Policy - ResNet Scanning

UBC IT is cooperating with the rest of the efforts on the Internet to help reduce and prevent Denial of Service attacks. Denial of Service attacks affect not only the target of the attack (in some cases, well known sites such as Yahoo, CNN, Disney) but also the intermediate unknowing victims whose computers are used as a base for the attack.

UBC IT is currently testing and implementing several types of systems to detect and record network abuse, focusing on areas that directly impact the UBC Network and our connectivity to the Internet: DDOS (Distributed Denial of Service Attack) agents and backdoors into computers (which allow intruders to plant attack software).

As a first step, we have begun proactive scans of machines on ResNet and other networks on campus.  The scans are limited to looking for DDOS agents and backdoor trojans.  They do not scan data on users' hard drives.

In the long term, we plan to actively monitor the network for attack patterns either coming into the campus or leaving. This will provide us with a better and more accurate way of detecting attack software in progress. Monitoring will be done at the network level so this will be totally transparent to users (unless the attack is originating from a particular port in which case we will shut it down without notice).

What If Your Machine Is Affected?

If the network scans pick up evidence of DDOS agents or backdoor trojans on your machine, you will be notified by letter. This letter will contain information on how to fix the problem.

ResNet users should take the following measures:

  1. Know the type of software that you install on you computer. Install only reputable software installed either from vendor-supplied CDs or reputable sites.  A good way to do this is to visit CNet Download.com and download directly from there (not a copy that you obtained from someone else, even if you trust them).  Backdoors (which open up your machine to the world) can be attached to legitimate software, so be careful!
  2. Run a personal firewall. ResNet does not provide any type of firewall protection.  This is your own responsibility. A good and free firewall is available from Zone Labs and information on personal firewalls is available from the Gibson Research Corporation.
  3. Always run an updated virus checker. Ideally the checker should connect back to the vendor site and auto-update at least every month.  If you run an outdated virus checker, it's worthless. Some good antivirus tools exist at Symantec Corporation, Trend Micro and McAfee.
  4. Remember that precautions #2 and #3 don't fully protect you, so you have to be vigilant with #1.

Contact Information

If you have any questions about network security or ResNet scanning, please contact the IT Service Centre Help Desk.