Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question regarding Marketscore spyware

From: "Scholz, Greg" <gscholz () KEENE EDU>
Date: Thu, 2 Dec 2004 17:31:42 -0500
It seems this discussion is addressing a variety of scenarios without a
complete fix.  Overall it seems there are 4 scenarios:
On campus to on campus
Off campus to on campus
On campus to off campus
And off to off

On to on: Block all off campus access to the system.

Off to on: DNS poisoning will not do anything, but blocking the sender
(Marketscore) from accessing the server on campus will. This is
difficult for the reasons others have contributed earlier. A bigger
solution could also include mutual authentication so the server would
check client certificates also.

On to off: it sounds like blocking the destination port could be the
fix.  I believe someone in this discussion said that it redirects to a
proxy working on port 8000.  And in this case the DNS poisoning
could/would be part of a solution.

Off to off: we are not part of the equation so user education is the
only option.

_________________________
Thank you,
Gregory R. Scholz
Lead Network Engineer
Information Technology Group
Keene State College
(603)358-2070

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: