Educause Security Discussion mailing list archives

Re: Bagle.j out

From: James Morris <jmorris () CAC WASHINGTON EDU>
Date: Tue, 2 Mar 2004 20:22:07 -0800

We're doing it here at the University of Washington currently.  All .zip and
.exe attachments are being dropped at our gateways and we're adding text to
the body of any such message stating why.  I expected a fairly hefty
backlash, but so far we've only seen a small handful (<10) reports of
adverse impact and they were all easily worked around.  Looking at logs, the
collateral damage is incredibly low.

We haven't yet decided when the block will be dropped.  We're currently
trying to decide how we want to deal with attachments long term and waiting
for the AV vendors to sort themselves out.

-James
--James Morris-----------------------Systems Engineer-------------------
University of Washington             Networks and Distributed Computing
4545 15 AV NE / Box 354841           Computing & Communications
Seattle, WA  98105                                    fax (206) 685-4045
E-mail: jmorris () cac washington edu                  voice (206) 221-3848
------------------------------------------------------------------------

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jason Richardson
Sent: Tuesday, March 02, 2004 20:09
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Bagle.j out

Question: has anyone resorted to dropping ZIPs and/or other attachments
at your gateways until/unless this storm passes?  I mentioned in a
meeting that I would be proposing it to my management and received the
predictable reaction, i.e., "you can't block ZIPs, we won't be able to
do business."  Of course I was not deterred but I also haven't been
given clearance to block the attachments.

Thanks,

---
Jason Richardson, J.D., CISSP, CISM, CNE
Manager, IT Security and Client Development
Enterprise Systems Support
Northern Illinois University
Voice: 815-753-1678
Fax: 815-753-2555
jasrich () niu edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Bagle.j out Theresa Semmens (Mar 02)
- <Possible follow-ups>
- Re: Bagle.j out Marty Hoag (Mar 02)
- Re: Bagle.j out Jason Richardson (Mar 02)
- Re: Bagle.j out James Morris (Mar 02)
- Re: Bagle.j out Gary Flynn (Mar 02)
- Re: Bagle.j out Tim Lane (Mar 02)
- Re: Bagle.j out Bradley D. Thornton (Mar 03)
- Re: Bagle.j out Jack Suess (Mar 03)
- Re: Bagle.j out Michael_Maloney (Mar 03)
- Re: Bagle.j out Iljun Kim (Mar 03)
- Re: Bagle.j out Joe St Sauver (Mar 03)
- Re: Bagle.j out Cal Frye (Mar 03)
- Re: Bagle.j out Gordon D. Wishon (Mar 03)
- Re: Bagle.j out Marty Hoag (Mar 03)

(Thread continues...)