Slashdot Mirror

← Back to Stories (view on slashdot.org)

Universities Taken Offline to Fight Worms, Viruses

Posted by CowboyNeal on from the drastic-measures-taken dept.

chrismg2003 writes "Nationwide universities are opening their doors to new students but closing off their network services. The Blaster worm has caused universities to take drastic actions to protect their campus networks. Universities have gone as far as shutting down their entire resnet network and bringing it back up dorm-by-dorm after each computer has been certified worm-free. The ICMP ping requests alone have brought down my university's resnet multiple times and we are scrambling to clean the worm from all computers before it forces us to follow suit with other universities."

11 of 450 comments (clear)

  1. Linux by Anonymous Coward · · Score: 5, Interesting

    This situation has affected me. I wonder how they will certify my Linux computer. They can't run their security checker stuff on it, as it doesn't even run windows. I may have to put up a patched XP install just to regain network access. Anyone got a spare copy to donate?

  2. Re:Places of Wisdom? by abh · · Score: 5, Insightful

    > upgrade to a more secure operating system. If you mean Linux, I assume you somehow are going to fund training all the students how to use it, along with getting all of the school's faculty and staff to support it, along with providing for Linux patch management efforts. Yeah, right. Back to the real world we go...

  3. Re:Can ISPs get with it too? by The_K4 · · Score: 5, Funny

    ISP Guy: Your coputers Infected, get a patch.
    Customer: I can't download the patch, you've turned off my internet access

    That could be a problem :)

  4. Non-windows Students by fupeg · · Score: 5, Funny

    You should get a partial tuition refund if you don't use Windows, and thus the university's IT doesn't have to worry about you.

  5. Say what? by ldm · · Score: 5, Insightful
    "I think we really need to groom a new type of student who is responsible for their computer security," said Kathy Gillette, manager of George Mason University's beleaguered tech support center. "A lot of them lived at home and mom or dad took care of the computer so they've never learned how to fix them, but hopefully we'll be able to teach them that too."
    *blink* I have yet to encounter a situation where a college-level student has their home computer taken care of by a parent... quite the opposite, usually. WTF?
  6. Our Solution by RedSynapse · · Score: 5, Interesting

    I posted this before but it's still relevant..

    I work for tech support for a large (30,000+ students) university. This fall we're expecting as many of 30 percent of the machines coming to residence to be infected with a worm.

    To defend against this we're going scan all machines over the network during the registration process and if the machine is vulnerable the browser will get redirected to a webpage with the relevant patches which the client must apply. If they don't apply the patch they won't be able to connect to anything but our internal authentication vlan.

    One of the reasons our networks get hammered during any worm incident is that there are so many machines connected to the network that just aren't patched ever.. Eventually we just have to manually shut down the ports infected machines are connected to and wait till clients call to complain to explain why they've been disconnected.

  7. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  8. Re:Can ISPs get with it too? by colinramsay · · Score: 5, Interesting

    Here in the UK, NTL did just that. I'd taken down our firewall for about five minutes and in that time we contracted Blaster, which promptly got eaten by Welchia. I scanned for Blaster and applied the MS patch but didn't scan for Welchia...

    Next day, we try and go online only to be redirected to http://outbreak.ntli.net/ which told us they'd found that we were transmitting loads of data... they gave us links to blaster and welchia scanners and the MS patch. Until we stopped transmitting we weren't going to be allowed onto the net at large.

    Upon removing Welchia we were promptly allowed back online. I've never been very impressed with NTL before, but this sort of decisive action was very impressive.

    --
    Free iPods - now in the UK!
  9. Re:Can ISPs get with it too? by dazk · · Score: 5, Interesting

    Where's the problem to shut people down but allow them to reach a server where all the relevant patches for the malware causing a shutdown is available? Might even be a proxy to official MS sites.

  10. UW Labs by jeeryg_flashaccess · · Score: 5, Interesting

    The UW labs in Seattle were hit real hard by the Blaster worm. Thus, the UW campus network was a mess for a bit. Main causes: First, students can use the computers for whatever they want... i.e. the computers are very open. Second, IT didn't patch the computer.

    Now you may wonder why I said "computer" and not "computers". Well here is why...the UW has an imaged drive lab. So one computer is used to push updates to EVERY single computer. Everytime a student logs off a computer the hard drive is made fresh again (cleaned) by the master server. That ensures proper working order and minimum IT staff work. Anything the student installed is erased too.

    Single point of failure anyone?

    --
    Life is like pants... fit in or you don't fit in.
  11. Re:Can ISPs get with it too? by Abcd1234 · · Score: 5, Interesting

    A few hours. You honestly think it'd take just a few hours to 1) take all the calls from a bunch of people who's net connection are shut down and 2) instruct them (and potentially walk them through) how to disinfect and patch their systems? Really. Frankly, I find it remarkable how naive you are...

    I absolutely agree with the original poster... if some idiot doesn't patch his box, I shouldn't suffer. If anything, set up rules at the upstream router to shut down his, and only his, connection (hell, you could automate this if you wanted). But don't you dare touch mine.