Recovering from CSRT Network Suspension
This document is intended to clarify the reasons surrounding network suspension imposed by CSRT and address quick-recovery methods to assist users in regaining network connectivity. While this document may not address all recovery procedures, we hope to increase the awareness of the University community by promoting a self-service methodology which will aid in your education for future problems.
Although we have attempted to ensure this document is as precise as possible, CSRT takes no responsibility for any side-effects these procedures may incur on your computer. Please see our disclaimer for the more information on the responsibility offered to you, the user.
What warrants network suspension?
CSRT will suspend network connectivity when the computer, or individual using the computer, poses a direct threat to the University network or Internet. Hosts compromised by malware (worms, viruses, trojans, etc.), hosts acting as part of a botnet, hosts sending unsolicited electronic mail (UCE) and other violations of network security policies will also be suspended from network connectivity.
How does this affect me?
A computer infected with these worms may allow unauthorized access by a malicious user and/or the propagation of malicious code onto other Internet-connected computers, including University computers. Along with this is an imminent loss of response time on the network as more and more infected computers scan the network for vulnerable hosts. For instance, if your computer is infected with W32.Blaster (born 8/2003), it may scan possibly one IP addresses per second (though we have data showing the worm is more ``noisy'' than this). If infected with W32.Nachi, your computer may scan up to 300 times that amount, per second!
How can I fix my computer?
If you have noticed that your network connectivity has been suspended, immediately call the helpdesk at (312) 362-8765. If you are a user on the wireless network, or you your own personal computer, you can follow the steps listed below to patch your machine. These steps will address a large amount of viruses and worms impacting the network. However, there are other issues that may require a complete reinstallation of your operating system. The helpdesk will be able to assist you in determining the best course of action.
If you have determined that your system can be "cleaned up" rather than requiring a full reinstallation, perform the following steps (only applicable to Windows 2000/XP operating systems):
- Login as an administrative user to your computer.
- If you are using Windows XP, turn off System Restore by clicking through the following path on your computer. Start-- Run-- My Computer-- Properties-- System Restore. Users of Windows 2000, NT or ME/98 are not required to do this step.
- Download stinger.exe, a free tool by Network Associates to clean off the running worms from your machine. Run the tool as per the instructions of the Stinger website.
- Visit Microsoft's Windows Update Website. To download the patches required by your operating system...
- Let the server analyze your machine for the latest patch level. If this does not work automatically, click ``Scan for Updates.'' (Note: you may be asked to trust the website to execute an analysis of your machine. If prompted, click "Yes").
- Click on ``Critical Updates and Service Packs'' in the left toolbar. Check all updates.
- Click ``Install Now'' -- this process may take anywhere from 5 to 90 minutes depending on the patch level of your computer.
- Reboot your computer.
- Visit the Windows Update website again and install any other patches that were not installed. Repeat until there are no patches left to download.
- To be extra cautious, run stinger.exe again to verify that the worm did not reinfect your machine during the patch process.
- Update your anti-virus software signatures as per the vendor instructions for doing so. If you do not currently own AV software, we recommend you visit our Secure Software page to find a virus scanner that is right for you.
Most Internet based worms or exploits take advantage of unpatched computers, easily guessable passwords, no passwords, or the lack of an anti-virus scanner. To combat this, we recommend the following.
- Make sure you stay up-to-date by staying current on patches.
- Choose a strong password for your machine; this password should be 8 characters long, a mixture of letters, numbers and other characters, and not be based on a dictionary word of any language.
- Update your Anti-Virus software daily.
- Report any suspicious behavior to the Helpdesk.
Microsoft also provides a feature called ``Windows Update'' in Windows XP Professional. This is a feature built into the operating system that does not require you to establish a connection over the WWW, and provides friendly reminders when updates are needed. To learn more about this feature, visit the short tutorial on enabling Windows Update. You can also visit the Windows Update FAQ to learn more about Windows Update.
The Microsoft Baseline Security Analyzer is useful for detecting the weakenesses of your computer. We recommend downloading and running this tool frequently.
Finally, Microsoft has collected various security notes and recommendations for Windows XP users. We recommend taking some time to review this by viewing the page entited Maintain Security with Windows XP.
Feel Free to Contact Us
If you have questions regarding computer or network security, feel free to contact us with those questions. We will help in any way possible. Also, sign-up for our computer and network security vulnerability alerting service; more information visit our Security Bulletins Website.
© 2001-2007 | DePaul University | Disclaimer | Webmaster
1 E. Jackson Chicago IL 60604 | 312-362-8000