Reasons your network connection may have been blocked

Individual computers (not you as the user) may be prevented from accessing the Indiana University network for a variety of reasons:

  • Viruses: Certain viruses reside on the computers they infect and use those computers to attack other users' computers over the network. The user of the infected machine will usually not be aware of the attacks leaving the computer. In these cases, the computer is blocked to protect other computers on the IU network and on the internet.

    For more about viruses and protecting your computer, see:

  • Bots: Often put in place on the blocked computer by a virus, Internet Relay Chat (IRC) bots are scripts or independent programs that perform special functions on IRC. Bots can be used to launch denial of service attacks against other computers, to log and transmit keystrokes (including passwords and credit card numbers), and to facilitate transmission of copyrighted material. In these cases, the infected computer is blocked both to protect other computers on the network, and to prevent the loss of users' sensitive personal information.
  • Unauthorized device or service on network: The blocked computer is connected to the IU network through a router or other network-extending device, or is running as a server without authorization and/or of a possibly dangerous type on the IU network. In these cases, the computer or unauthorized device can be used as a less-secure point of entry for threats to the IU network, or in some cases can cause direct disruption to the operation of other computers on the network.

    For more about routers and servers, see:

  • Illegal file sharing: The computer has been observed running file sharing services online that degrade network services on the IU network, or, more often, IU has received a complaint from the copyright holder or his or her appointed agent. In these cases, according to law, IU must take certain actions to remove the material from the IU network.

    For more about file sharing and protecting yourself, see:

  • Spamming: Multiple reports indicate that the computer is sending unsolicited email, or spam. The cause of spam is most often a compromised computer. An attacker sends spam from a compromised computer (rather than from his or her own computer) in the hopes that the spam will more easily get through mail filters.
  • FTP servers on non-standard ports: File Transfer Protocol (FTP) servers are file depositories. Users can connect to an FTP client and download or upload files. FTP servers are typically on TCP port 21; when an FTP server is found on a non-standard port, it usually means that an attacker set it up and is trying to hide it. An attacker may use this server to store his own files (often unauthorized copyrighted material) or to copy off files that were present on the machine.

    For more about FTP, including how to use it safely, see Use FTP to transfer files.

  • SSH brute-forcing: The computer has been observed attempting to make a large number of SSH connections. This activity typically means that someone is trying to guess account names and passwords. It also usually means that the computer is compromised, and that this activity is being performed by an attacker.

Check your email for a block message from the University Information Security Office (UISO).

This is document aorx in the Knowledge Base.
Last modified on 2022-02-21 14:33:27.