|
Grex > Coop11 > #47: Banning a site from Grex; a discussion of when to do this | |
|
| Author |
Message |
| 25 new of 264 responses total. |
scott
|
|
response 145 of 264:
| 
Dec 10 20:55 UTC 1998 |
No. Anyway, we *want* people to be able to write and run their own programs.
Some people learn a lot on Grex that way.
|
steve
|
|
response 146 of 264:
|
Dec 10 21:23 UTC 1998 |
There is no sane way to do that, though I could scheme up some grand bizarre
things to do that.
But as Scott says, being able to write code here is one of the nifty and
cool parts of Grex. Grex is an open system, as much as it possibly can be,
and I don't want to change that.
|
steve
|
|
response 147 of 264:
|
Dec 10 21:42 UTC 1998 |
To get this item back on track to the discussion of IIT and site banning,
we have heard that IIT has been blocked again, but this time from the IIT
system administrators. We do not have official word on this yet.
|
samsoft
|
|
response 148 of 264:
|
Dec 10 23:36 UTC 1998 |
Ok Scott I get it. Rather I support it and thats why grex is a cool place :)
|
steve
|
|
response 149 of 264:
|
Dec 11 02:36 UTC 1998 |
thanks
|
levi
|
|
response 150 of 264:
|
Dec 11 19:54 UTC 1998 |
So steve as i had told here before , IIT KGB sys admin folks blocking the
gateway was bound to happen anyway . Whether its loss of an email id and other
stuff for some considerate users from IIT KGB , i think it is .
I hope the other IITS wont go this way and poosibly prospective fork bombers
would think twice before doing anything nasty in GREX
|
spiff
|
|
response 151 of 264:
|
Dec 12 09:38 UTC 1998 |
i think it's time for a user of the banned site to make his side of the matter
visible. i am a user from that site, and believe i have some legitimate points
to make.
+ the ip address you tracked is 164.100.25.83 this ip address is a *free*
gateway for telnet, and there is no way anyone can track who logged on as
whom, as there is *no* login. it's free!
+ the actions *does* smack of racism as the focus drifted from 'XXXX
University' to an 'Indian' site.
+ the reason users of this site use grex is:
a. it's a way of keeping in touch with their friends/relatives abroad.
b. our telnet and internet gateways are diffrent, and the telnet
bandwidth is 6 times faster than the internet. surfing the web thru grex, or
any other telnet site is thus *faster*.
c. we have got dedicated e-mail servers, but they cost a lousy 500
bucks and free accounts are available *only* to non-freshers.
+ in response to your 'complain' our uni has already blocked access to grex,
and no further response is necessary, as they are not (and should not be)
concerned with the problems of a free service located in a small US town.
+ 30th November to 3rd January are holiday time here, and *nobody* is there
to respond to your diatribe. we were caught unawares.
+ our uni cannot be held responsible for the actions of a few misguided
hackers, as there is noway to invidually deal with and respond to the 5000+
students that study here or the 3000+ non academic staff that lives in the
campus.
+ ours is *not* a 'small' technical college. ours is a Technical Institute
of national repute, ranked 104 in the world (not bad for an indian
university).
+ the users from this site in particular and indians in general, have had
to suffer severe racist rudeness directed to them, at grex and other
international sites.
particular instances had been mailed to steve (i hope you got them).
+ steve's statement regarding *not* revealing the name of the 'offending'
site was a sham as he boldly announced it on the message of the day,m when
the users of this site were not present to defend their case.
+ your action *would not* stop the attacks, as the perpetrators would
continue from other places, however it succeeded in stopping all the innocent
users from here.
+ if such a drastic action was indeed pertinent, all the offending users'
login coulda been erased, or perhaps *all* the users from this site blocked,
instead of publicly humiliating the majority of users who had nothing to do
with it. THEN we would not have complained.
+ as i said in the beginning, there is no way the university can determine
WHO did the crime, and thus no way to deal effectively with it.
+ the reasons you have sited other than the fork bombs, are frivolos and an
excuse to block us from grex. it was brewing for a longer time i suppose.
+ rest assured, nobody from this place is ever going to use grex again, altho
i would keep coming back to see the response to my message.
