Overview
With many more people working from home, we have much more remote access to file servers, remote desktops, remote applications or remote database connectivity. As such our network is more exposed than ever.
Therefore, the network security team constantly runs a series of automated processes to monitor our network for behavior that is, or appears to be, malicious. From time to time, users may have their home IP address blocked if malicious activity is detected or suspected.
This is called a home IP block or a border block.
Critical Concepts
- Border blocks can affect users on campus or off campus.
- If an IP is blocked at the campus border, the user will not be able to access most ucsd.edu sites. Additionally, the block may interfere with VPN connectivity; as such, users will typically report not being able to access ucsd.edu or that they’re having VPN issues.
Common Causes of IP/Border Blocks
Here are some examples of what can cause an IP to be blocked, as well as some best practices to avoid being blocked.
- Malware detected on a computer. To remedy, please ensure your device(s) has antivirus software installed and running.
- Large data transfers, such as from one point on the network to another or from the network to your home device.
- “Stranded” remote desktop (RDP) sessions. This occurs if you do not properly terminate the remote session. Therefore, it may appear to our monitoring services that multiple, simultaneous connections are active, which can appear as malicious.
- Several attempts to enter a password. This resembles a “brute force attack,” or a type of hacking. To prevent password issues, use LastPass to manage your account credentials.
- Use of a private VPN especially from different locations). Many people use private VPN applications to shield their IP or make it appear they are somewhere else. However, it will look suspicious to our monitoring systems if, for example, you log in to our network from an African IP now and then an hour later from a European or Asian IP.
These are just a few scenarios that can and have occurred that resulted in an IP address being blocked.
If you have been blocked more than once, note when, and what activity you were doing and how you are doing it. Identifying a pattern like that may lead to a resolution.
We are always vigilant, and you should be too.
We would encourage you to work with your IT support team to make sure your home computers are running anti-virus solutions and that the resources you need on the UC San Diego network are accessible in a safe and secure manner.
Steps to Take
- Run a security scan on your computer. If you do not have an antivirus software to run this scan, you may want to use Malwarebytes which provides a free version to run malware scans.
- If you are unable to run a scan on your computer, contact the Service Desk at support@ucsd.edu
- If the scan pulls up a malware, remove the malware and run the scan one more time.
- Once the scan comes back clear, take a screenshot of the scan.
- Find the IP of your computer. You can do so by following the instructions here.
- Submit a ticket to support@ucsd.edu and include both your IP address and the screenshot of your scan.