LISTSERV 16.0 - MSUNAG Archives

ACNS Network Security has installed two intrusion prevention systems at 
MSU's Internet border.  One system protects the residence hall computers, 
and the other protects all other computers.  The systems examine every 
packet that flows through them both inbound from the Internet and outbound.  
Packets are inspected for attack signatures and protocol anomalies, if 
they match an attack, they are dropped.

These systems are in-line so they can drop attack packets in real time
as they are detected.  Combined, flows the two intrusion prevention systems
block an average of 344,000 attacks per day.  During normal traffic
patterns about 3 milliseconds of latency are added by the detection process.
Our web site "http://networksecurity.msu.edu/" has attack statistic detail
available for further review.

Intrusion prevention systems are not comprehensive Denial of Service (DoS)
prevention devices.  Since every packet is inspected, DoS attacks may 
sometimes exhaust the resources available on any such device and slow network
traffic.  Once the attack is identified and the sources are blocked, network
performance returns to normal.

ACNS Network Security is investigating ways to reduce the impact of a DoS
attack on the MSU network, both by reconfiguring the intrusion prevention
systems and possibly with specialized DoS protection devices.

While we have seen some network slowness from the intrusion prevention 
systems, not all recent network performance issues have involved them. 
As with any ACNS service issue, network outages and performance issues are
reported at "http://servicestatus.msu.edu/".

Joe Budzyn
Manager Network Security, ACNS

--
Joe Budzyn                               [log in to unmask]
301 Computer Center                      Ph: (517) 432-7448
Michigan State University
East Lansing, MI 48824

On Thu, Feb 02, 2006 at 06:56:18AM -0500, Thomas P. Carter wrote:
> 
> Is anyone else experiencing these annoying slowdowns for
> network connections to off-campus sites? The happen with increasing frequency
> and with no pattern I can discern. The connection appears to work PARTIALLY,
> but loading a web page or downloading something can take far longer than it
> should and sometimes fail. 
> 
> Yesterday late afternoon I was trying to update a new
> computer through Windows Update (at Microsoft&#8217;s site) and it took
> forever, with several failed attempts along the way. Right now (6:50 am) it&#8217;s
> happening again. Connections to on-campus sites are just fine during these
> times. I&#8217;m guessing something&#8217;s happening either with our campus
> router or our connection to the cloud&#8230;
> 
> Anyone else notice this? It&#8217;s been happening for
> several weeks now.
> 
> Thomas
> P. Carter,
>  
> Ph.D.
>  
> Department of Chemistry 
> Michigan State
> University 
> East Lansing,
> MI 48824-1322
>