Congratulations.
|
mdw
|
|
response 152 of 264:
|
Dec 12 11:35 UTC 1998 |
Who do you propose *should* be responsible for "the actions of a few
misguided hackers"? There are more than 25,000 active accounts on grex,
which almost certainly gives grex a consideably worse "staff/user" ratio
than IIT.
I work for the University of Michigan, a large midwestern university,
probably at least 4 times the size of IIT. People here take computer
vandalism very seriously. If someone here were to use university
resources to repeatedly attack an external site, somebody at UM *would*
make it a point to track that person down, and hold them accountable for
their actions. There are lots of reasons why UM finds this policy
essential. Some of them are purely practical. UM has enough computing
power (and network bandwidth) that a serious vandal attack can seriously
disrupt a lot of people's lives, both on campus and off. If UM allowed
vandals free reign, there wouldn't be any network left for the rest of
us campus denizens. Also, under US law, vandalism is illegal. If UM
didn't track these people down, UM might be considered an accessory.
There is also the matter of academic reputation. UM wants to be known
as the home of fine scholarly activity, not as a hotbed of vandals and
other similar low-life scum. People remember bad stuff much better than
they remember good stuff, so the actions of even a few annoying vandals
will make a much greater impression elsewhere than any number of quiet
scholarly types minding their own business. In addition, as an academic
research institute, UM does not stand in isolation. It shares efforts
with many other research and teaching institutions elsewhere. This
means that it would materially *hurt* UM for there to be any sort of
data block between it and other institutions. Now, at *least* 99.9% of
the people at UM are perfectly wonderful people who wouldn't harm a fly
on the internet, -*but*- UM is a big place, and there *are* the
occasional exceptions. So, UM finds it worth its while (however
regretful the reason) to have several full-time people who worry about
computer vandalism, including that directed from elsewhere, that
directed to elsewhere, private incidents involving people pissed off at
each other entirely within the university, and people who try to use
university resources to send mass mail, both within and without the
university.
UM is not an exception in this regard. *Every* major university in the
US, *every* ISP, and many smaller organizations devotes sometimes
considerable efforts to combat computer vandalism, and in many cases,
these institutions have several *decades* worth of experience in dealing
with these problems. The people who invented the internet, BBN, were
thinking of "computer vandals" (although they called them "grad
students") when they designed the original internet IMPs - they ordered
specially military hardened computers from honeywell, that came in
really big heavy cases that were designed to withstand the sort of abuse
a computer might expect to endure being shipped from point to point
along the front of world war 2. (Generals like to fight the last big
war over again when they buy things.) I should point out that
vandal-fighting activities are still a *relatively* small part of the
the business of most of these organizations, as it should be. UM may
have 2-3 people who deal with vandals full-time, but it has hundreds,
gosh, maybe even thousands of people who deal with computers on
basically a full-time basis. A "small" ISP like IC-net may have only
2-3 technical people. Their number one hassle is not vandals (who are
most likely an occasional nuisance) but the phone company, which, being
a monopoly, doesn't have a good benchmark against which to improve its
customer service.
30 Nov - 3 Jan is an awfully long holiday, much longer than any holiday
in the states. The chrismas/new years holiday is probably the most
significant holiday here, it basically lasts for about a week, and less
than that for many people.
|
mta
|
|
response 153 of 264:
|
Dec 12 13:49 UTC 1998 |
Spiff, yours is a very well stated opinion.
I'm sorry you felt it was a racsit act for the staff to protect 25,000 users
of Grex from the actions of a few vandals. Regretfully it required
inconveniencing about 1,000 users from IIT. The action was not taken without
consideration of those 998 good grexers who would be effected but who had no
hand in causing the problem. No one liked that, be we could see no other wway
to deal with the problem after our more usual methods failed to have any
result at all.
Is there racism on Grex? I'm sure there is. Any time you collect 26,000
people together, you'll turn up most of the worst (and best) traitys that we
humans have to offer. I'm sure thatif you investigate any group, anywhere,
you'll tuen up a few stupid, frightened people among th masses of ordinary
and extraordinary people.
Did racism motivate this decision? No, I'm quite sure it didn't. Not because
I believe the Grex staff and board are perfect. Oh heavens, no! <grin> We
we all know a lot about each others warts by now. But because I've worked
and socialized with the people who made the decision for many years now. Some
for longer than Grex has been around. I've seen the excitement in their eyes
as they speak of meeting people from all over on our little system. I've seen
the pain in their eyes when faced with situations where fairness to everyone
isn't feasible. They have flaws, we all all them.. Racism isn't one of the
flaws I've ever seen in a Grex staffer or board member.
True, you have only my word for it and you don't know me. But you don't know
any member of the staff and board except at some distance. Just as you say
it isn't reasoable to hold IIT adminsitrators, students and staff responsible
for the actions of a few misguided vandals, please understand that any racism
you have experienced her on Grex is not coming from (and is unknown to) anyone
on the Grex board and staff. If such situations are reported to us, we'll
do what we can to put an end to it. But we can't be responsible for what we
don't know.
As to "just deleting the accounts" of vandals...with an open newuser program,
that just puts the vandal at an advantage. At least if the vandal uses a
familiar ID, we know who to watch. If the vandal uses a new ID every time,
we can't know who they are until the trouble starts.
|
aruba
|
|
response 154 of 264:
|
Dec 12 14:32 UTC 1998 |
Re #151: We're certainly sorry that everyone at your site was blocked. That
was never what STeve or anyone else on the board and staff wanted.
Marcus and Misti answered better than I could. Erasing all the logins created
from your site wouldn't work, as Misti said, so do you have any other
suggesetions for how to get someone there to do something about vandals? I
have to fervently agree with Marcus that if the administration there really
is unwilling to track down problem users, they are being "bad netizens", and
we may have no choice other than to ban the site from Grex. What else could
we do?
|
steve
|
|
response 155 of 264:
|
Dec 12 15:51 UTC 1998 |
Spif: Thank you for your thoughts. A few comments:
- The actions taken here were never based on racism. It was made
because of the problems from a certain site and nothing more.
- I initially did not talk of the particular site, because I wanted
to see discussion focused on the issue at hand, not where it was.
But once we talked of the specifics in this item it no longer made
sense to try and keep it a secret. Besides, Grex is an open system
anyway--all anyone would have to do is examine the wtmp file and
they'd be able to see the large gap in logins once the block was in
place, and they'd be able to figure it out.
- I cannot agree that erasing all the accounts would have been a
reasonable thing to do. That would have destroyed several megs
worth of private mail, which is hardly reasonable.
- This may be a time of holiday in India, but we have gotten a response
from the administrators there. So "nobody is there" is false.
- You've said that access to Grex is gone forever. I do not think that
is the case. Thats all I'll say on this matter.
- You are incorrect in saying that your university cannot determine
who has done something; there are technical solutions to enable IIT
(and Grex) to know who has logged in.
- I'm going to alter the account reapnig procedures such that IIT
accounts are not removed.
|
rcurl
|
|
response 156 of 264:
|
Dec 12 18:37 UTC 1998 |
Re #151: I am glad to finally see a response from the banned site. I
am bothered, however, by a tone suggesting that Grex owes that site
something. What I would most like to have seen from people from the banned
site, when they came back on, are apologies and helpful suggestions for
controlling the vandals using their site. Grex has absolutely nothing to
apologize for.
The strangest comment was the "threat" that no one from the site would use
Grex again. I have only seen that kind of threat from people that have
mistreated the facilities or 'citizens' of Grex. Makes one think.
|
scg
|
|
response 157 of 264:
|
Dec 12 19:25 UTC 1998 |
It may well be that IIT is running some software package that doesn't keep
track of who is using the Net, doesn't provide any sort of authentication,
etc. However, unless all the people with access to a site are 100%
trustworthy (perhaps applicible in a private residence or small office, but
not in a large university), that sort of software isn't adaquate. If IIT did
choose to install software like that, it is very likely to be a significant
problem for them.
