nanog mailing list archives
Re: Network Operators and smurf
From: Dalvenjah FoxFire <dalvenjah () dal net>
Date: Sun, 26 Apr 1998 23:32:19 -0700
On Sun, Apr 26, 1998 at 04:50:11PM -0400, Daniel R Ehrlich put this into my mailbox:
First, I am not speaking for Penn State, although I am a member of the University's CERT team. Second, I am not asking that any block be removed. Such a request would have to come from others at PSU. It may require two weeks when you have to deal with the multiple domains of control one finds at this University. This means that you can not just walk up to some machines and pull the plug without have large quantities of excrement start flowing rapidly down hill from on high and sweeping everything in it's path away.
You may already know this, but it doesn't hurt to reiterate. I've had to deal with this to a certain extent at a local university. What you need to do is to draft a security policy that explains what action you can take when a machine connected to the campus network is used in some sort of hack/DoS attempt. The policy should say something like, "We will attempt to contact the maintainer of the box. If we cannot contact the maintainer or the maintainer cannot repair the box within 6 hours, we will disconnect the box from the network." Modify as required for your site. Then, go to the highest level of management you can, without pissing too many folks off (yes, university politics suck). Get them to sign off on it, and keep going all the way up to the chancellor, or whoever the Big Guy is. Make sure that you explain that every time someone uses a University box to hack or DoS, the university is wide-open for lawsuits and such - especially if folks knew about the problem and didn't take action. Then, you have the ammunition you need to disconnect problem boxes when they crop up. If the Whiny Researcher In Question throws a fit, wave the policy in their face and explain that they should have thought of that before putting an insecure box on the net. (You might also discuss with the researcher the fact that anyone hacking into their box can steal their data; I understand research types are very protective of their data, and paranoid that someone else might get ahold of it. This might at least encourage them to secure their boxes better.) -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) "Aristotle was not Belgian. The central Founder, the DALnet IRC Network message of Buddhism is not 'every man for himself.' And the London Underground e-mail: dalvenjah () dal net is not a political movement." WWW: http://www.dal.net/~dalvenjah/ -- Wanda, "A Fish Called Wanda" whois: SN90 Try DALnet! http://www.dal.net/
Current thread:
- Re: Network Operators and smurf, (continued)
- Re: Network Operators and smurf Brian Holt (Apr 25)
- Re: Network Operators and smurf Alex P. Rudnev (Apr 27)
- RE: Network Operators and smurf barton (Apr 25)
- Re: Network Operators and smurf Jason Lixfeld (Apr 25)
- RE: Network Operators and smurf Martin, Christian (Apr 25)
- RE: Network Operators and smurf Craig A. Huegen (Apr 26)
- Re: Network Operators and smurf Karl Denninger (Apr 26)
- Re: Network Operators and smurf Jason Lixfeld (Apr 26)
- Re: Network Operators and smurf Karl Denninger (Apr 26)
- Re: Network Operators and smurf Daniel R Ehrlich (Apr 26)
- Re: Network Operators and smurf Dalvenjah FoxFire (Apr 26)
- Re: Network Operators and smurf D'Arcy J.M. Cain (Apr 27)
- Re: Network Operators and smurf (UTSA) Bryan Bradsby (Apr 27)
- Re: Network Operators and smurf (UTSA) Karl Denninger (Apr 27)
- Re: Network Operators and smurf (UTSA) D'Arcy J.M. Cain (Apr 28)
- Re: Network Operators and smurf Michael Dillon (Apr 26)