Reply-Message support in Microsoft Windows (was Re: [Re: Have worm? University upgrades network])
On Mon, 1 Dec 2003, Ryan Dobrynski wrote: > would be nice if microsoft had some sort of "launcher" like you see on > all the good mmorpg's. pop open the launcher and it checks for updates > and antivirus BEFORE it lets you out of jail to the rest of the world. Heck, I'm just asking for simple stuff like Microsoft supporting the rest of the PPP protocol, and displayed the Reply-Message sent by the network to the computer's user instead of thowing it away. That way you could tell the user why the network is rejecting the access, instead of the generic Microsoft error message. Instead of using the features built into the protocol, because Windows doesn't support the PPP messages, everyone else has to come up with other ways to inform users what's wrong.
Re: [Re: Have worm? University upgrades network]
would be nice if microsoft had some sort of "launcher" like you see on all the good mmorpg's. pop open the launcher and it checks for updates and antivirus BEFORE it lets you out of jail to the rest of the world. prolly make em a few $$ in deals with an antivirus company. i think it'd be the one money grubbing feature of windows that i would actually like.. course the patch server goes down and you just hosed everyone off the internet... wait a sec... *grins* On Mon, 1 Dec 2003, Sean Donelan wrote: > Date: Mon, 1 Dec 2003 09:49:34 -0500 (EST) > From: Sean Donelan <[EMAIL PROTECTED]> > To: joshua sahala <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: [Re: Have worm? University upgrades network] > > > On Mon, 1 Dec 2003, joshua sahala wrote: > > > Do people find "self-certification" by end-users actually fixes > > > anything? > > > > depends on how badly they want to get back on that interweb-thing...and > > how clueful they are (or can be made to be). if the penalties for not > > being clean are steep enough (no interweb privileges for a semester), > > then i think they will do it right. > > Ah, you mean the same policies they previously agreed to follow worked so > well to keep their computers up-to-date and virus-free will work in this > case too? If the policies were working, why install new systems? > > In order to fix something, you first have to understand what is broken. > > > i would hope that you are filtering and rate-limiting upstream traffic, > > and that you have built the server with sufficient horsepower and > > self-preservation hooks that it would survive. ftp or http don't require > > too much upstream, and you probably don't need to allow much else from > > the users computers > > Dynamic application of queue policies on every port on your network? A > single infected computer can wipe out an WiFi area, even if you have an > upstream filter on the access point. Unless there is a way for the > network to push the filter onto the computer's NIC, the network has to > sustain the load from the worm even if it drops the packets. > > With 802.1x (or PPP or however you authenticate), it would be nice if the > network could securely negotiate filters for the NIC side of the > connection. > > Ryan Dobrynski Hat-Swapping Gnome Choice Communications Like the ski resort of girls looking for husbands and husbands looking for girls, the situation is not as symmetrical as it might seem.
Re: [Re: Have worm? University upgrades network]
On Mon, 1 Dec 2003, joshua sahala wrote: > > Do people find "self-certification" by end-users actually fixes > > anything? > > depends on how badly they want to get back on that interweb-thing...and > how clueful they are (or can be made to be). if the penalties for not > being clean are steep enough (no interweb privileges for a semester), > then i think they will do it right. Ah, you mean the same policies they previously agreed to follow worked so well to keep their computers up-to-date and virus-free will work in this case too? If the policies were working, why install new systems? In order to fix something, you first have to understand what is broken. > i would hope that you are filtering and rate-limiting upstream traffic, > and that you have built the server with sufficient horsepower and > self-preservation hooks that it would survive. ftp or http don't require > too much upstream, and you probably don't need to allow much else from > the users computers Dynamic application of queue policies on every port on your network? A single infected computer can wipe out an WiFi area, even if you have an upstream filter on the access point. Unless there is a way for the network to push the filter onto the computer's NIC, the network has to sustain the load from the worm even if it drops the packets. With 802.1x (or PPP or however you authenticate), it would be nice if the network could securely negotiate filters for the NIC side of the connection.
