OIT shuts down student network access, pending hand inspection

[Chris Swingler]

The Office of Information Technology has shut off all network access for students in the dorms.  Whenever we look for an IP via DHCP, we're all assigned a 192.168.x.x IP--so we are i-so-lated!  We can't access a single computer outside of the dorm, and for those of us who want to connect to the internet, we need to use the modem pool (x4638, btw).  

So, why are we off the network?  OIT blames the current rash of virii/worms, and is going to come by and hand inspect each student-owned machine, install necessary patches, and install McAfee on all our machines.  Patches, did you say?  Here's a list of IP addresses showing which computers are patched/not patched against the Blaster worm (here's the tool I used).  Why doesn't OIT cut their machines off individually, and send them a nice letter telling them that they need to patch their systems?  It's not exactly fair to the rest of us, who work with the internet a lot, and also don't want antivirus software installed (safe computing works better, anyhow).

Plus, there is a security/privacy risk here.  OIT can't do what they want to unless they get Administrative rights to our machines, and, since they are working on a Monday, it's quite likely that most of the users will be out of their rooms.  On top of that, most of what I've heard had placed OIT somewhere low on the computer-competence scale, and I have little desire for them to mess with an operating system as fragile as Windows.

Most of us here on 3-south are installing *nix anyhow today, and are prepared to inform them that it is our only OS.  I'd like to see what OIT plans to do with my headless *nix box :D

Aight, I'm just ranting, since no one can get online and read this!  Post your comments anyway.

--Beanie

[R. Andrew Lamonica]

This is interesting for several reasons.

1. How is OIT going to get past the login screens on peoples computers without them being present.   Obviously, they could hack past the login since they will have physical access to the machines, but I am pretty sure that they are unwilling to put that much time into accessing an individual machine, when they could just read the jack number off the wall and deny that user network access instead.

2. I was told by the customer service department, last, semester (spring) that they no longer had a license allowing individual students to put McAfee VirusScan on their personal computers because of a lack of funding.  I believe that â€Ã...“Safe computingâ€Ã, involves having a virus scanner and keeping it up to date, so I purchased Norton instead of using what was once a free download from SIUE.  If it is still the case that OIT cannot legally install McAfee to student computers, then are they going to be putting â€Ã...“piratedâ€Ã, software on all the dorm computers?  That sounds bad.

3. What happens if OIT comes to update a computer and discovers that that computer is running a pirated version of Windows.  Obviously, this should not be the case for most readers of this group because they can get legal copies of Windows from the MSDNAA through their Academic Department, but it still might happen.  If this does happen, OIT is in a legal bind.  If a user does not give explicit permission for OIT to use that user’s computer then any evidence of law breaking cannot be legally acted upon.  On the other hand, one of the best defenses the University has against software companies seeking damages is that it has no direct knowledge of piracy on campus and if OIT does a room-by-room examination of student computers at any point it will be hard from them to pretend they saw no software piracy.  Obviously, OIT can suspend privileges to students who fail to comply with University Policy.  For example, they could say if you don’t have your computer patched then you get no Internet access.  Some computers in the EB have lost Internet access this week under a deal similar to this.  But this brings us back to the questions of why they want an inspection rather then just disabling suspect ports.

4. What if a computer user has a virus checker and the patches, or is running Win95, MacOSX or other unsusceptible OS?  Will OIT still want to examine that user’s computer?  This question would be best answered by OIT.   I am assuming that Beanie got some kind of official notice from OIT outlining their plan.  If this is the case it would be great if he could post it for those of us not on any Dorm E-mail lists.

I find this whole turn of events kind of surprising.  It seems like disabling individual network jacks would be a lot easier, safer and friendlier then conducting a hand examination, but maybe OIT has reasons from doing in this way.  If so I would love to hear them, be they technical or otherwise.  If there are any OIT employees who frequent this group, I encourage them to reply.

