| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: b-nordquist at bethel.edu (Brent J. Nordquist) Subject: RE: Probable new MS DCOM RPC worm for Windows On Sat, 27 Sep 2003, Karl DeBisschop <kdebisschop@...rt.infoplease.com> wrote: > On Fri, 2003-09-26 at 22:57, Paul Schmehl wrote: > > > We're working on a "jail vlan" concept now, where "evil" computers go. > > Maybe this concept is already widely in use at academia. If it is not, > it may soon be. We've been using the concept here for 2-3 years, and it has worked well. We call ours the "black hole". :-) We only allow machines in the black hole to access MS Update, our virus vendor's site, and other places where the student can get the tools (s)he needs to fix the computer. As Paul said, we can't work on their computers; it has to be self-help (or a paid outside company). Over time we are making improvements toward increased detection of infected computers and automatic placement into the black hole. At the beginning it was mostly manual which is a lot of work. When the recent Nachi/Welchia/Sobig.f wave hit we had some incentive to invest more time in automated detection. Educational institutions that are interested in this concept might want to look into the RESNET-L mailing list; topics like this that are relevant to the ResNet environment are discussed there regularly. http://LISTSERV.ND.EDU/archives/resnet-l.html -- Brent J. Nordquist <b-nordquist@...hel.edu> N0BJN Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html * Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti
Powered by blists - more mailing lists