Slashdot Mirror

← Back to Stories (view on slashdot.org)

Handling User Grown Machines on a Large Network?

Posted by Cliff on from the where-infections-run-rampant dept.

matth asks: "Recently with the outbreak of the MSBLASTER worm and the startup of the college semester here in the US we've been hit by a big problem here where I work. Many students are bringing in machines from home, often times infected. The infections are so bad that they bring the whole network to a crawl. Yes, you can install ACLs on edge routers and put a router between the dorms and the rest of your network, but it still brings the dorm to a crawl. You can make sure people install the patches, but what if someone re-installs Windows, or brings in another machine, and what about NEXT year? From the Slashdot community, how have sysadmins out there dealt with this? How can you manage each machine in a network such as a college, where people are bringing their own machines in from the outside? ACLs on routers... but what about for the segmented network?"

18 of 611 comments (clear)

  1. Simple... by woodchip · · Score: 5, Funny

    just ban users from your network.

  2. You could just... by gsperling · · Score: 5, Funny

    ...tell students at registration that Windows machines are not allowed on the network, and that they must install Linux. This will not only clean up your network problems, but it will also give the students a sense of doing the right thing for their computers. Along with their free condoms, give 'em free Linux CDs.

    1. Re:You could just... by KoolDude · · Score: 2, Funny


      Along with their free condoms, give 'em free Linux CDs.

      Dude... you gotta follow the rules. It's ( condoms XOR Linux ).

      --
      getSexySig(); /* returns sexy signature */
  3. YES, THAT'S A GOOD IDEA by YOU+ARE+SO+FIRED! · · Score: 5, Funny

    "Along with their free condoms, give 'em free Linux CDs."

    "Here. You'll never use this first item if you choose to use the second item. Have fun, and welcome to college."

    You are sooooo fired.

  4. DHCP tricks by TheSHAD0W · · Score: 5, Funny

    You ought to be able to tweak your DHCP so you can block machines that are broadcasting this badly by telling them their default gateway is localhost.

  5. start with the freshman handbook by b17bmbr · · Score: 5, Funny
    Chapter 2 Personal Computers
    No personal computers will be allowed unless they are running Linux, FreeBSD, OS X, or another variety of *nix. If you are bringing a PC, please see the installtion CD in the back of the Freshman orientation handbook. For installation instructions, find the guy in your dorm with long hair, glasses, birkenstocks, and a penguin on his shirt. For payment, beer will usually do. Or, if you are under 21, and can't find someone to buy for you, perhaps a bag of Starbucks will suffice. However, if you are a female, just acknowleging him at least once during the semester, when you are with your friends will be plenty.
    --
    My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
  6. Post lists by Maxwell'sSilverLART · · Score: 5, Funny

    Assuming you can identify the port from which the infected traffic is coming, post a list of all infected rooms on the front door of the dorms, with an explanation that "these computers are causing your network to suck."

    The problem will be fixed.

    --
    Moderate drunk! It's more fun that way!
  7. Our Solution by skroz · · Score: 2, Funny

    We have an incident response team that locates each individual infected host, then identifies the primary user of that machine. If they're unavailable, we install the patch and leave a message that they should come by our offices as soon as possible.

    Once the patch has been applied, we sit down with the user and assure them that they're not in trouble; everyone makes a mistake from time to time, and we have simple and effective means of dealing with the problem. Once they're calmed down and convinced that we're not upset with them, we wish them a good day and send them on their way.

    When they turn their backs, we shoot them in the back of the head and put their bodies on display in the courtyard as an example to the rest of the imbiciles that might practice unsafe computing.

    --
    -- Minds are like parachutes... they work best when open.
  8. Re:The state of employment. by dipipanone · · Score: 3, Funny

    First they came for the menial jobs. I never spoke out because I didn't have a menial job.

    Somebody has obviously made a serious mistake then. Can I suggest you apply at the sign of the Golden Arches to find something more commensurate with your intellectual abilities?

  9. Re:Ban 'em by lewiz · · Score: 2, Funny

    Having an A4 sheet detailing where to get the patch and removal tool (possibly mirrored locally) would be a good idea too.

    Okay, so you give them the URL on the paper, right? Then what do they do? Call up the tech. support people and ask them to shout the patch down the 'phone? I can imagine it now: ``was that `one-one-oh', or `one-oh-oh'?''

  10. Re:No more by KoolDude · · Score: 2, Funny


    I am seriously considering moving my smaller clients to Mac of Linux pretty soon

    Hmm... sounds interesting, got a torrent ?

    --
    getSexySig(); /* returns sexy signature */
  11. Re:Easy solution: by Anonymous Coward · · Score: 1, Funny

    Oh yeah. Good solution. And I suppose that computer hobbyists and programmers should be left out in the cold and be forced to use your shitty public PCs that will undoubtly be running the only OS affectd by worms and virii... Windows!?

    Thanks, but no thanks.

  12. Re:responsibility by Durandal64 · · Score: 4, Funny
    How about we tax stupidity next?
    We do. It's called the lottery.
  13. Re:I'm actually wanting to know the same thing, bu by KoolDude · · Score: 3, Funny


    running Mac OS X and I haven't had to lift a finger to do much of anything for more than a year

    That's what I call a boring life. Compare this to the action packed life of a Windows(tm) Admin. I can imagine the next Microsoft tagline:

    Windows: Bringing Unlimited Action to bored System Admins, since 1981.

    --
    getSexySig(); /* returns sexy signature */
  14. Re:Domain logons by cptgrudge · · Score: 2, Funny

    Quickly! Someone establish solid prior art before some company patents it and starts charging licensing fees to virus writers!

    --
    Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
  15. Re:Public humiliation by Mike1024 · · Score: 2, Funny

    Maybe you can spice it up with an introductory text that gives the impression that when you're saying "most inept" you actually mean "dumb as a door-knob"

    You could have a comparitive scale down the side, comparing the most inept to 'brick', ranging through 'hammer' and 'cabbage' with the cleverest compared to, say, '$10 digital watch'. You could have little iconic pictures on the scale to give it some colour.

    Just my $0.02,

    Michael

    --
    "Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
  16. attn: geeks by Barbarian · · Score: 2, Funny

    These girls need help with their computers.

  17. Re:forcefully by G33kboy · · Score: 2, Funny

    If the problem really is due to the 810577 patch, then the call to Microsoft is supposed to be FREE FREE FREE! Did removing the patch fix the problem?