sasser virus (was Re: [unisog] student fees for cleaning.)

Russell Fulton r.fulton at
Fri May 7 23:56:13 GMT 2004

On Sat, 2004-05-08 at 09:41, Peter Van Epp wrote:

> 	No. We don't scan the network looking for vunarable machines without
> the owner's permission. Our experience with Nessus scans says that it sometimes
> causes the machine to reboot. Therefore we will take the hit of an infected
> machine getting out for a while before being detected and whacked. The down
> side is we don't know how many machines out there are still vunarable. So far
> that policy has worked fine. If it stops working fine I expect we will revisit
> it :-).

We do scan, but not with nessus.  I generally us scanners dedicated to a
single vulnerability (eg from foundstone, eeye or (my favourite - base
on the uconn resnet scanner).

We have have had no problems with this and our IT support people love it
because it allow them to put there efforts into catching those machine
where the automated systems (SUS, login scripts, etc.) fail or are
Russell Fulton                                    /~\  The ASCII
Network Security Officer                          \ /  Ribbon Campaign
The University of Auckland                         X   Against HTML
New Zealand                                       / \  Email!

More information about the unisog mailing list