Universities Taken Offline to Fight Worms, Viruses

chrismg2003 writes "Nationwide universities are opening their doors to new students but closing off their network services. The Blaster worm has caused universities to take drastic actions to protect their campus networks. Universities have gone as far as shutting down their entire resnet network and bringing it back up dorm-by-dorm after each computer has been certified worm-free. The ICMP ping requests alone have brought down my university's resnet multiple times and we are scrambling to clean the worm from all computers before it forces us to follow suit with other universities."

Re:They should have patched IN JULY

[joe52]

Except that most students weren't around in July. You can't make students apply patches while they are off for the summer.

Of course you can try to educate them so that they will understand the need for these patches and apply them on their own, but actually achieving that goal is not a trivial task (and perhaps drastic actions like kicking machines off university networks are the first step in a tough love approach that might just work).

Re:MSN Messenger... argh.

[Spy+Hunter]

msconfig.

msconfig is the answer to all your problems with stupid applications running at startup (like messenger, realplayer, etc). Start->Run, type in msconfig, hit enter. Go to the rightmost tab, "Startup", and uncheck all the boxes. Your computer will start up and run faster and more reliably, and you won't get retarded MSN messenger starting up (though you can still start it manually if you really have a burning desire to use it). You have to do this periodically since whenever you install a program nowadays it adds something to this list. Some programs are even adding Windows services, which aren't disabled by this screen. Luckily the next tab to the left is "Services", and it even has an option to hide all the default ones that come with Windows so you can selectively disable the ones installed by programs (And while you're at it, disable the deceptively named "Messenger" service from Microsoft to stop those stupid gray popup ads from appearing).

The constant use of msconfig is practically essential to running a decent windows system these days, so it's something everyone should know about. The combined use of msconfig and AdAware can keep a windows system reasonably clean of useless commercial junk, extending the time before you need to do a reinstall to remove all the crap.

Re:Linux

[afidel]

Sounds like the BSA audits. A company a friend works for runs all critical systems on some form of UNIX, the idiot "technician" from the BSA didn't understand that a company could run something other than windows and tried to find some way to install their scanner. He wouldn't leave for several days and the company couldn't use their systems during that time because the BSA guys were accompanied by sheriffs officers and a warrant specifying nothing be touched until the audit was completed so that no evidence was eliminited. Eventually the IT people at the company got the state crime lab computer people to tell the sheriff that the guy from the BSA was an idiot and that the company should be allowed to use their systems.

UConn saved our tail

[Prep]

Here at Denison University, we were lucky enough to catch wind of this perl script, written by Josh Richard of the University of Minnesota-Duluth and enhanced by Mike Lang of the University of Connecticut enhanced it. We modified our standard registration web page (unknown mac-addresses are handed a dummy ip and all traffic redirects to a registration page. Once they register, DHCP hands them a "real" ip) to scan for the DCOM vulnerability using the UCONN script. Users that fail the test are redirected to a page offering links to the patches. Users that pass are directed to the standard registration page, including virus scanning downloads. UConn also includes handy suggestions for using TCP dump to listen on port 135 and for ICMP, note it in a log, giving you a great list of IPs that need to be cleaned. Read UConn's entire summary page here. It saved us.