a larger number of
>>infections?
>>
>>Regards,
>>-Peter
>>-- 
>>Peter Moody                             <peter at ucsc.edu>
>>Information Security Administrator      831/459.5409
>>Communications and Technology Services. UC, Santa Cruz.
>>http://security.ucsc.edu/pgp/peter.moody.pub
>>:wq
>>    
>>
>
>	While I'm not from the U of Utah, sasser here was a non event. There
>were 5 or 7 machines hit last week sometime in one day and then 1 and 2s as
>people bring in laptops or dial in from home among our 8,000+ machines.
>	Ports 135, 137, 139, 445 are blocked in and out at the border (and
>attempting to scan out is logged and whacked) is presumably the reason why
>we didn't see a large number of infections. 500 or so machines (and several
>months of recovery) from blaster may have also helped convince those 
>responsible for the machines that 1) an infection will get caught and network
>access will be removed, and 2) the pain of 1) isn't worth it :-). Thanks to 
>you kind beta testers on unisog they also got several warnings that sasser 
>was coming.
>	Argus outside my border isn't even seeing an abnormal amount of 
>scanning from external sources.
>
>Peter Van Epp / Operations and Technical Support 
>Simon Fraser University, Burnaby, B.C. Canada
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog
>  
>
Me neither (not from U of Utah), but what Peter said.  We, too, block 
micro$oft ports in and out at the border (and also between ResNet and 
the rest of our campus).  And we also pay attention to outbound scanning 
and whack it as quickly as we can.

Sitting quietly and carrying a large LART...  ;-)

- ken

-- 
- Ken
=================================================================
Ken Connelly Systems and Operations Manager, ITS Network Services
University of Northern Iowa           Cedar Falls, IA  50614-0121
email: Ken.Connelly at uni.edu
phone: (319) 273-5850   fax: (319) 273-7373

It's much more important to know what you don't know than what you do know!





More information about the unisog mailing list