Educause Security Discussion mailing list archives
Re: Connectivity problems with the US Army
From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Fri, 19 Jan 2007 12:48:36 -0600
-----Original Message----- From: Brock, Anthony - NET [mailto:Anthony.Brock () OREGONSTATE EDU] Sent: Friday, January 19, 2007 11:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Connectivity problems with the US Army-----Original Message----- Maybe they meant 29 IPs were probing. We saw around 35 of your IPs either scanning port 2967 or actively attempting to exploit the Symantec vulnerability against systems here.Very possible. However, this still seems a bit extreme for
implementing
a "permanent block" of this scale. Also, there should be some method
for
notifying the affected site and correcting the issue.
I both agree and disagree. In my case I was watching for SSH brute force scans. Each time I saw a scan I would contact the abuse, security, or NOC contact and send logs. Rarely did I receive a response. If there were 3 or more occurrences (i.e. three or more days of any host scanning) then I would block the organizations entire address space. Once when I did that I caused a lot of websites to quit loading because the organization was a large NOC. I began to add exclusions so that the pages would load. The admin thought I was going overboard because I blocked their entire range because of 4 occurrences. I'm sorry, but the student information I am protecting is much more important than being able to access those websites. My Vice-President and Dean agree. If a website is important enough, then we make an exception. -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System Administrator OTC Computer Networking Office: (417) 447-7535
Current thread:
- Re: Connectivity problems with the US Army, (continued)
- Re: Connectivity problems with the US Army Jay Tumas (Jan 19)
- Re: Connectivity problems with the US Army Brock, Anthony - NET (Jan 19)
- Re: Connectivity problems with the US Army Brock, Anthony - NET (Jan 19)
- Re: Connectivity problems with the US Army Jamie A. Stapleton (Jan 19)
- Re: Connectivity problems with the US Army Samuel Liles (Jan 19)
- Re: Connectivity problems with the US Army Randy Marchany (Jan 19)
- Re: Connectivity problems with the US Army Mike Iglesias (Jan 19)
- Re: Connectivity problems with the US Army Brock, Anthony - NET (Jan 19)
- Re: Connectivity problems with the US Army David Gillett (Jan 19)
- Re: Connectivity problems with the US Army Pace, Guy (Jan 19)
- Re: Connectivity problems with the US Army HALL, NATHANIEL D. (Jan 19)
- Re: Connectivity problems with the US Army Cal Frye (Jan 19)
- Re: Connectivity problems with the US Army Brock, Anthony - NET (Jan 19)