Educause Security Discussion mailing list archives
Re: Connectivity problems with the US Army
From: "Brock, Anthony - NET" <Anthony.Brock () OREGONSTATE EDU>
Date: Fri, 19 Jan 2007 08:04:00 -0800
We would love the information. However, we're not having issues with the .mil domain. In fact, the DoD was quite responsive and helpful when I talked with them. Unfortunately, they also said that the army.mil domain is outside their control and that we have no recourse but to deal with them concerning this issue. The people at the US Army have been reluctant to discuss anything. In fact, they initially refused to tell us why they were blocking us, only saying it was for "reasons of national security" and that they "can only discuss this issue with US Army personnel". After much probing (and several different people), I finally found someone who admitted it was their reaction to 29 probes for a Symantec vulnerability. While I can agree with blocking to protect yourself, their procedures should provide for notifying the remote site of the reason for the block and what they need to do to get it removed. Also, blocking 65,534 IP addresses due to 29 probes is a bit of an overreaction. In any event, the information would be greatly appreciated. Thanks! Tony
-----Original Message----- From: Jay Tumas [mailto:jay_tumas () HARVARD EDU] Sent: Friday, January 19, 2007 4:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Connectivity problems with the US Army We have run into similar issues over the past decade. The .mil domain typically gets pretty defensive when they pick up on any amount of probing, especially from .edu domains. My experience has been that if you can verify the offending systems are clean, and you are talking with the right folks, you can get the block removed - if not for your entire network, then for the subdomains that require this access for specific tasks. I do (did) have a good contact that was very responsive and was able to open the .mil domain up to Harvard traffic. I will see if I can dig up his contact info and forward it along. J Brock, Anthony - NET wrote:Oregon State University recently noticed that we were beingblocked fromaccessing all army.mil domains and resources. The blockincludes accessto their DNS and email servers. We have since learned thatthis blockwas implemented as a result of probes from machines compromised as a result of the Symantec vulnerability. While we had hoped that the situation would correct itself, we've since learned thatthis may nothappen. We have had zero luck trying to deal directly with the Army administrators. As a result of the impact on several campusgroups, myadministration is looking to escalate this into thepolitical realm. Ifpossible, I would like to give them an idea of how many other institutions may have been affected. Is anyone else encountering this problem? One of the administrators at the Army NOC indicated that most of the .edu IP space was being blocked. I would like to have a more solid foundation before I take that type of assertion to myadministration.Thanks in advance! Tony Anthony Brock Senior Network Security Engineer Oregon State University - Network Engineering http://oregonstate.edu/net/security/-- **************************************************************** Jay Tumas, NSA/IAM,IEM - Network Operations Manager - Network Security and Incident Response Team Manager - Longwood Medical Area Technical Subcommittee Chair - NEECTF Member/InfraGard Member, I have run into this int he pastBoard of Directors Harvard University - UIS/Network Operations Center 60 Oxford Street, Suite 132 Cambridge, MA. 02138 Office: 617-496-8500 VoIP/SoftPhone: 617-384-6530 Cell: 617-733-6169 Cell 2-way/Email: 6177336169 () vtext com **************************************************************** "The first method for estimating the intelligence of a ruler is to look at the men he has around him." - Niccolo Machiavelli
Current thread:
- Connectivity problems with the US Army Brock, Anthony - NET (Jan 18)
- <Possible follow-ups>
- Re: Connectivity problems with the US Army Mike Iglesias (Jan 18)
- Re: Connectivity problems with the US Army Jay Tumas (Jan 19)
- Re: Connectivity problems with the US Army Brock, Anthony - NET (Jan 19)
- Re: Connectivity problems with the US Army Brock, Anthony - NET (Jan 19)
- Re: Connectivity problems with the US Army Jamie A. Stapleton (Jan 19)
- Re: Connectivity problems with the US Army Samuel Liles (Jan 19)
- Re: Connectivity problems with the US Army Randy Marchany (Jan 19)
- Re: Connectivity problems with the US Army Mike Iglesias (Jan 19)
- Re: Connectivity problems with the US Army Brock, Anthony - NET (Jan 19)
- Re: Connectivity problems with the US Army David Gillett (Jan 19)
- Re: Connectivity problems with the US Army Pace, Guy (Jan 19)
- Re: Connectivity problems with the US Army HALL, NATHANIEL D. (Jan 19)
- Re: Connectivity problems with the US Army Cal Frye (Jan 19)
- Re: Connectivity problems with the US Army Brock, Anthony - NET (Jan 19)