Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: the importance of security

From: Buz Dale <buz.dale () USG EDU>
Date: Wed, 11 Aug 2004 13:18:51 -0400
I think you should have fewer false positives since policy will dictate
going through a few unblocked mailservers. (That are allowed higher up
in the ACL of course.)

Buz

Jon Mitchiner wrote:

Gary Flynn wrote:


access-list 120 deny tcp any any eq 25 log

Then check your logs. :)



You'd have quite a lot of false positives unless youre looking for
someone who is sending thousands of e-mails per hour.  Then perhaps
you'd know the person is infected.  The next challenge is you wouldn't
know which virus it has until you physically inspect the machine.
That's difficult if you do not control the machine (e.g. students.)

Normally we like to be able to see what files it's sending so we can
make a record of it indicating that it probably has Beagle to make it
easier for the clean-up team. :)

Jon Mitchiner
Gallaudet University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.



--
----
Buz Dale                                buz.dale () usg edu
IT Security Specialist              1-888-875-3697
Office of Information and Instructional Technology
University System of Georgia

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: