[OPLINTECH] Another virus related spam issue, but a new solution

millerst@oplin.org millerst at oplin.org
Thu May 7 10:36:08 EDT 2009 

I agree!!!  Anything to help us understand our networks and explore
deep-techie mojo is a good thing!!!

If it can be done as a low-cost webinar, so much the better

Steve
-- 
Steve Miller
Technology Coordinator
Ashtabula County District Library

> Using Wireshark to find a problem computer (and for other purposes)
> might be a good tech workshop for regionals and other organizations to
> present (I don't think it's already been done around here but I could be
> wrong).
>
> Phil
>
> Karl Jendretzky wrote:
>> As far as I know the library from two weeks ago still hasn't found the
>> infected machine. I just see it poking at me every couple days, checking
>> to see if I'm willing to play again.
>>
>> The machine from today is the only one on the offending ip address, but
>> the box isn't managed by the site, so we won't know whats actually on
>> there until the outside management gets back to us.
>>
>> Once I know specifically whats hitting them, I'll try to give you
>> something special to look for. If you're already up to date on your
>> patches/definitions, and you've got measures in place to either restrict
>> user actions, or wipe out user changes on a regular basis, then the only
>> thing I would recommend is that you have some plan for finding a
>> misbehaving machine on the network. Even if its just having a spanning
>> port setup and making yourself familiar with a app like Wireshark, not
>> having to scramble to learn the stuff when something is on fire will
>> save you some frustration. Even unsinkable ships need lifeboats. :)
>>
>> Thanks,
>>     Karl Jendretzky
>>     Technology Project Manager
>>     Ohio Public Library Information Network
>>     jendreka at oplin.org
>>     (614) 728-1515
>>
>>
>>
>> Chad Neeper wrote:
>>> Aside from perhaps selective egress blocking at the network perimeter
>>> firewall and keeping current on the virus definitions, is there
>>> anything else you'd like us to be doing at individual libraries to
>>> mitigate these problems?
>>>
>>> Chad
>>>
>>>
>>> -----------------------
>>> Chad Neeper
>>> Senior Systems Engineer
>>>
>>> Level 9 Networks
>>> 740-548-8070 (voice)
>>> 866-214-6607 (fax)
>>>
>>> --   Full LAN/WAN consulting services   --
>>> -- Specialized in libraries and schools --
>>>
>>>
>>>
>>> Karl Jendretzky wrote:
>>>> All,
>>>>     I was greeted this morning with yet another infected library
>>>> machine using the OPLIN mail server as a spam cannon. I've already
>>>> spoken to the library, and if any details come up that could be
>>>> useful to the group, we'll let you know.
>>>>
>>>> With increased virus activity out in the libraries, I'm trying to
>>>> find the best way to lock down our services, while still providing
>>>> access for library staff. At this point I think the best way for me
>>>> to prevent exploits like this, while still allowing libraries to use
>>>> our server as a relay for their ILS notices, is by allowing relaying
>>>> based partly off of the "from" address.
>>>>
>>>> If you are using the OPLIN mail server as a relay, and the mail is
>>>> coming from an email address that isn't @oplin.org, I need you to
>>>> shoot either myself, or OPLIN support an email letting us know what
>>>> address, or at least domain the emails are coming from. My thought is
>>>> that going this direction, I can stop the phishing emails, while not
>>>> requiring anyone in the network to reconfigure their ILS setup.
>>>>
>>>> If you have any questions, feel free to contact me.
>>>>
>>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> OPLINTECH mailing list
>>> OPLINTECH at oplin.org
>>> http://mail.oplin.org/mailman/listinfo/oplintech
>>> Search: http://oplin.org/techsearch
>>>
>> _______________________________________________
>> OPLINTECH mailing list
>> OPLINTECH at oplin.org
>> http://mail.oplin.org/mailman/listinfo/oplintech
>> Search: http://oplin.org/techsearch
>>
>
> --
>
> Phil Shirley
> Technology Services Coordinator
> Cuyahoga Falls Library
> Cuyahoga Falls, Ohio
> 330-928-2117, ext. 109
> pshirley at CuyahogaFallsLibrary dot org
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at oplin.org
> http://mail.oplin.org/mailman/listinfo/oplintech
> Search: http://oplin.org/techsearch
>

More information about the OPLINTECH mailing list