Thread: Redirecting the crap to University of Crete
View Single Post
  #6   Report Post  
Posted to rec.crafts.metalworking
DoN. Nichols DoN. Nichols is offline
external usenet poster
  
Posts: 2,600
Default Redirecting the crap to University of Crete
According to Jon Elson :
DoN. Nichols wrote:
According to Jon Elson :
Well, once informed that they have a compromised system, it is their DUTY to
get it disconnected, disinfected and cleaned up!


That appears to be just what they have done -- once they got in
on Monday and discovered what had been running. The people who
perpetrate these things like to start on late Friday night to get the
maximum time before the admin staff is back to deal with the problem.
Our University Network administrators pass a beeper around, and
somebody is always on call. They can log in and take a machine
off the outbound firewall's OK list if it goes haywire.

That would not have worked in this case. It appears that it was
a client machine (probably a Windows box) which was compromised, and
which was dumping articles into the local news server -- which took care
of transmitting them to the outside.

It would have needed someone to identify the offending machine,
and disallow it connecting to the news server -- and then flush
everything posted from it. But a lot of the stuff was already out in
the net, and would be still flowing in to everywhere else for a day or
two.

What is needed there is a limit to the number of articles per
hour that any one machine can submit to the news server.

Any
place with at least a couple hundred machines should be required
to have similar staffing. Especially with student-owned
computers on their internal net, this is going to happen every
couple days, at least.

Agreed,
DoN.

--
Email: | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---
Reply With QuoteReply With Quote