Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Connectivity problems with the US Army

From: Mike Iglesias <iglesias () UCI EDU>
Date: Fri, 19 Jan 2007 09:06:22 -0800
Brock, Anthony - NET wrote:

We would love the information. However, we're not having issues with the
.mil domain. In fact, the DoD was quite responsive and helpful when I
talked with them. Unfortunately, they also said that the army.mil domain
is outside their control and that we have no recourse but to deal with
them concerning this issue.

The people at the US Army have been reluctant to discuss anything. In
fact, they initially refused to tell us why they were blocking us, only
saying it was for "reasons of national security" and that they "can only
discuss this issue with US Army personnel". After much probing (and
several different people), I finally found someone who admitted it was
their reaction to 29 probes for a Symantec vulnerability. While I can
agree with blocking to protect yourself, their procedures should provide
for notifying the remote site of the reason for the block and what they
need to do to get it removed. Also, blocking 65,534 IP addresses due to
29 probes is a bit of an overreaction.


Maybe they meant 29 IPs were probing.  We saw around 35 of your IPs either
scanning port 2967 or actively attempting to exploit the Symantec
vulnerability against systems here.


--
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069
Previous By Date Next
Previous By Thread Next

Current thread: