|
Grex > Coop11 > #47: Banning a site from Grex; a discussion of when to do this | |
|
| Author |
Message |
| 25 new of 264 responses total. |
rcurl
|
|
response 156 of 264:
| 
Dec 12 18:37 UTC 1998 |
Re #151: I am glad to finally see a response from the banned site. I
am bothered, however, by a tone suggesting that Grex owes that site
something. What I would most like to have seen from people from the banned
site, when they came back on, are apologies and helpful suggestions for
controlling the vandals using their site. Grex has absolutely nothing to
apologize for.
The strangest comment was the "threat" that no one from the site would use
Grex again. I have only seen that kind of threat from people that have
mistreated the facilities or 'citizens' of Grex. Makes one think.
|
scg
|
|
response 157 of 264:
|
Dec 12 19:25 UTC 1998 |
It may well be that IIT is running some software package that doesn't keep
track of who is using the Net, doesn't provide any sort of authentication,
etc. However, unless all the people with access to a site are 100%
trustworthy (perhaps applicible in a private residence or small office, but
not in a large university), that sort of software isn't adaquate. If IIT did
choose to install software like that, it is very likely to be a significant
problem for them.
There's been an expectation on the Internet, certainly as long as I've been
involved with it (several years), and from what I understand from well before
that as well, thatif vandals are gaining net access through a net connected
site, the administrators of that site will deal with it. Usually it works
pretty well. Somebody starts doing malicious things, the victims complain,
the administrators of the site check their logs and find out who it was, and
the perpetrator either gets a stern talking to or their account gets taken
away. Occasionally, as in this case, that breaks down. None of the publicly
listed contact information for IIT was working for finding people who would
respond to this kind of problem. At that point, in dealing with something
like this, there are really only three things that can be done. One is to
ignore the problem and hope it goes away, but in this case it clearly wasn't.
The second is to call in law enforcement agencies for help, but that's
difficult even in domestic cases, and getting US law enforcment to go after
somebody in India for something done to Grex would, I suspect, be pretty
difficult. The third thing that can be done is to block the site until it
gets taken care of. That's what we did. This is not a case of racism. If
we were having that problem with a site in the US, we would have done the same
thing. Apparrently, it worked, as we now have a few IIT administrators who
are working on resolving the situation.
spiff says that the IIT can't be responsible for what happens on a free system
in the US. Unfortunately, Grex can't be responsible for policing users from
the IIT, or anywhere else, either. Grex's concept of public access and an
open newuser system works because when there are problems, we don't have to
know who our users are. We can complain and their providers will deal with
them. If the IIT were unwilling to take responsibility for the actions of
its users, they would not be very compaitble with Grex. Given that much of
the rest of the public Internet sites work on the same principle, such a place
would not be very compatible with much of the Internet. Fortunately, the IIT
does seem to be working to fix things.
|
steve
|
|
response 158 of 264:
|
Dec 12 22:03 UTC 1998 |
There are indeed working on it. We've gotten mail from them on
this.
|
spiff
|
|
response 159 of 264:
|
Dec 13 09:38 UTC 1998 |
as the issue seems to be finally resolved, (you succeeded in getting a
response from IIT), i feel pertinent to make a few closing remarks, for
the cause of cleaning whatever scum that might have remained.
+ it IS a holiday time in IIT, and as i said there are NO STUDENTS in
IIT at this moment. altho some of us are remaining here to do winter
projects. most of the sysads were away, and this explains the delay.
moreover, IIT had taken action internally as early as you sent your
first mails, of blocking access to Grex. no further response was
possible from the students as the site was blocked.
+ what might have appeared to most of you as a THREAT, was NOT. it
means that, most of the IIT grex users, as they are away on holidays,
when the events unfold, will not ever know what happened, assuming for
some reason the access to Grex is unavailable.
+ as i said earlier, vandals would continue to log in from other
places, and the desired outcome will never be achieved.
+ Grex certainly doesn't owe IIT anything. and it certainly doesn't owe
us the humiliation that was imparted to us, FOR NO FAULT OF OUR OWN.
+ you not finding a better way DOES NOT default to using this as an
excuse,and cerainly not passing the entire responsibility to us.
+ IIT DOES allow telnetting. (setting the records straight)
+ the one thing i DO agree to is IIT should have a way to track down
the offenders, as such events have happened in the past.
+ my suggestions for preventing further misuse :
a. don't allow binaries, not provided by you, to be run on the system,
as is done by other sites like shellyeah. this might infringe on your
Grex objectives, but according to my experience, most users already have
available alternative UNIX shells to practice programming.
b. don't allow multiple logins at the same time, as is done (prevented)
by diversion.com and others.
c. screening of all hack sites. this you can certainly do.
d. setting up a netiquette questionnaire as shellyeah does, and
requiring the newuser to score a benchmark or higher.
+ we do agree that steve and company are certainly not racists, and
realize that no actions were taken against users who ARE, simply because
WE were not complaining. (A way of life for us.)
+ how can anybody be harassed when users have the options to shut their
messages? this i continue to regard as frivolos and humiliating. (in
response to allegations of female harassment.)
+ it has broken one string of communication between us and our dears
abroad.:-(
+ a final comment. the matter COULD have been handled far more
discreetly.
|
mta
|
|
response 160 of 264:
|
Dec 13 14:31 UTC 1998 |
It was handled discretely until there was no response from anyone for some
time. This issue did not just come up when it atrted being discussed here
but was already being "dealt with" dicretely and unsucessfully for some time
when the subject was brought up here.
|
other
|
|
response 161 of 264:
|
Dec 13 15:21 UTC 1998 |
Just for further clarification: spiff mentions above that the holiday period
begins 30 november. when were the first staff communications to IIT admin
in response to the concerns described here?
I would like it made very clear that the public airing of this issue was *NOT*
a first response, or even a second, third or tenth, but rather was a LAST
DITCH effort to find the best solution for the largest group of users.
|
scott
|
|
response 162 of 264:
|
Dec 13 16:16 UTC 1998 |
According to mail I've gotten, he's been trying to get thru for several
months, and cutting off the site was a last resort.
|
steve
|
|
response 163 of 264:
|
Dec 13 20:25 UTC 1998 |
We were first fork bombed in around the 20th of August. That was
when I started noticing 164.100.25.83, and started looking for a way
to contact people there. At that time it was a single incident, and
I didn't worry too much about not being able to get to the admins to
talk with them. That obviously changed over time, as I observed the
various problems we've talked of.
As for handling the matter more discreetly, I don't see how. The
fact of the matter is that we didn't take any drastic actions until
1) we'd been hit several times, 2) failed in repeated attempts to
contact people there. If that isn't being reasonable, I don't know
what is.
Your stating that IIT wasn't a threat doesn't make sense: the
system was disabled, five or more times from a single IP address.
That doesn't consitiute a threat?
You are correct in saying that by blocking users from running
their own programs the fork bombs could be avoided, but that isn't
what Grex is about. Grex is an open system and has always been so.
Given how many logins we get in any given day the number of malicious
programs is still extremely small. I think Grex has proven that the
concept of openness works.
We do talk in newuser about what Grex cannot do. I'm not sure
what you think that a more advanced questionare would do, other than
use more CPU. The people who like to hurt systems would obviously
say whatever that got them into the system, which is the problem,
isn't it? The same thing applies for 'scanning for hack sites'.
Besides the fact that you can't reliably do it, it would be an
incredible drain on the Grex staff.
As for harassment not being important, not all users know how
to turn their permissions off, but moreover, why should they? To
say that harassing users should be shut out by shuting out everyone
isn't reasonable. No one should have to endure suggestive messages.
|
scg
|
|
response 164 of 264:
|
Dec 13 21:16 UTC 1998 |
The Internet works only because administrators of different sites are willing
to communicate to resolve problems. There is very little in the way of a
central authority on the Internet, other than a few organizations that assign
names and numbers that have to be unique. Even those organizations, however,
work only because if somebody starts using IP addresses, ASNs, etc. that
haven't been assigned to them, and won't stop, the rest of the Net will cut
them off. To that extent, even if we hadn't tried contacting IIT until after
their vacation started, and even if the reason for the lack of a response was
that their sysadmins weren't there, that would not be a valid excuse. Their
Net connection was up. People were using it to abuse other sites on the Net.
It's their responsability, as a site connected to the Internet, to have
somebody around who can deal with that sort of thing.
As for the complaints that IIT's students who are on vacation won't know about
the block, and that those who are here are embarrassed about the public airing
of the complaints, I'm not convinced the first one is a big problem, and I'm
not sure why the second one would be the case. This was not done to get the
attention of the students so much as it was to get the attention of the
administration. We know that most of the IIT students are using Grex for good
things and are not causing us any problems, but with everybody coming from
the same IP address, which sends over no ident data, there was no way a block
here could differentiate between the two. The innocent IIT students who were
inconvenienced by this should probably be angry at the few IIT students who
were causing problems, and more angry at their administration for not dealing
with the problems, but should not be embarrassed about it, or angry at Grex.
On the other hand, perhaps the IIT administration should be embarrassed.
|
jiffer
|
|
response 165 of 264:
|
Dec 13 22:00 UTC 1998 |
I don't think that Grex was intending to humilate this site. I feel kind of
offended that spiff keeps accusing us of humilating the school. It is up to
both sides to fix a problem. We, (grex) are not responsible if they do not
respond in an effective amount of time, and as a whole, need to protect the
community as a whole.
|
mdw
|
|
response 166 of 264:
|
Dec 14 00:42 UTC 1998 |
Our understanding is that IIT folks (at least "in general") do not have
direct telnet access to the internet. Here is the paragraph we got
explaining IIT's internet connection:
> yes, 164.100.25.83 is a gateway (running the Wingate s/w). It is connected
via > a DirecPC VSAT network to the internet. Since the routing of this network
> and the actual internet gateway to this machine is outside our campus >
network and jurisdiction, we are not able to implement access control lists at
> this moment to control the access to your m/c. Our main internet access is >
through a 64 kbps leased link on which > only HTTP and SMTP traffic is going
through a Proxy. Our users dont have a > telnet access to the internet at it is
bandwidth intensive (for character by > character frames). That is perhaps why
you did not get user's response when > you tried to contact them.
DirecPC VSAT is apparently a satellite based internet connect from
Hughes Electronics. It's not clear to me how much bandwidth this
supplies; but it may be fairly limited by satellite channel bandwidth
requirements. This is definitely a separate deal from the 64K link, but
it's certainly limited by the fact it has to run on a single windows 95
machine (gag).
A 64K link is tiny by US standards. Any serious university level
educational institute here would have at least a T1 link to the world
(1.5M, or 23 times faster.) To get an idea what is available in the US,
take a look here:
http://nic.merit.edu/michnet/maps/backbone.html
Unfortunately, this map only lists town names, not what's there. Some
big places: Ann Arbor = University of Michigan. Detroit = Wayne State
University. East Lansing = MSU. Marquette = NMU. Houghton = MTU.
Etc. Michnet is the long distance part of what was once called Merit.
Merit started as a 3-way consortium between MSU, UM, and Wayne state;
and the original network connects consisted of 3 56K links between A^2,
Lansing, & detroit. This was back ca. 1972, basically around the time
the internet was just starting to take off, and way pre-TCP/IP.
MTU may be most nearly comparable to IIT in terms of size. It has 6253
students, including 1639 entering students in the fall, and 636 graduate
students. There are 415 faculty members, 1016 staff, making a total
employee count of 1431. (Wages are higher in the US, so for example the
janitorial staff will be few in # and use much equipment to do their
job.) Houghton is basically located in wilderness in northern michigan;
not much industry and not a lot of people (the area of greatest
population is around detroit, in the opposite corner of the state.)
Nevertheless, Houghton has (if I read the map right) the equivalent of
something like 8 T1 lines coming into it. This capacity may be a little
deceptive, as some of it is undoubtedly shared with NMU in marquette,
nevertheless, it is safe to say that MTU has at *least* 40 times more
network connectivity than IIT's "main" internet connect.
I'm not saying any of this to belittle IIT. I realize that economics
are a bit different in India, and after all, we all have to start
*somewhere*. It wasn't that long ago that grex's internet connection
was via a dial-up 33.3K PPP line. Compared to most entities on the
internet, grex's 128K ISDN link is still pretty puny. Michnet has a
maze of 128K ISDN links running all across the state (as part of their
K-12 effort) which they don't even bother to try to map. The reason I
want to describe this, is to try to put into our perspective what we
think when we read of IIT's 64K link. Compared to most organizations on
the net, IIT's internet presence on the internet *is* tiny. I hope IIT
will be able to enlarge its network capabilities, but I also hope that
IIT will find some way to instill a better sense of network ethics in
its network community.
|
scg
|
|
response 167 of 264:
|
Dec 14 01:04 UTC 1998 |
(to pick nits... A T1 consists of 24 DS0s. A 64K leased line is a DS0.
Therefore, a T1 is 24 times faster than a DS0, not 23 times.)
|
mdw
|
|
response 168 of 264:
|
Dec 14 03:14 UTC 1998 |
(Ah. I was dividing 1500 by 64 and rounding off. There's also the
european version of a T1 which is a slightly different size (larger?)
and may be what would be found in India.)
|
scg
|
|
response 169 of 264:
|
Dec 14 04:55 UTC 1998 |
(I think the E1 is somewhere around 2M, but I'm not sure. As far as I know,
they aren't used in the US except for Intercontinental links)
|
jerome
|
|
response 170 of 264:
|
Dec 15 05:41 UTC 1998 |
(Yeah, E1 runs at 2.048e+6 bps [2M or 2.048M depending on how you want to
state it], 32 channels at 64kbps each)
Around 10:00 or 11:00 PM tonight the system had load averages around 77 again.
Was this a fork bomb from the same site?
|
steve
|
|
response 171 of 264:
|
Dec 15 11:57 UTC 1998 |
No--it was a fork bomb from a different country. ;-)
|
atticus
|
|
response 172 of 264:
|
Dec 15 13:58 UTC 1998 |
(E1 is the standard in India. BTW, in E1 (and I guess in T1 too),
channel 0 cannot be used as a data path -- it carries the framing
information. Hence, the effective bandwidth of a T1 will be 23 * DS0)
|
scg
|
|
response 173 of 264:
|
Dec 15 23:25 UTC 1998 |
That's not usually true.
Point to point data T1s (in the US anyway; I don't know about in India) are
generally sold as "clear channel" T1s. In that case, all 24 channels are
provisioned to carry 64K each of data. You can also get a fractional T1, with
any number of channels less than 24, again with all channels used for data.
You can also get T1s provisioned for 56K per channel, generally using
robbed-bit signaling, where it uses one bit per channel per signaling, but
still has 24 56K channels, or you can get PRI lines which are a T1 with 23
ISDN bearer channels for data, and one ISDN D channel for signalling. That
may be what Sreeni is thinking of.
Anyhow, that's all really off topic for this item.
|
rtg
|
|
response 174 of 264:
|
Dec 16 06:01 UTC 1998 |
spiff:
I'm glad you jumped in here and joined the discussion. I believe in an
early response to this item, someone bemoaned the fact that while we had
over 1000 users who regularly came in from that IP address, we knew of
none who were regular bbs users, and who might be able to participate in
the discussion about what might be appropriate action. Have you been in
the conferences before? Please pardon me, if I've failed to notice your
ID on other posts. Or were you directed here by the MOTD? This item was
specifically mentioned in the MOTD, in the hopes that some users from that
site would find an alternative gateway, and would be willing to help us
brainstorm a way to protect our system, so that we can continue to provide
the maximum service to the most people, within the limited budget we can
muster.
I'd rather not continue to re-hash the past, and I would prefer to work
together to prevent further abuse of the services we provide. The
thousands of IIT students that make legitimate use of our e-mail, party,
and lynx services are as important a part of our user community as anyone.
We want these services to be available to everyone.
Are you willing to help protect these services, for yourself as well as
the 26,000 other legitimate users all over the world? Do you have
personal contact with the people who administer the gateway? Might you be
able to influence them to implement a logging system, so that users of the
gateway may be traced back to their source, should an incident like this
occur again?
|
steve
|
|
response 175 of 264:
|
Dec 16 06:18 UTC 1998 |
We're already in contact with the proper people at IIT; they're
working on it now.
|
keesan
|
|
response 176 of 264:
|
Dec 28 03:50 UTC 1998 |
This was really informative, imagine over a quarter of the students at one
Indian university (all the freshmen?) using grex for email! I am starting
to get some idea of why chatting with India can be so slow, and why some
people tell me they can only communicate by email instead.
What percentage of Indian's go to college? It is probably much higher here,
where 5000 is a small college. But in India 500,000 is, I was told, a 'small
village'. I have found all Indians requesting to chat with me to be highly
intelligent and almost all of them exceptionally polite, too bad there have
been a few exceptions.
Is the IIT reconnected with grex? I have not been getting any chat
requests for a few weeks, but maybe that is due to the long vacation.
(By few exceptions I did not mean people requesting chats, but the fork
bombers).
|
steve
|
|
response 177 of 264:
|
Dec 28 04:16 UTC 1998 |
The ban is still in effect; when the holidays are over I hope to
be able to report better news on this front.
Links to India cost money and the size of those links are small.
Often an institution will have a 64K link (Grex has a 128K link) for
the entire enterprise, which means that the pipe is always completely
saturated.
|
mary
|
|
response 178 of 264:
|
Dec 28 11:09 UTC 1998 |
So, after we lifted the ban we had further instances of the
same vandalism from that same site? I was under the impression
the site was going to remain open unless problems continued.
|
steve
|
|
response 179 of 264:
|
Dec 28 12:49 UTC 1998 |
The ban this time isn't from us, but the administrators at IIT.
During the brief time that access was allowed again, there wern't
any problems, but then poof, no more iit accounts--by order of
higher authorities there.
|
mary
|
|
response 180 of 264:
|
Dec 28 21:47 UTC 1998 |
Yuck.
|