UCSF home page UCSF home About UCSF Search UCSF UCSF Medical Center

image of letter Email

blank Access mail@ucsf
blank Update spam filter
blank Reset password

image of lock VPN

blank Login to vpn@ucsf
blank VPN Help

image of phone Help

blank Login to help@ucsf
blank email us
blank Call (415) 514-4100,
blank Option 2




Advanced Search
Recent Changes

Urgent Security Update: Timbuktu Port Blocks at the UCSF Network Border

WHAT'S HAPPENING:

Effective immediately, all inbound traffic from TCP/UDP port 407 and TCP ports 1417-1420 into the UCSF network will be temporarily blocked.

Protocol / Port #Associated Service

TCP/UDP port 407        Timbuktu

TCP ports 1417          Timbuktu Service 1 Port

TCP port 1418   Timbuktu Service 2 Port

TCP port 1419   Timbuktu Service 3 Port

TCP port 1420   Timbuktu Service 4 Port

WHY:

On Friday, August 8, 2008, a UCSF department received reports of numerous computers’ anti-virus program detecting/quarantining virus/malware“Mal/Emogen-N and Mal/Behav-010” on their systems.  After tireless troubleshooting/investigating by that department’s IT organization, they surmise the compromise may have occurred through a vulnerability in TimbuktuPro version 8.6.5. 

In addition to the department’s information, the network traffic logs confirm ‘suspect’ traffic was being generated to port 407 from external non-UCSF IP addresses during the time of their ‘attack.’

WHAT YOU NEED TO DO:

1.  If you need inbound TCP/UDP port 407 and TCP ports 1417-1420 open at the network border, please submit a Remedy ticket throughOAAIS Customer Support.

2.  If you use Timbuktu, please ensure you are using the latest versions (Timbuktu Pro version 8.7.1 for Mac OS X 10.5 and  8.6.6 for Windows).

3.  Update your anti-virus software with the most recent virus definitions

*Sophos:http://www.sophos.com/downloads/ide

McAfee:http://www.mcafee.com

Norton:http://www.symantec.com

*Sophos anti-virus software is available at no cost to all UCSF users and affiliates at theUCSF: Licensed Software website. To ensure that only UCSF affiliates access this software, you will be required to enter your UCSF Employee ID and last 4 digits of your social security number.

4.  If you suspect your system was compromised due to this vulnerability, please report the incident toOAAIS Customer Support.

ADDITIONAL INFORMATION:

Timbuktu Pro Path Traversal and Log Injection

http://www.securiteam.com/windowsntfocus/5PP0B1PNQI.html

OAAIS Enterprise Information Security –Best Practices

http://security.ucsf.edu/EIS/BestPractices.html

OAAIS Customer Support Service Desk

Mon – Fri, 7 a.m. – 6 p.m.

415 514-4100, option 2

help.ucsf.edu

customersupport@ucsf.edu

Please tell us what you think of our website