In recent months, K-State has experienced a rash of compromised campus computers used by hackers to send tens or hundreds of thousands of spam messages to the Internet. Besides the embarrassment of having K-State labeled as a source of spam, some of these instances have resulted in K-State being placed on spam block lists where all e-mail from K-State is blocked. To remedy this problem, K-State intends to start blocking the protocol used to deliver e-mail off-campus on three selected portions of the network that typically have the largest percentage of compromised computers — the campus wireless network, and both the wired and wireless networks in the residence halls. This will only affect computers on these three segments of the campus network. All other network segments, including the guest wireless network (SSID=k-state.guest), will be unaffected.
This will take effect during the break between the fall and spring semesters. All students living in the residence halls will be notified about the change before they leave at the end of the fall semester.
This will not affect anyone using any K-State e-mail system, either central or departmental. Nor will it affect anyone using a web browser to access e-mail systems such as K-State’s WebMail, Zimbra, Gmail, Hotmail, etc.
Analysis of traffic on these three segments of the campus network indicates this change will impact very few people, since nearly everyone sends and reads their e-mail through K-State’s central e-mail system or uses a web browser for e-mail. For the few who might be affected, e-mail clients and other applications can be re-configured to get around the block by using more secure e-mail protocols or routing e-mail through K-State’s central e-mail service. The IT Help Desk will be available to help the few people affected by the change.
For those interested in the details, TCP port 25 incoming and outgoing will be blocked. This is the port used by the Simple Mail Transfer Protocol (SMTP) to deliver e-mail. Typically when a computer is compromised, the hacker installs malware that rapidly sends thousands of spam messages to off-campus recipients using SMTP over TCP port 25. Sometimes the hacked computer is also configured to relay e-mail messages by accepting an incoming message from the Internet on port 25 and re-sending it to numerous off-campus recipients. Thus, both incoming and outgoing traffic over port 25 must be blocked to effectively stop the abuse.
This is an important step in fighting the battle against spam and protecting K-State information and technology resources, since our systems will be much less attractive targets if they cannot be used to send spam. The exact date of the change will be announced in a future InfoTech Tuesday article.
If you have any questions, contact Harvard Townsend, K-State’s chief information security officer (harv@k-state.edu, 785-532-2985).