Re: Virus/Trojan/Worm in the Dorms

[Nick Kartsioukas <lists.educause.security () CHANGE NIGHTWIND NET>]

On Fri, 02 Sep 2011 23:35 +0000, "Allen Wood" <awood () HILLCOLLEGE EDU>
wrote:
> I'm sending this on behalf of a neighboring college.  It looks like they
> need help in a pretty bad way... here's their message-

Hopefully they have managed switches everywhere so they can enable DHCP
snooping and control the traffic on their network.
http://en.wikipedia.org/wiki/DHCP_snooping
http://packetlife.net/blog/2010/aug/18/dhcp-snooping-and-dynamic-arp-inspection/

They should be able to block DHCP responses from unauthorized sources
(basically, every client port).  This won't help them when they take
their computers home at the end of the term and infect all their other
family members' machines though, perhaps distribute instructions on how
to use some free scanning sites or tools on removing that particular
piece of malware.

Something else for them to look into down the road is the concept of
private VLANs which can be used to prevent all client-to-client
communication, personally I think this is a great idea for residential
type networks or anywhere else that has a large number of uncontrolled
clients connected.
http://en.wikipedia.org/wiki/Private_VLAN
--
Nick Kartsioukas
Cuesta College Computer Services
805-546-3248