There's been an expectation on the Internet, certainly as long as I've been
involved with it (several years), and from what I understand from well before
that as well, thatif vandals are gaining net access through a net connected
site, the administrators of that site will deal with it. Usually it works
pretty well. Somebody starts doing malicious things, the victims complain,
the administrators of the site check their logs and find out who it was, and
the perpetrator either gets a stern talking to or their account gets taken
away. Occasionally, as in this case, that breaks down. None of the publicly
listed contact information for IIT was working for finding people who would
respond to this kind of problem. At that point, in dealing with something
like this, there are really only three things that can be done. One is to
ignore the problem and hope it goes away, but in this case it clearly wasn't.
The second is to call in law enforcement agencies for help, but that's
difficult even in domestic cases, and getting US law enforcment to go after
somebody in India for something done to Grex would, I suspect, be pretty
difficult. The third thing that can be done is to block the site until it
gets taken care of. That's what we did. This is not a case of racism. If
we were having that problem with a site in the US, we would have done the same
thing. Apparrently, it worked, as we now have a few IIT administrators who
are working on resolving the situation.
spiff says that the IIT can't be responsible for what happens on a free system
in the US. Unfortunately, Grex can't be responsible for policing users from
the IIT, or anywhere else, either. Grex's concept of public access and an
open newuser system works because when there are problems, we don't have to
know who our users are. We can complain and their providers will deal with
them. If the IIT were unwilling to take responsibility for the actions of
its users, they would not be very compaitble with Grex. Given that much of
the rest of the public Internet sites work on the same principle, such a place
would not be very compatible with much of the Internet. Fortunately, the IIT
does seem to be working to fix things.
|
steve
|
|
response 158 of 264:
|
Dec 12 22:03 UTC 1998 |
There are indeed working on it. We've gotten mail from them on
this.
|
spiff
|
|
response 159 of 264:
|
Dec 13 09:38 UTC 1998 |
as the issue seems to be finally resolved, (you succeeded in getting a
response from IIT), i feel pertinent to make a few closing remarks, for
the cause of cleaning whatever scum that might have remained.
+ it IS a holiday time in IIT, and as i said there are NO STUDENTS in
IIT at this moment. altho some of us are remaining here to do winter
projects. most of the sysads were away, and this explains the delay.
moreover, IIT had taken action internally as early as you sent your
first mails, of blocking access to Grex. no further response was
possible from the students as the site was blocked.
+ what might have appeared to most of you as a THREAT, was NOT. it
means that, most of the IIT grex users, as they are away on holidays,
when the events unfold, will not ever know what happened, assuming for
some reason the access to Grex is unavailable.
+ as i said earlier, vandals would continue to log in from other
places, and the desired outcome will never be achieved.
+ Grex certainly doesn't owe IIT anything. and it certainly doesn't owe
us the humiliation that was imparted to us, FOR NO FAULT OF OUR OWN.
+ you not finding a better way DOES NOT default to using this as an
excuse,and cerainly not passing the entire responsibility to us.
+ IIT DOES allow telnetting. (setting the records straight)
+ the one thing i DO agree to is IIT should have a way to track down
the offenders, as such events have happened in the past.
+ my suggestions for preventing further misuse :
a. don't allow binaries, not provided by you, to be run on the system,
as is done by other sites like shellyeah. this might infringe on your
Grex objectives, but according to my experience, most users already have
available alternative UNIX shells to practice programming.
b. don't allow multiple logins at the same time, as is done (prevented)
by diversion.com and others.
c. screening of all hack sites. this you can certainly do.
d. setting up a netiquette questionnaire as shellyeah does, and
requiring the newuser to score a benchmark or higher.
+ we do agree that steve and company are certainly not racists, and
realize that no actions were taken against users who ARE, simply because
WE were not complaining. (A way of life for us.)
+ how can anybody be harassed when users have the options to shut their
messages? this i continue to regard as frivolos and humiliating. (in
response to allegations of female harassment.)
+ it has broken one string of communication between us and our dears
abroad.:-(
+ a final comment. the matter COULD have been handled far more
discreetly.
|
mta
|
|
response 160 of 264:
|
Dec 13 14:31 UTC 1998 |
It was handled discretely until there was no response from anyone for some
time. This issue did not just come up when it atrted being discussed here
but was already being "dealt with" dicretely and unsucessfully for some time
when the subject was brought up here.
|
other
|
|
response 161 of 264:
|
Dec 13 15:21 UTC 1998 |
Just for further clarification: spiff mentions above that the holiday period
begins 30 november. when were the first staff communications to IIT admin
in response to the concerns described here?
