WHAT?S HAPPENING?
OIT will add the CoC Inland subnets to its botnet traffic filter.


WHEN IS IT HAPPENING?
On Tuesday, April 12, 2011, at 9:00 AM.


WHY IS IT HAPPENING?
To increase network security and prevent new host compromises on campus.


WHO IS AFFECTED?
CoC Inland computer users should experience little or no impact.


WHAT DO YOU NEED TO DO?
No user action is required.


WHO SHOULD YOU CONTACT FOR QUESTIONS?
TSO Help Desk (CCB 148, 404.894.7065, helpdesk@cc.gatech.edu). Additional information is below:

In preparation for the upcoming campus-wide roll-out mentioned below, TSO will identify botnet researchers and ensure appropriate Outland subnets are excluded.
> From: Herbert Baines III <herbert.baines@oit.gatech.edu>
> Date: March 31, 2011 3:25:26 PM EDT
> Subject: BotNet Blocking
>
> Good afternoon,
>
> Since January, OIT has been testing a botnet traffic filter on the campus border firewalls. It compares all traffic against a dynamic list of blacklisted IP addresses and hostnames. This list is updated hourly from Cisco Security Intelligence Operations and contains a list of IPs known to be command & control hosts, malware-serving hosts, etc. With it turned on, this filter is a simple and effective way to increase network security and prevent new host compromises on campus.
>
> For most subnets, this module has simply been logging the issues it discovered. However, OIT, in coordination with a few units, has used this filter to actively block blacklisted traffic on thirty-six campus subnets.
>
> The results of the pilot program are outstanding.
>
> Traffic to malicious
>
> Infected hosts on campus identified.
>
> User impact low / unnoticed
>
> Low overhead on the network equipment
>
> We would like to activate this blocking feature to the rest of campus on May 10, 2011.
>
> If this date poses a conflict or if your unit would like to opt-out of this protection, please contact Dan &or Jason by Friday, April 15, 2011 (BTW the tax man cometh on the 18th).
>
> Thank you,
> Reference: Cisco whitepaper
>
> http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/white_paper_c11-532091.html

Owner of Alert
TSO