Educause Security Discussion mailing list archives
Re: W32/Nachi.worm
From: Kathie Brinkman <brinkmkb () MUOHIO EDU>
Date: Wed, 20 Aug 2003 18:03:44 -0400
Please excuse duplication - I am cross-posting to RESNET-L and Educause Security lists.... We are preparing for students return on Friday. We have blocked port 135 at the campus firewall, we have blocked port 135 at the routers. We are prepared to block ICMP at the ResNet building routers (if we have to). Questions from our network staff are (we have read the virus site descriptions, but appreciate the infield experience that some of you are seeing) : What is the traffic profile of the corrupted machines? - How much bandwidth are they consuming? - What is the target of the ICMP echo requests? Local to subnet? Local to campus network? Internet hosts? - Are there other high bandwidth ports/protocols besides ICMP? What measures have you found effective in minimizing the effects of corrupted machines? - Router access lists? - Firewall rules? Thanks. At 03:19 PM 8/20/2003 -0400, you wrote:
Right now, this worm is causing more problems for us than the Blaster Worm ever did. -----Original Message----- From: Scott Weeks [mailto:sweeks () sandiego edu] Sent: Wednesday, August 20, 2003 3:11 PM To: RESNET-L () LISTSERV ND EDU Subject: Re: W32/Nachi.worm But the question is: Is it ethical to send around a "good" worm to patch peoples computers without their permission. Not can it be done (it's been shown that it can be done), rather SHOULD it be done for the good of the larger community. I say they should not configure YOUR computer without YOUR permission. scott On Tue, 19 Aug 2003, Sadler, Connie wrote: : As long as your machine is not connected to the network, you can take : any risk that you like (as long as you purchased the computer and pay : for the maintenance and licensing). As soon as you connect to a network, : you're part of a much bigger community, and all bets are off, IMHO. : : Connie : : : -----Original Message----- : : From: Resnet Forum [mailto:RESNET-L () LISTSERV ND EDU] On Behalf Of : Scott : : Weeks : : Sent: Tuesday, August 19, 2003 6:41 PM : : To: RESNET-L () LISTSERV ND EDU : : Subject: Re: W32/Nachi.worm : : : : No one should configure my machine without permission. Just as no : one : : is : : allowed into my house to fix my air conditioner without permission. : : : : "Hi, I noticed that your AC was broken, so I came into your house and : : fixed it for you." You don't know if that's all they did. Similarly : : you : : don't know if the worm is benevolent only. Perhaps the worm did what : it : : did to cover its tracks and has done something bad at the same time. : : : : Bottom line is no one should configure my machine without my express : : permission. If they do, they're no better than the black-hats. : : : : scott : : : : : : : : On Tue, 19 Aug 2003, William Platnick wrote: : : : : : I haven't seen any cases at the University, but the worm does : bring : : up : : : some interesting moral dilemmas. Is it ok for a worm to go : through : : : systems and try to patch a machine without the user's permission? : : : : : : -Will : : : : : : -----Original Message----- : : : From: Resnet Forum [mailto:RESNET-L () LISTSERV ND EDU] On Behalf Of : : King, : : : Michael : : : Sent: Tuesday, August 19, 2003 6:00 PM : : : To: RESNET-L () LISTSERV ND EDU : : : Subject: W32/Nachi.worm : : : : : : Anyone Get this virus yet? W32/Nachi.worm : : : : : : : : : http://vil.nai.com/vil/content/v_100559.htm : : : : : : ___________________________________________________ : : : You are subscribed to the ResNet-L mailing list. : : : : : : To subscribe, unsubscribe or search the archives, : : : go to http://LISTSERV.ND.EDU/archives/resnet-l.html : : : ___________________________________________________ : : : : : : ___________________________________________________ : : : You are subscribed to the ResNet-L mailing list. : : : : : : To subscribe, unsubscribe or search the archives, : : : go to http://LISTSERV.ND.EDU/archives/resnet-l.html : : : ___________________________________________________ : : : : : : : ___________________________________________________ : : You are subscribed to the ResNet-L mailing list. : : : : To subscribe, unsubscribe or search the archives, : : go to http://LISTSERV.ND.EDU/archives/resnet-l.html : : ___________________________________________________ : : : : ___________________________________________________ : : You are subscribed to the ResNet-L mailing list. : : : : To subscribe, unsubscribe or search the archives, : : go to http://LISTSERV.ND.EDU/archives/resnet-l.html : : ___________________________________________________ : : : : ___________________________________________________ : You are subscribed to the ResNet-L mailing list. : : To subscribe, unsubscribe or search the archives, : go to http://LISTSERV.ND.EDU/archives/resnet-l.html : ___________________________________________________ : : ___________________________________________________ : You are subscribed to the ResNet-L mailing list. : : To subscribe, unsubscribe or search the archives, : go to http://LISTSERV.ND.EDU/archives/resnet-l.html : ___________________________________________________ : : ___________________________________________________ : You are subscribed to the ResNet-L mailing list. : : To subscribe, unsubscribe or search the archives, : go to http://LISTSERV.ND.EDU/archives/resnet-l.html : ___________________________________________________ : ___________________________________________________ You are subscribed to the ResNet-L mailing list. To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html ___________________________________________________ ___________________________________________________ You are subscribed to the ResNet-L mailing list. To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html ___________________________________________________
_______________________________ Kathleen B. Brinkman Senior Manager, IT Services Support Desk 312-A Hoyt Hall, Miami University mailto: brinkmkb () muohio edu voice: 513.529.5947 fax: 513.529.1496 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: W32/Nachi.worm Kathie Brinkman (Aug 20)