Re: [Re: Have worm? University upgrades network]
Sean Donelan <[EMAIL PROTECTED]> wrote: > > Do people find "self-certification" by end-users actually fixes > anything? depends on how badly they want to get back on that interweb-thing...and how clueful they are (or can be made to be). if the penalties for not being clean are steep enough (no interweb privileges for a semester), then i think they will do it right. > Or do users keep on clicking on the "Yes, I'm Clean" button? > > In the meantime, you still have to carry the traffic from the infected > computer if only on your quarantine "network." Usually the quarantine > LAN is some type of virtual network, so the underlying bandwidth is > still consumed by the traffic. Its amazing what happens to a > registration server when an infected computer tries to register tens of > thousands of times a minute. Redirecting the user traffic to a > quarantine server, results in that server getting whalloped. > i would hope that you are filtering and rate-limiting upstream traffic, and that you have built the server with sufficient horsepower and self-preservation hooks that it would survive. ftp or http don't require too much upstream, and you probably don't need to allow much else from the users computers /joshua "Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence." - Stephen Hawking -
Re: Have worm? University upgrades network
On Sun, 30 Nov 2003 [EMAIL PROTECTED] wrote: > What we (UC Santa Cruz) share with LB is the vendor that will be > adding scanning to their net-auth box: Perfigo. We have heard of > the LB plans indirectly through the vendor, but in the context of > the article, it all fits. Do people find "self-certification" by end-users actually fixes anything? Or do users keep on clicking on the "Yes, I'm Clean" button? In the meantime, you still have to carry the traffic from the infected computer if only on your quarantine "network." Usually the quarantine LAN is some type of virtual network, so the underlying bandwidth is still consumed by the traffic. Its amazing what happens to a registration server when an infected computer tries to register tens of thousands of times a minute. Redirecting the user traffic to a quarantine server, results in that server getting whalloped.
Re: Have worm? University upgrades network
Sean Donelan said > On the other hand, California State-Long Beach is planning to upgrade > its network to deal with the worms. > > > http://www.csulb.edu/~d49er/archives/2003/fall/news/volLIVno49-dorm.shtml While Sean's interpretation draws reasonable inference from the cited article, the particular upgrade we've been told about will use some L2 intercept boxes to scan user computers at the time they attempt to connect to the LB net. They seem to be referring to the installation of the authentication/scanning boxes as part of the network upgrade. The hope/plan is that web redirection for software fixits through an appropriate campus download page will preceed releasing full internet services to the users. I don't think that CSULB is going to add capacity to deal with the icmp scans. Rather they are hopeful that they can use this as a clean up strategy. What we (UC Santa Cruz) share with LB is the vendor that will be adding scanning to their net-auth box: Perfigo. We have heard of the LB plans indirectly through the vendor, but in the context of the article, it all fits. -jim warner, UC Santa Cruz ---
Have worm? University upgrades network
After sending out e-mails and notifying students, Dartmouth College has started to disconnect virus-infected computers. http://www.thedartmouth.com/article.php?aid=2003112001020 The service denials come after Computing Services sent out a campus-wide e-mail earlier this month announcing that over 2000 student computers were infected with the Welchia worm virus which was causing severe lag on the campus network. That e-mail instructed students in the steps required to diagnose and, if necessary, treat their computers for the virus. "Should the network's performance continue to suffer, we will be forced to deny access to machines that are abusing, however unintentionally, the network," the Nov. 6 e-mail warned. "We do not want to turn off your network access but we will to protect the integrity of the network." On the other hand, California State-Long Beach is planning to upgrade its network to deal with the worms. http://www.csulb.edu/~d49er/archives/2003/fall/news/volLIVno49-dorm.shtml Stan Olin, director of housing, said they are doing the best they can to get the problem fixed. Housing and network staff has been working around the clock to resolve the problem. Seven dorm residents are included in this team. They aid in tracking down infected computers and are responsible for ensuring students have access to the network. More than 200 infected computers have been identified. Housing notified students through voicemail and other means that anti-virus software is available in the hall offices. Depending on the hardware the student has, the software takes less than 30 minutes to remove the worms. Elson Browne, assistant director of housing, is finding that students are "not taking advantage of free resources." On the contrary, a freshman who requested anonymity said she tried installing the software but found it incompatible with Microsoft Windows XP. She said she now considers the situation "a lost cause." [...] The entire campus is in the process of switching to a new network, however, the dormitories were not included in the first phase of the process. The housing department said it was planning to upgrade sooner or later but due to the urgency, it is pushing for a complete upgrade by next semester.