Have worm? University upgrades network

Sean Donelan said

On the other hand, California State-Long Beach is planning to upgrade
its network to deal with the worms.


While Sean's interpretation draws reasonable inference from the cited
article, the particular upgrade we've been told about will use
some L2 intercept boxes to scan user computers at the time they attempt
to connect to the LB net. They seem to be referring to the installation
of the authentication/scanning boxes as part of the network upgrade.
The hope/plan is that web redirection for software fixits through
an appropriate campus download page will preceed releasing full
internet services to the users.

I don't think that CSULB is going to add capacity to deal with the
icmp scans. Rather they are hopeful that they can use this as a
clean up strategy.

What we (UC Santa Cruz) share with LB is the vendor that will be
adding scanning to their net-auth box: Perfigo. We have heard of
the LB plans indirectly through the vendor, but in the context of
the article, it all fits.

-jim warner, UC Santa Cruz

Do people find "self-certification" by end-users actually fixes anything?

Or do users keep on clicking on the "Yes, I'm Clean" button?

In the meantime, you still have to carry the traffic from the infected
computer if only on your quarantine "network." Usually the quarantine LAN
is some type of virtual network, so the underlying bandwidth is still
consumed by the traffic. Its amazing what happens to a registration
server when an infected computer tries to register tens of thousands of
times a minute. Redirecting the user traffic to a quarantine server,
results in that server getting whalloped.