[712] in resnet
Re: Dorms, scanning, intrustion detection
daemon@ATHENA.MIT.EDU (Peter Peters)
Mon Jan 28 04:40:57 2002
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <rg6a5usjsrtmhiuhu89g1j8tshdpjlitud@4ax.com>
Date: Mon, 28 Jan 2002 10:33:24 +0100
Reply-To: peter.peters@civ.utwente.nl
From: Peter Peters <P.G.M.Peters@civ.utwente.nl>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <Pine.LNX.4.33.0201251036380.26244-100000@bajan.cricalix.net>
On Fri, 25 Jan 2002 10:40:01 -0500, you wrote:
>The college I work for is looking at a multi-tiered protection scheme to
>keep our servers safe. Stage 1 is complete with the locking down of servers
>and internet -> server access.
>
>In a meeting today, the issue of whether we should protect students from
>themselves (dorm residents) came up. My query to the folks on the list:
>how many of you segment your network in such a way/run IDS/educate your
>users so as to make port scanning and hacking in the dorms 'non-existent'?
We only limit some ports on the router because the students can do
without (we believe). We block port 137 and as of februari 1 25.
>Do you even care if student X portscans student Y? Does your 'care' kick in
>when student X actually breaks into student Y's machine (and I don't count
>C$ with everyone r/w as a hack if Y did that on purpose :)?
We have a very active usenet community on campus. A lot of the students
run all kinds of firewalls. When one student is scanning another (and
with all those firewalls it will be noticed) he is not save from the
public wrath of the other students.
But if one breaks into the system of another student we handle it like
any other break-in from inside to the outside or vice versa.
--
Peter Peters
senior netwerkbeheerder, Centrum voor Informatievoorziening,
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________