<quote who="Sean Donelan">
Did the users actually believe you when you told them their computer had a worm?
Ours did. They knew there was a worm "going around." This was all happening around the time of freshmen "move-in" so lots of parents were around. It was more difficult to convince some parents that despite the fact that their kid's new laptop just came out of the box and onto the network it was already infected.[*]
How many times did you disable the same user's network access because they didn't actually fix their computer but told you it was fixed?
Just once, if they weren't patched they were automatically turned down again. (automated, not human processing)
But I have a really important document that has to be sent right now, and I can't wait to fix the computer.
Three things to solve: pencil, paper, skateboard/rollerblades/feet. :) -davidu [*] There was unfortunately a couple of flaws in our handling of the blaster worm. We have an unroutable DHCP'd zone on our network which was leaving room for new users to be infected. They would be unable to get a valid IP but clean machines on the unroutable network could be infected. If our monitoring was at the switch level as opposed to the DHCP level this would not have occured. Lesson learned (well, probably not, but learned for me at least). :( ---------------------------------------------------- David A. Ulevitch Washington University in St. Louis http://david.ulevitch.com -- http://everydns.net ----------------------------------------------------