TO WHOM IT SHOULD CONCERN:

My departmental LAN consists of two separate segments. Each of these segments is created with a Linux box with two NICs installed. This allows the internal LANs to be firewalled from the Internet. The LAN segments use 'reserved' or 'non-routable' IP addresses.

The first of our LAN segments is reserved for our faculty who use the MS Windows 2000 platform on their workstations. The non-routable address range that I assigned for this segment using Network Address Translation (NAT) is:

10.0.1.0/24

It exists behind the single Internet-visible IP address of:

xxx.xxx.xxx.xxx

The departmental web server provides our Internet presence via port 80 on that same IP address - again:

xxx.xxx.xxx.xxx

The site runs on a secured and patched Apache web server on a secured and patched Linux OS box and offers no other services. The site itself contains only static pages using certified HTML standards and, in the interest of reliablility, has had its name registered with Enom Inc, which provides the needed DNS info to the planet earth and beyond.

The SECOND of our LAN segments is reserved for our student/faculty/research/computer lab which uses the Mandrake Linux 9.1 platform on the workstations. The non-routable address range that I assigned for this segment using Network Address Translation (NAT) is:

10.0.0.0/24

It exists behind the single Internet-visible IP address of:

xxx.xxx.xxx.xxx

There are no Internet services offered over this IP address. It is only used as a gateway for Internet access to the workstations. Additionally, it is using the Squid proxy server (secured) to reduce network traffic if the lab is filled with people using the Internet.

The faculty LAN segment does not use any Unix services for Windows. The student LAN segment does not use any Samba services for Unix.

The combination of the two separate NATed LAN segments and the deliberate inability of the two segments to use file/print sharing was my good faith effort to absolutely minimize the spread of worms and other malware which might have a negative impact on network bandwidth and security. I don't get paid to do this.

Our department was assigned a third routable IP address in the netblock owned by the university:

xxx.xxx.xxx.xxx

I have a 'sticky honeypot' (Tom Liston's LaBrea software http://hackbusters.net) running on that IP address - again:

xxx.xxx.xxx.xxx

LaBrea is used by the FBI and the Defense Department to fight back against malicious Internet worms which scan netblocks at extremely high rates.

In our case it will make it appear that every single IP address in the:

xxx.xxx.xxx.0/24

range is in use. LaBrea 'moves out of the way' when legitimate network devices exist on that segment - however, if none actually do exist, a malicious scanner will find that:

a) the IP address responds to pings;

b) ARP requests will result in apparent MAC addresses (for devices that, again, don't actually exist); and

c) any attempts to exploit services on the unused IP addresses will result in the scanner becoming 'tarpitted' or 'stuck' until they give up the attack.

All of the MS Windows 2000 machines are equipped with Service Pack 4 and have all of the latest security patches applied as soon as they are available. They have never missed a patch nor have they ever been compromised. They also run Norton Corporate Edition Anti-Virus Software, and - most importantly - require our three static IPs to be open to traffic if for no other reason than to retrieve the patches and AV updates.

(Hint: If you cripple our LAN segments and Internet visibility (through the few services we offer) you are not helping the current campus IT situation - rather, you are increasing the likelyhood of compromise!)

I just read about the $6,000,000 cost of the new 'EXCHANGE SERVER' - what were you thinking? This is hard-earned taxpayer money being mismanaged beyond belief! The same goals could have been accomplished with open source applications (Ximian et al) for free! Without all this worm/virus stuff!

This was done because you apparently never understood that it is stupid to set up a campus wide DHCP server which leases real-routable (and therefore visible to the entire Internet) IP addresses - thus allowing easy access to malicious attackers via deliberate albeit isolated intrusion attempts or, more recently, automated Internet worm attacks which can spread with tremendous speed and, through the use of bizarrely crafted ICMP scanning algorithims, create such a large volume of traffic that affected netblocks become unusable.

This is Network Admin 101 stuff! Any undergraduate computer science major would know this by their sophomore year! However since you do not know this stuff, may I offer a primer I make available for my students?

Finally, since all of my classes require access to the departmental web server (and since I know exactly how it is performing from its logs) if denial of those services over the Internet continues any further into this semester, I will inform all students how to file official complaints about this situation with the Board of Regents and other officials.

Most of my students like me and know how hard I've worked on providing them with technology, and they know how much their technology fees are every semester, and I can provide them with logs that indicate exactly what is and what is not being competently managed IT-wise on our campus.

It's not a threat - it's reality.

Thank you for your kind attention to these matters.