U of C networks still slowed by e-mail viruses

In an effort to further contain the spread of recent e-mail viruses on University of Calgary computer networks, network operators added additional electronic barriers over the weekend.

"IT must be proactive in protecting network and Internet services and do as much as possible to prevent the outages that we had earlier this week and on previous occasions of worm attacks," wrote Network Services Manager Tom Seto on Fri., Sept. 12. "Therefore, we will be scanning for unpatched machines ourselves later today and if significant numbers of unpatched systems are found on a network, we will disconnect that network at end of work today so that they cannot endanger the rest of campus."

The notice came after five infected computers paralyzed much of the U of C network with large volumes of viral traffic on Mon., Sept. 8.

"If I carried out my threat to cut off those networks, we wouldn’t have a network," wrote Seto later on Friday. "Therefore, we have decided on a compromise. We will not cut off the networks, rather we are going to block NetBIOS ports 135, 137, 138, 139, 445, and 553 for the weekend ONLY starting at 7 p.m. tonight. What this will do is to prevent an infection on one network from spreading to other networks."

Viral traffic declined from a peak of over 60,000 infected e-mail messages a day last week to less than 4,000 on Wed., Sept. 17 as computers were disinfected and patched to prevent further infection. However, the port blocking designed to keep viruses at bay also prevents users from using certain file-sharing applications.

"We are in the process of applying security filtering on the academic router that will affect the U of C dialup networks 117, 123, 124, and the AirUC wireless network 200," wrote David Jager of IT Network Services on Wed., Sept. 17. "The filtering will block all incoming TCP connection requests to hosts on these networks, and as a result will prevent anyone on these networks from running applications such as FTP servers, web servers, IRC servers, etc. It will also protect clients on these networks from things like NetBIOS probes."

Leave a comment

Your email address will not be published.