NANOG Meeting Presentation Abstract

Life on a University Network: An Architecture for Automatically Detecting, Isolating, and Cleaning Infected Hosts
Meeting:	NANOG30
Date / Time:	2004-02-10 2:30pm - 2:50pm
Room:	Symphony Ballroom II - IV
Presenters:	Speakers: Eric Gauthier, Boston University Eric Gauthier is currently the senior Network Systems Engineer for Boston University\'s Office of Information Technology. Prior to this, he worked as a network engineer for several regional and large-scale ISPs, including Exodus Communications.
Abstract:	In fall 2003, many schools were unprepared in terms of network infrastructure and staff to deal with the overwhelming number of infected computers that suddenly arrived on their campus networks. This resulted in the shutdown of several University networks and an enormous strain on helpdesk staff. Over a single week in September, Boston University had approximately 10,000 students arrive on campus, 7,000 of whom arrived during the three-day Labor Day weekend. As with most schools, many of these computers were either exploitable or already infected with a wide variety of worms and viruses. Why did Boston University have a relatively quiet \"move-in\"? Using shareware tools and some minor in-house coding, Boston University deployed a system that detects, isolates, and quarantines most vulnerable systems when they attach to the network for the first time. After the hosts are active on the campus network, the host can be returned to this quarantine if it is subsequently found to be infected or fails an active vulnerability scan. While quarantined, all web queries are redirected to an informational web site that has customizable information, including a self-help guide and tools to patch and clean the host. This talk will detail the infrastructure, systems and software used to build this network registration and quarantining system, the modifications that were needed, its successes, its failures, and some thoughts on where to go next.
Files:	An Architecture for Automatically Detecting, Isolating Eric Gauthier Presentation(PDF)
Sponsors:	None.

Back to NANOG30 agenda.

NANOG30 Abstracts

• Show All

• A Distributed Control Plane Architecture to Support Millisecond Routing Convergence
  Speakers:
  Hormuzd Khosravi, Intel; Kunihiro IshiguroIP Infusion; .
  

• A Distributed Control Plane Architecture to Support Millisecond Routing Convergence
  Speakers:
  Hormuzd Khosravi, Intel; Kunihiro IshiguroIP Infusion; .
  

• Customer-Triggered Real-Time Blackholes
  Speakers:
  Chris MorrowUUNET; .
  Tim BattlesAT&T; .
  Danny McPhersonArbor Networks; .
  

• Customer-Triggered Real-Time Blackholes
  Speakers:
  Chris MorrowUUNET; .
  Tim BattlesAT&T; .
  Danny McPhersonArbor Networks; .
  

• Customer-Triggered Real-Time Blackholes
  Speakers:
  Chris MorrowUUNET; .
  Tim BattlesAT&T; .
  Danny McPhersonArbor Networks; .
  

• MPLS-Based Layer 2 VPNs
  Speakers:
  Florin Balus, Nortel; Mike Loomis, Nortel;

• MPLS-Based Layer 2 VPNs
  Speakers:
  Florin Balus, Nortel; Mike Loomis, Nortel;

• BGP/MPLS Layer 3 VPNs
  Speakers:
  Ina MineiJuniper; .
  

• MPLS Fast Reroute
  Speakers:
  Joe SoricelliJuniper; .
  

• Anniversary Retrospective Introduction: Two Decades of the Internet
  Moderators:
  Sue Hares, NextHop; Panelists:
  Paul Francis, Cornell University; Steve BellovinAT&T Research; .
  Dino Farinacci, Procket;

• Anniversary Retrospective Introduction: Two Decades of the Internet
  Moderators:
  Sue Hares, NextHop; Panelists:
  Paul Francis, Cornell University; Steve BellovinAT&T Research; .
  Dino Farinacci, Procket;

• Anniversary Retrospective Introduction: Two Decades of the Internet
  Moderators:
  Sue Hares, NextHop; Panelists:
  Paul Francis, Cornell University; Steve BellovinAT&T Research; .
  Dino Farinacci, Procket;

• Anniversary Retrospective Introduction: Two Decades of the Internet
  Moderators:
  Sue Hares, NextHop; Panelists:
  Paul Francis, Cornell University; Steve BellovinAT&T Research; .
  Dino Farinacci, Procket;

• A Short History of the Internet
  Speakers:
  Scott Bradner, Harvard University;

• End-to-end, Spam, and DoS: Threats to the Model That Made the Internet Great
  Speakers:
  Phil Karn, QUALCOMM;

• 10 Years of Corporate Change in the NANOG & IP Backbone Community
  Moderators:
  Marti LevyNone; .
  Panelists:
  John CurranXO Communications; .
  Doug HumphreyJoss Institute; .
  

• 10 Years of Corporate Change in the NANOG & IP Backbone Community
  Moderators:
  Marti LevyNone; .
  Panelists:
  John CurranXO Communications; .
  Doug HumphreyJoss Institute; .
  

• 10 Years of Corporate Change in the NANOG & IP Backbone Community
  Moderators:
  Marti LevyNone; .
  Panelists:
  John CurranXO Communications; .
  Doug HumphreyJoss Institute; .
  

• Decade of Technology Pitfalls and Successes
  Speakers:
  Dino Farinacci, Procket;

• Research Forum: NETCONF Protocol Update
  Speakers:
  Eliot Lear, Cisco Systems;

• Research Forum: Synchronising Software Clocks on the Internet
  Speakers:
  Darryl Veitch, Sprintlabs;

• Research Forum: Achievable Comprehensive Delay Reporting from Routers
  Speakers:
  Darryl Veitch, Sprintlabs;

• Research Forum: Nemecis - A Tool to Analyze the IRR Registries
  Speakers:
  Georgos SiganosUC Riverside; .
  

