Re: Campus VPN Services

["H. Morrow Long" <morrow.long () YALE EDU>]

I should point out that we put in the original NETBIOS block
(accompanied by the production rollout of the VPN service) to
protect against manual attacks by intruders who were finding
open shares and/or connecting to insecure NT hidden admin
shares and compromising Windows PCs.  It was not originally
envisoned as a defense against worms 'per se' (though we
hoped it might provide some protection during the recent
worm attacks).

During Stealther, Blaster, Nachi, etc. just seeing the sheer #
of worms active on the Internet (and I2) I sometimes felt like
Neo in the 2nd Matrix when he learns that hundreds of thousand
of machines are boring in to try to break into Zion (just leave
out some of the the hokey ersatz philosophy of the Matrix movies)...

Morrow

H. Morrow Long wrote:

> It bought us a little time, though not much.
>
> We escaped the original manual nonworm (but automated) attacks week.
> We were hit by Stealther, then by Blaster and Nachi was delayed by a
> day or so.
>
> In almost all cases netflow showed that the initial vectors for the
> infections within the Yale network were PPP & VPN users (though we are
> now seeing early returning grad students bringing in infected
> notebook PCs and plugging them in).
>
> Morrow
>
> Mark Poepping wrote:
>
> > Since you had this setup in place, did you escape the recent rpc (or
> > Nachi)
> > stuff?
> > Mark.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.