Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[802SEC] Worm and Virus Issues

To: STDS-802-SEC@LISTSERV.IEEE.ORG
Subject: [802SEC] Worm and Virus Issues
From: Anthony Awtrey <tony@IDEALCORP.COM>
Date: Wed, 16 Mar 2005 09:46:02 -0500
Reply-To: Anthony Awtrey <tony@IDEALCORP.COM>
Sender: owner-stds-802-sec@LISTSERV.IEEE.ORG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041015 Debian/1.7.3-5

Hello everyone,

We are seeing a significant amount of disruptive network traffic this
plenary. Our system for detecting and blocking clients that are
disrupting the network is working, but I am getting resistance from some
IEEE members regarding their infected (and infecting) computers.

Our system sends this message to the browser of the infected computer
when it attempts to view any site on the Internet:

"Access control configuration prevents your request from being allowed
at this time. Your computer is generating disruptive network traffic and
appears to be infested with a worm or virus. *Disconnect from the
network immediately!* Your Internet access is being denied until this
matter is resolved."

Some of the people who are infected are refusing to remove or turn off
their wireless network card, either through ignorance or stubbornness,
or will use the wired cafe to elude the block (until they are blocked
again) and are infecting other IEEE clients on the local network. Other
members claim that our system is in error and that they are running
current anti-virus, ignoring the fact that the computer worms are taking
advantage of system vulnerabilities and are not stopped by anti-virus
software. Another common point of discussion is my policy of not
allowing them access until they update their computer on another network
before allowing them back on the IEEE network. This has resulted in a
fairly hostile attitude from at least one IEEE member.

I have some of the member's names if someone in the ExCom would like to
speak to them personally. In the mean time, please announce in your
meetings that if you get the above warning to please follow the
instructions and get off the IEEE network. The local network congestion
is bad enough without the additional burden of processing megabytes of
malicious data that will only be dropped by our filters.

Tony
--
Anthony L. Awtrey
Chief Technology Officer
[T] 407.999.9870 x13
[F] 407.999.9850

I.D.E.A.L. Technology Corporation
http://www.idealcorp.com

"The Leader in Linux and Open Source Solutions"

----------
This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.

Prev by Date: Re: [802SEC] Proposed P&P Revision ballot on 'WG Membership and Meetings'
Next by Date: [802SEC] Please respond if you DISAGREE RE: [802SEC] +++ LMSC P&P Revision Ballot +++ EC_Membership_&_Meetings +++ Proposed Resoution Status
Prev by thread: [802SEC] Meeting change - International Venues
Next by thread: [802SEC] Please respond if you DISAGREE RE: [802SEC] +++ LMSC P&P Revision Ballot +++ EC_Membership_&_Meetings +++ Proposed Resoution Status
Index(es):
- Date
- Thread