Re: Fwd: URGENT: bot net with keylogger

[Gary Flynn <flynngn () JMU EDU>]

Dave Monnier, IT Security Office, Indiana University wrote:

> We'll have to hope "itr" doesn't subscribe to EDUCAUSE-sec.

I'd said a few weeks ago that after a post I made here
about our reflexive ACLs for Messenger traffic that
Messenger attacks stepped up after the post.

To put matters straight, I was wrong. I'd misconfigured
the filters trying to test extra functionality and
that was the reason for the additional traffic.

Our Netscreen IDP is now configured to stop that type
of traffic regardless of port.

And, yeah, I'm kind of excited about the new boxes. First
good thing thats happened security-wise in a while. :)

I don't feel safe behind them but I do feel we have a
new layer of defense.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.