Blaster notifications

["Bruhn, Mark S." <mbruhn () INDIANA EDU>]

We directly notified some 16 organizations yesterday (10 Abilene sites
and the others non-Abilene-connected), where they clearly had widespread
Blaster worm infections.  The problem was indicated by a *very* high
level of outbound port 135 traffic from those networks.  The contact
used was the contact maintained for the organization in the Abilene
technical contact database, and /21 network numbers were sent to those
individuals. So, some of you may not have seen that communication.

I'll refrain from commenting on the fact that some campuses haven't (or
hadn't) apparently taken recommended steps to protect themselves and the
rest of us from these evils.  Well, I guess I just did comment...

By the way, Doug Pearson is now the Director -- albeit still an Interim
-- of the REN-ISAC.  He and I will be working on formalizing
communications procedures from the ISAC over the next weeks.  But, you
will be seeing his name on most of these probably, from now on.  I'm
going to back to concentrating on my other two jobs.

M.


-- 
Mark S. Bruhn, CISSP, CISM

Chief IT Security and Policy Officer
Associate Director, Center for Applied Cybersecurity Research

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.