I would like it made very clear that the public airing of this issue was *NOT*
a first response, or even a second, third or tenth, but rather was a LAST
DITCH effort to find the best solution for the largest group of users.
|
scott
|
|
response 162 of 264:
|
Dec 13 16:16 UTC 1998 |
According to mail I've gotten, he's been trying to get thru for several
months, and cutting off the site was a last resort.
|
steve
|
|
response 163 of 264:
|
Dec 13 20:25 UTC 1998 |
We were first fork bombed in around the 20th of August. That was
when I started noticing 164.100.25.83, and started looking for a way
to contact people there. At that time it was a single incident, and
I didn't worry too much about not being able to get to the admins to
talk with them. That obviously changed over time, as I observed the
various problems we've talked of.
As for handling the matter more discreetly, I don't see how. The
fact of the matter is that we didn't take any drastic actions until
1) we'd been hit several times, 2) failed in repeated attempts to
contact people there. If that isn't being reasonable, I don't know
what is.
Your stating that IIT wasn't a threat doesn't make sense: the
system was disabled, five or more times from a single IP address.
That doesn't consitiute a threat?
You are correct in saying that by blocking users from running
their own programs the fork bombs could be avoided, but that isn't
what Grex is about. Grex is an open system and has always been so.
Given how many logins we get in any given day the number of malicious
programs is still extremely small. I think Grex has proven that the
concept of openness works.
We do talk in newuser about what Grex cannot do. I'm not sure
what you think that a more advanced questionare would do, other than
use more CPU. The people who like to hurt systems would obviously
say whatever that got them into the system, which is the problem,
isn't it? The same thing applies for 'scanning for hack sites'.
Besides the fact that you can't reliably do it, it would be an
incredible drain on the Grex staff.
As for harassment not being important, not all users know how
to turn their permissions off, but moreover, why should they? To
say that harassing users should be shut out by shuting out everyone
isn't reasonable. No one should have to endure suggestive messages.
|
scg
|
|
response 164 of 264:
|
Dec 13 21:16 UTC 1998 |
The Internet works only because administrators of different sites are willing
to communicate to resolve problems. There is very little in the way of a
central authority on the Internet, other than a few organizations that assign
names and numbers that have to be unique. Even those organizations, however,
work only because if somebody starts using IP addresses, ASNs, etc. that
haven't been assigned to them, and won't stop, the rest of the Net will cut
them off. To that extent, even if we hadn't tried contacting IIT until after
their vacation started, and even if the reason for the lack of a response was
that their sysadmins weren't there, that would not be a valid excuse. Their
Net connection was up. People were using it to abuse other sites on the Net.
It's their responsability, as a site connected to the Internet, to have
somebody around who can deal with that sort of thing.
As for the complaints that IIT's students who are on vacation won't know about
the block, and that those who are here are embarrassed about the public airing
of the complaints, I'm not convinced the first one is a big problem, and I'm
not sure why the second one would be the case. This was not done to get the
attention of the students so much as it was to get the attention of the
administration. We know that most of the IIT students are using Grex for good
things and are not causing us any problems, but with everybody coming from
the same IP address, which sends over no ident data, there was no way a block
here could differentiate between the two. The innocent IIT students who were
inconvenienced by this should probably be angry at the few IIT students who
were causing problems, and more angry at their administration for not dealing
with the problems, but should not be embarrassed about it, or angry at Grex.
