The Information Security Office (ISO) has recently seen an increase in port scanning on Case Wireless. Several individuals have already been contacted in regard to port scanning, and the ISO would like to provide additional context.
What is port scanning?
Port scanning is a common information gathering technique used for legitimate systems administration tasks, for authorized penetration tests and by attackers for identifying exploitable hosts.
Am I allowed to run port scans on the CWRU network?
Because port scanning creates substantial risk of interference with network operations, it goes against the CWRU Acceptable Use Policy (AUP), and is specified as a Banned Protocol. With that said, please do not run any port scans, or perform any other unauthorized penetration testing on the CWRU network (including, but not limited to, Case Wireless and the wired network) for any reason, as these violate the CWRU AUP. Attempting to gain unauthorized access to systems not owned by you is also not permitted by the CWRU AUP.
I’m running port scans for a class. Is it still allowed?
No, it is still not allowed. If you would like to practice port scans, please do so on a non-CWRU owned network, provided that that network allows it in their AUP.
I didn’t start a port scan, but I got an email saying that I did. What do I do?
Your device may be infected with malware. We recommend that you run an anti-virus (AV) or anti-malware scan immediately to remove the infection.
What AV can I use?
The university offers Symantec Endpoint Protection on the Software Center at no additional cost for both Mac and PC, and the Kelvin Smith Library University Technology ([U]Tech) CARE Center can assist in-person with installing the software and removing the malware. Other reputable AV software such as Malwarebytes work just as well, and have been shown to remove malware when SEP does not find any.
If my device runs a port scan, will my network access be revoked immediately?
We will not revoke your network access without first contacting you and/or your dean or supervisor. If you receive an email from the Helpdesk or the ISO, please do not ignore it. You can respond to the email or contact the Helpdesk directly for next steps, or to schedule a time to have your device scanned for malware.
A word of caution
Now that we’ve released this information to the internet, it will undoubtedly be used in a new wave of phishing emails. If you receive any emails stating that your access will be revoked unless you click a link, you may be the target of a phishing scam. Please send those emails to email@example.com or firstname.lastname@example.org, and we can verify the legitimacy of the sender and block them to prevent future scam attempts.