From: Allen Chang (allen_at_rescomp.berkeley.edu)
Date: Fri Aug 01 2003 - 22:38:21 PDT
Since I'm probably responsible for the single largest group of computers
(currently 1700 but close to 6000 during the school year), I guess I'll
pipe up.
We(as in ResComp) need that block.
1) We have no control over the residents' computers
2) We often have no reliable method of reaching the residents
3) The residents can't be relied upon to patch their computers
I haven't actually scanned my network yet, but since we have about 1,000
Windows XP/2000 computers, I'll be conservative and estimate that 500 are
vulnerable.
Not that my comments will make much of a difference. Just letting people
know what I'm up against.
Allen
Lead Network Security Coordinator
Residential Computing
On Fri, 1 Aug 2003, Craig Lant wrote:
> OK, so no one seems to have the guts to back me up on this and I haven't
> heard from anyone who doesn't want a block. ;) Let me pose a few quick
> questions before I authorize a block.
>
> First, how many machines have actually been compromised? So far, I've
> only heard of less than 30 or so confirmed compromises and I can assure
> you the kiddies are trying. We're seeing lots of scanning going on.
>
> Second, how many vulnerable machines are still out there? Everyone I've
> spoken to has got the message and has been working feverishly (thank
> you) to get their systems patched so they wouldn't be left out naked
> over the weekend.
>
> If we do a block, Microsoft is suggesting that ALL of 135, 137, 139, and
> 445 be blocked. That will definitely cripple hundreds, if not
> thousands, of users who probably don't subscribe to these lists. This
> will shut off all windows file sharing from home, access to exchange
> servers from home, remote desktop access from home, etc. This would at
> least be in place over the weekend. So, if this is a problem for anyone
> reading this, speak up now.
>
> Thanks,
> Craig
>
> -------------------------------------
> Sent via the ucb-security mailing list.
>
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Fri Aug 01 2003 - 22:51:31 PDT