[Gish]

If I was still living in the dorms and OIT wanted to look at my machines.  I would tell them to have good day and close the door.  OIT's job stops at the jack in the wall, after that it is my problem.  

[Michael Kennedy]

This is very interesting because I don't think OIT's job is to give you a jack and leave you the hell alone.  Their job is to secure the network (as far as I know noone else has that job) and keep the quality of service high for all thier users.  So, if I were part of OIT and you did that, you'd lose Internet connectivity.

On the other side, though, OIT is being very stupid IF they are actually going to hand upgrade machines.  Especially if they're doing it without permission.  They should block off the offenders and either have them sign up for an appointment to get fixed, or keep scanning and periodically check to see who should be let back on to the network and how should be kicked back off again.

[Chris Swingler]

Here's the message we got.  OIT didn't send it through email (obviously, since we can't get online), so they taped it to lots of walls in the building.  I stole this copy from my RA's door, and should probably return it in a timely manner.

"Virus Attack!

SIUE, like many other universities and businesses, has been attacked by several Internet worms and viruses in the last few days.  Our Office of Information Techonogy is making a special effort to protect the University computers and network from these attacks.  As a result, there is currently no Internet connectivity in student residences.

One of the task[sic] that our technicians have is to make certain that our students' personal computers are disinfected and secure from further attacks.  Teams of OIT technicians will begin work in student housing at noon on Monday.  The team members will assist students with protecting their Windows PC's[sic].  As part of this process, technicians will install McAffee VirusScan, at no charge, on each computer.  After groups of PCs are disinfected, the technician will connect them to the Internet as soon as possible.

For those of you who need to use the Internet this weekend, the Bluff Hall computer lab, which is still connected to the Internet, is open twenty-four hour[sic] a day.  All Academic Computing Labs will be open"

Dated Aug 22, 2003, at 8:11pm.

--Beanie

[Stiffler]

I'm glad I'm not in the dorms anymore. Although, I have nothing to fear: I have a legal OS (via msdnaa), virsus scanner (AVG Virus Scanner v7.0.x Free Version), Previously mentioned virus scanner up-to-date, and fully patched with all the latest and greatest Microsoft dung (bypassing the censor).

I am glad they are inspecting computers though. Last year there was someone on the network with several different virii, and I sent a number of messages to him, and he named his computer his real name, so I was able to get his room number, and he still would not do anything about those virii. Whenever he was disconnected from the network, it went faster. I know Beanie knows who I'm talking about.

Since Win XP is on the CS computers again, y'all can always configure a proxy to get inet access :roll:. Hmmm, that reminds me, I need to tell Greg how to stop that from happening. I'm not going to tell y'all how to do it, but just that at this moment, it's very easy.

Jon

[Chris Swingler]

Stiffler said:

Since Win XP is on the CS computers again, y'all can always configure a proxy to get inet access

Actually, no we can't.  Some genius in OIT pulled our router, and we can't even talk to computers next door, save the next building.

--Beanie

[R. Andrew Lamonica]

    As a member of the Computer Science Department Network/Workstation Support Group, I would like to address the proposal on this board that students could use CS lab machines to act as personal proxies because of the access rights we have given them.

Some of you may wonder why we allow students to have administrative privileges on our computers when most every other department on campus including Academic Computing does not.  The answer to this is simple.  We only let computer science students use our computers.  The Computer Science department has a high opinion of our student's computer skills.  For example, we can be certain that our students know it is not a good idea to delete the WINDOWS folder, so we allow our student's permission to save and delete files on local computers.  We can be certain that our students know that is it a bad idea to install software of unknown origin, so we allow students permission to temporarily install software.  Many of our students know what the Windows Registry is and how it works, so when we recently discovered how registry editing had been inadvertently disabled we enabled it again to allow students more access.  Clearly from the behavior referred to on in this thread we cannot be sure that all of our students are exercising ethical behavior when using Department Computers.  However, for the most part university students seem to understand that having privileges means having responsibilities and it is a privilege to have administrative rights on lab computers.
 
