Full Disclosure mailing list archives
Re: RE: Probable new MS DCOM RPC worm for Windows
From: "Brent J. Nordquist" <b-nordquist () bethel edu>
Date: Mon, 29 Sep 2003 07:24:08 -0500 (CDT)
On Sat, 27 Sep 2003, Karl DeBisschop <kdebisschop () alert infoplease com> wrote:
On Fri, 2003-09-26 at 22:57, Paul Schmehl wrote:We're working on a "jail vlan" concept now, where "evil" computers go.Maybe this concept is already widely in use at academia. If it is not, it may soon be.
We've been using the concept here for 2-3 years, and it has worked well. We call ours the "black hole". :-) We only allow machines in the black hole to access MS Update, our virus vendor's site, and other places where the student can get the tools (s)he needs to fix the computer. As Paul said, we can't work on their computers; it has to be self-help (or a paid outside company). Over time we are making improvements toward increased detection of infected computers and automatic placement into the black hole. At the beginning it was mostly manual which is a lot of work. When the recent Nachi/Welchia/Sobig.f wave hit we had some incentive to invest more time in automated detection. Educational institutions that are interested in this concept might want to look into the RESNET-L mailing list; topics like this that are relevant to the ResNet environment are discussed there regularly. http://LISTSERV.ND.EDU/archives/resnet-l.html -- Brent J. Nordquist <b-nordquist () bethel edu> N0BJN Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html * Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: Probable new MS DCOM RPC worm for Windo ws, (continued)
- Re: RE: Probable new MS DCOM RPC worm for Windo ws Gary Flynn (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Jay Sulzberger (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Schmehl, Paul L (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Jerry Heidtke (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Schmehl, Paul L (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Schmehl, Paul L (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Schmehl, Paul L (Sep 26)
- Re: RE: Probable new MS DCOM RPC worm for Windows Cael Abal (Sep 26)
- Re: RE: Probable new MS DCOM RPC worm for Windows Paul Schmehl (Sep 26)
- Re: RE: Probable new MS DCOM RPC worm for Windows Karl DeBisschop (Sep 27)
- Re: RE: Probable new MS DCOM RPC worm for Windows Brent J. Nordquist (Sep 29)
- Re: RE: Probable new MS DCOM RPC worm for Windows Cael Abal (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Jay Sulzberger (Sep 26)