Re: OT new virus

From: Pindell, Timothy (TPindell@OTTERBEIN.EDU)
Date: Wed May 05 2004 - 11:25:27 EDT


I'm the 'network nazi'/server dude/chief IT bottle washer at a small
college. We're stopping sasser at the firewall, but it's taking a beating.
It's been bouncing off the limit of tcp sessions on a regular basis starting
on Saturday afternoon. Once the firewall hits the limit, it simply drops
the next session and you have things like 404s and such. To us, it's
basically a DDOS problem at this point. Time for a beefier firewall I think.
Our lusers don't like it, but they haven't shown up at my door with torches
and pitchforks yet. So far, we've had none inside, but all it will take is
some bonehead professor or student coming in from off-campus with a
compromised laptop and then it'll hit the fan. Bad memories of nachi. We're
looking at an app that will restrict new users to a non-routed vlan until
they authenticate and their machine is scanned for vulnerabilities. I spent
yesterday morning patching about 20 servers. I got to reboot stuff during
work hours with no regard whatsoever for human life. I've been using MS
Software Update Services and couldn't be happier with it. It's our own local
copy of Microsoft's own Windows Update. We used to have to run sneaker net
everywhere and physically patch machines. With 700ish fac/staff machines
that's like painting the Brooklyn Bridge- when your done, you have to start
over because the next one is out. Now, we simply have to approve an update,
and it automatically gets picked up by the client machines the next time
they contact the update server. Unfortunately, we don't have any real
control of the student machines. I sniff traffic and look for virus-like
activity and shut off switch ports, but that's about all I can do. When we
got nachi in the fall when the students showed up, I had to simply 'turn
off' the dorms in order for the everyday business of the college to
function. That got their attention. How much handholding can we as the IT
staff do?

<rantmode>
Since I've had this job, it's occured to me that x86 PCs are more
complicated than most people can responsibly handle, even with Windows. That
goes for vehicles or any other complicated piece of machinery. I hate to be
elitist like this but what the heck: I think as the cost of computer
harware decreases, the more this type of thing will happen. When geeks ran
the internet and PC's were expensive and harder for the noob to use, we
didn't have this much of a problem. We had our 2400 baud modems and we
LIKED it that way. Geez...now I sound old...
</rantmode>

Tim



This archive was generated by hypermail 2b29 : Tue Jun 01 2004 - 10:59:11 EDT