On the other hand, perhaps the IIT administration should be embarrassed.
|
jiffer
|
|
response 165 of 264:
|
Dec 13 22:00 UTC 1998 |
I don't think that Grex was intending to humilate this site. I feel kind of
offended that spiff keeps accusing us of humilating the school. It is up to
both sides to fix a problem. We, (grex) are not responsible if they do not
respond in an effective amount of time, and as a whole, need to protect the
community as a whole.
|
mdw
|
|
response 166 of 264:
|
Dec 14 00:42 UTC 1998 |
Our understanding is that IIT folks (at least "in general") do not have
direct telnet access to the internet. Here is the paragraph we got
explaining IIT's internet connection:
> yes, 164.100.25.83 is a gateway (running the Wingate s/w). It is connected
via > a DirecPC VSAT network to the internet. Since the routing of this network
> and the actual internet gateway to this machine is outside our campus >
network and jurisdiction, we are not able to implement access control lists at
> this moment to control the access to your m/c. Our main internet access is >
through a 64 kbps leased link on which > only HTTP and SMTP traffic is going
through a Proxy. Our users dont have a > telnet access to the internet at it is
bandwidth intensive (for character by > character frames). That is perhaps why
you did not get user's response when > you tried to contact them.
DirecPC VSAT is apparently a satellite based internet connect from
Hughes Electronics. It's not clear to me how much bandwidth this
supplies; but it may be fairly limited by satellite channel bandwidth
requirements. This is definitely a separate deal from the 64K link, but
it's certainly limited by the fact it has to run on a single windows 95
machine (gag).
A 64K link is tiny by US standards. Any serious university level
educational institute here would have at least a T1 link to the world
(1.5M, or 23 times faster.) To get an idea what is available in the US,
take a look here:
http://nic.merit.edu/michnet/maps/backbone.html
Unfortunately, this map only lists town names, not what's there. Some
big places: Ann Arbor = University of Michigan. Detroit = Wayne State
University. East Lansing = MSU. Marquette = NMU. Houghton = MTU.
Etc. Michnet is the long distance part of what was once called Merit.
Merit started as a 3-way consortium between MSU, UM, and Wayne state;
and the original network connects consisted of 3 56K links between A^2,
Lansing, & detroit. This was back ca. 1972, basically around the time
the internet was just starting to take off, and way pre-TCP/IP.
MTU may be most nearly comparable to IIT in terms of size. It has 6253
students, including 1639 entering students in the fall, and 636 graduate
students. There are 415 faculty members, 1016 staff, making a total
employee count of 1431. (Wages are higher in the US, so for example the
janitorial staff will be few in # and use much equipment to do their
job.) Houghton is basically located in wilderness in northern michigan;
not much industry and not a lot of people (the area of greatest
population is around detroit, in the opposite corner of the state.)
Nevertheless, Houghton has (if I read the map right) the equivalent of
something like 8 T1 lines coming into it. This capacity may be a little
deceptive, as some of it is undoubtedly shared with NMU in marquette,
nevertheless, it is safe to say that MTU has at *least* 40 times more
network connectivity than IIT's "main" internet connect.
I'm not saying any of this to belittle IIT. I realize that economics
are a bit different in India, and after all, we all have to start
*somewhere*. It wasn't that long ago that grex's internet connection
was via a dial-up 33.3K PPP line. Compared to most entities on the
internet, grex's 128K ISDN link is still pretty puny. Michnet has a
maze of 128K ISDN links running all across the state (as part of their
K-12 effort) which they don't even bother to try to map. The reason I
want to describe this, is to try to put into our perspective what we
think when we read of IIT's 64K link. Compared to most organizations on
the net, IIT's internet presence on the internet *is* tiny. I hope IIT
will be able to enlarge its network capabilities, but I also hope that
IIT will find some way to instill a better sense of network ethics in
its network community.
|
scg
|
|
response 167 of 264:
|
Dec 14 01:04 UTC 1998 |
(to pick nits... A T1 consists of 24 DS0s. A 64K leased line is a DS0.
Therefore, a T1 is 24 times faster than a DS0, not 23 times.)
|
mdw
|
|
response 168 of 264:
|
Dec 14 03:14 UTC 1998 |
(Ah. I was dividing 1500 by 64 and rounding off. There's also the
european version of a T1 which is a slightly different size (larger?)
and may be what would be found in India.)
|
scg
|
|
response 169 of 264:
|
Dec 14 04:55 UTC 1998 |
(I think the E1 is somewhere around 2M, but I'm not sure. As far as I know,
they aren't used in the US except for Intercontinental links)
|