As a former resident of Bluff Hall I know how frustrating it is to be in one of the few groups of people on campus to have your external bandwidth capped.  However, rather than using lab computers to solve your problems it would be better to find a solution that can benefit many students.  If there is a general desire to setup a proxy in order to speed up web browsing, perhaps we can setup a proxy server for the use of CS students or members of CAOS.  I don't know if this would be allowed because, to date, I do not think anyone has asked.  I will mention that creating an efficient proxy is a legitimate computer science project and I did a presentation about it just last semester in CS 587.

Dr. Waxman asked me to add that if any student is caught abusing his or her privileges, the Department will consider disabling that individual's accounts on Computer Science machines.

[Stiffler]

Some genius in OIT pulled our router, and we can't even talk to computers next door, save the next building.

That's exactly why y'all are gettin the 196 addresses. It's easier and quicker to Unplug one building than to turn off many ports.


Andy, you fell for another Stiffler Troll. hehe. You know I am usually never serious. Anyways, you can ask Greg about this. I gave him a nice thick packet on how to Secure, tweak, and speed up the performance of Win XP. Yes, there are registry settings, that you can set to speed up Win XP a lot. Most of them even work on Win 2k3 Server series. Although, I don't know if he actually did some of the things in that packet. I actually fell that there are too many privileges on the CS computers. I get really annoyed at some of the programs people install. Mainly yahoo messenger.

Being serious here: I will try not to troll anymore, but those that know me, I do get extremely bored sometimes, and I just can't help it.

Is the network back up in the Res Halls yet?

Jon

[William Grim]

That's exactly why y'all are gettin the 196 addresses. It's easier and quicker to Unplug one building than to turn off many ports.

Oh, I didn't get any 192.168.xxx.xxx addresses on my machines, except the ones behind my firewall.  Andy and I think that perhaps someone was running a DHCP server (via Internet Connection Sharing) without knowing it.

Plus, about unplugging one building, from what I understand, they didn't actually do any of that.  They just disconnected physical ports from the router, hence some problems some people were having with getting back on the Internet (the wrong ports would be plugged back into the router).

you fell for another Stiffler Troll

I didn't see comments about Win XP proxy [ab]use as a trolling comment.  When the firewalls are in place, we can pinpoint where high Internet activity was taking place at what time and associate it with a user logged into a machine at a given time.

Granted, creating rather effective firewalls (more for protecting against worms than our own users) will take a while, it should be noted that EB bandwidth should be used for legitimate school use on your own good faith.

[Chris Swingler]

Let's add on to this thread with a recent Slashdot article:

Universities Taken Offline to Fight Worms, Viruses
Posted by CowboyNeal on Thursday September 04, @05:47PM
from the drastic-measures-taken dept.

chrismg2003 writes "Nationwide universities are opening their doors to new students but closing off their network services. The Blaster worm has caused universities to take drastic actions to protect their campus networks. Universities have gone as far as shutting down their entire resnet network and bringing it back up dorm-by-dorm after each computer has been certified worm-free. The ICMP ping requests alone have brought down PLU's gatekeeper (resnet) multiple times and we are scrambling to clean the worm from all computers before it forces us to follow suit with other universities.

I have mirrored this article at my website on cougar, so you don't have to do the goofy-WashingtonPost-registration-jive.  

"University of Maryland residents who tried to access the school's network for the first time over the past two weeks were corralled onto a Web site to help search for and mend the security hole exploited by Blaster, a computer worm that emerged last month and infected hundreds of thousands of computers worldwide. More than 6,000 students that had yet to apply the needed patches did so, but hundreds of other students ignored the advice and were promptly booted from the university network, said Gerry Sneeringer, an IT security officer at Maryland's Office of Information Technology."  I think our OIT department could learn a lesson from this.

And has anyone else on the network noticed that we are now firewalled?  No one can access FTP, HTTP, or ident on my computer...

--Beanie