• Research Forum: In-Progress Research Designing Support for Troubleshooting Complex Network Problems
  Speakers:
  Barbara Mirel, Univ. of Michigan;

• ISP Security and NSP-SEC BOF VI
  Moderators:
  Barry Raveendran GreeneCisco Systems; .
  Merike KaeoNone; .
  

• ISP Security and NSP-SEC BOF VI
  Moderators:
  Barry Raveendran GreeneCisco Systems; .
  Merike KaeoNone; .
  

• Peering BOF VII
  Moderators:
  Bill Norton, Equinix;

• How to Kill Worms and Viruses with Policy Pontifications
  Speakers:
  Scott Bradner, Harvard University;

• Listen and Whisper: Security Mechanisms for BGP
  Speakers:
  Lakshminarayanan Subramanian, UC Berkeley;

• Making Sense of BGP
  Speakers:
  Tina Wong, Packet Design; Van JacobsonPacket Design; .
  Cengiz AlaettinogluPacket Design; .
  

• Making Sense of BGP
  Speakers:
  Tina Wong, Packet Design; Van JacobsonPacket Design; .
  Cengiz AlaettinogluPacket Design; .
  

• Making Sense of BGP
  Speakers:
  Tina Wong, Packet Design; Van JacobsonPacket Design; .
  Cengiz AlaettinogluPacket Design; .
  

• Hot Potatoes Heat Up BGP Routing
  Speakers:
  Renata Teixeira, UCSD; Aman ShaikhAT&T; .
  Tim GriffinIntel; .
  Jennifer RexfordAT&T; .
  

• Hot Potatoes Heat Up BGP Routing
  Speakers:
  Renata Teixeira, UCSD; Aman ShaikhAT&T; .
  Tim GriffinIntel; .
  Jennifer RexfordAT&T; .
  

• Hot Potatoes Heat Up BGP Routing
  Speakers:
  Renata Teixeira, UCSD; Aman ShaikhAT&T; .
  Tim GriffinIntel; .
  Jennifer RexfordAT&T; .
  

• Hot Potatoes Heat Up BGP Routing
  Speakers:
  Renata Teixeira, UCSD; Aman ShaikhAT&T; .
  Tim GriffinIntel; .
  Jennifer RexfordAT&T; .
  

• MPLS Over Various IP Encapsulations
  Speakers:
  Mark Townsley, Cisco Systems;

• IAB Concerns About Permanent Deployment of Edge-Based Filtering
  Speakers:
  Itojun Hagino, IETF Internet Architecture Board;

• Regional Internet Registries Statistics and Activities
  Speakers:
  Ray Plzak, ARIN;

• Real-time Global Routing Metrics
  Speakers:
  Jim CowieRenesys Corporation; .
  Andy T. OgielskiRenesys Corporation; .
  B.J. PremoreRenesys Corporation; .
  Eric A. SmithRenesys Corporation; .
  Todd UnderwoodRenesys Corporation; .
  

• Real-time Global Routing Metrics
  Speakers:
  Jim CowieRenesys Corporation; .
  Andy T. OgielskiRenesys Corporation; .
  B.J. PremoreRenesys Corporation; .
  Eric A. SmithRenesys Corporation; .
  Todd UnderwoodRenesys Corporation; .
  

• Real-time Global Routing Metrics
  Speakers:
  Jim CowieRenesys Corporation; .
  Andy T. OgielskiRenesys Corporation; .
  B.J. PremoreRenesys Corporation; .
  Eric A. SmithRenesys Corporation; .
  Todd UnderwoodRenesys Corporation; .
  

• Real-time Global Routing Metrics
  Speakers:
  Jim CowieRenesys Corporation; .
  Andy T. OgielskiRenesys Corporation; .
  B.J. PremoreRenesys Corporation; .
  Eric A. SmithRenesys Corporation; .
  Todd UnderwoodRenesys Corporation; .
  

• Real-time Global Routing Metrics
  Speakers:
  Jim CowieRenesys Corporation; .
  Andy T. OgielskiRenesys Corporation; .
  B.J. PremoreRenesys Corporation; .
  Eric A. SmithRenesys Corporation; .
  Todd UnderwoodRenesys Corporation; .
  

• Root Cause Analysis of BGP Routing Dynamics
  Speakers:
  Matthew C. Caesar, UC Berkeley; L. SubramanianUC Berkeley; .
  R.H. KatzUC Berkeley; .
  

• Root Cause Analysis of BGP Routing Dynamics
  Speakers:
  Matthew C. Caesar, UC Berkeley; L. SubramanianUC Berkeley; .
  R.H. KatzUC Berkeley; .
  

• Root Cause Analysis of BGP Routing Dynamics
  Speakers:
  Matthew C. Caesar, UC Berkeley; L. SubramanianUC Berkeley; .
  R.H. KatzUC Berkeley; .
  

• Airborne Contagion: Effects of a Worm on Wireless Networking
  Speakers:
  Christopher Chin, UC Berkeley;

• Life on a University Network: An Architecture for Automatically Detecting, Isolating, and Cleaning Infected Hosts
  Speakers:
  Eric Gauthier, Boston University;

• Analysis of the DDoS Attack Against SCO
  Speakers:
  Colleen ShannonCAIDA; .
  David MooreCAIDA; .
  

• Analysis of the DDoS Attack Against SCO
  Speakers:
  Colleen ShannonCAIDA; .
  David MooreCAIDA; .
  

• BGP Testing: Why Be so Negative?
  Speakers:
  Brent Imhoff, Wiltel; Scott Poretsky, Quarry;

• BGP Testing: Why Be so Negative?
  Speakers:
  Brent Imhoff, Wiltel; Scott Poretsky, Quarry;