From: tedcrum_at_socrates.berkeley.edu
Date: Thu Aug 28 2003 - 12:05:42 PDT
I just got a report from Security that Blaster-like activity was coming
from one of our IP addresses. The machine there was Win98 and clean, so I
went to the Campus ARP log site and determined that there had been another
machine (different MAC address), new to Campus, on that address earlier.
The feared, block-bypassing plague laptop!
By the MAC address I was able to determine that it was a Dell, and quickly
tracked it down.
So I suggest that Security include the affected MAC address in the SNS
reports they send us. I don't think the granularity of the ARP log is good
enough to do this every time. Besides, "make the computer do the work."
-tc
-- Ted Crum tedcrum_at_socrates.berkeley.edu ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Thu Aug 28 2003 - 13:02:16 PDT