[802SEC] Worm and Virus Issues
We are seeing a significant amount of disruptive network traffic this
plenary. Our system for detecting and blocking clients that are
disrupting the network is working, but I am getting resistance from some
IEEE members regarding their infected (and infecting) computers.
Our system sends this message to the browser of the infected computer
when it attempts to view any site on the Internet:
"Access control configuration prevents your request from being allowed
at this time. Your computer is generating disruptive network traffic and
appears to be infested with a worm or virus. *Disconnect from the
network immediately!* Your Internet access is being denied until this
matter is resolved."
Some of the people who are infected are refusing to remove or turn off
their wireless network card, either through ignorance or stubbornness,
or will use the wired cafe to elude the block (until they are blocked
again) and are infecting other IEEE clients on the local network. Other
members claim that our system is in error and that they are running
current anti-virus, ignoring the fact that the computer worms are taking
advantage of system vulnerabilities and are not stopped by anti-virus
software. Another common point of discussion is my policy of not
allowing them access until they update their computer on another network
before allowing them back on the IEEE network. This has resulted in a
fairly hostile attitude from at least one IEEE member.
I have some of the member's names if someone in the ExCom would like to
speak to them personally. In the mean time, please announce in your
meetings that if you get the above warning to please follow the
instructions and get off the IEEE network. The local network congestion
is bad enough without the additional burden of processing megabytes of
malicious data that will only be dropped by our filters.
Anthony L. Awtrey
Chief Technology Officer
[T] 407.999.9870 x13
I.D.E.A.L. Technology Corporation
"The Leader in Linux and Open Source Solutions"
This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.