|
Grex > Coop11 > #47: Banning a site from Grex; a discussion of when to do this | |
|
| Author |
Message |
| 25 new of 264 responses total. |
jiffer
|
|
response 165 of 264:
| 
Dec 13 22:00 UTC 1998 |
I don't think that Grex was intending to humilate this site. I feel kind of
offended that spiff keeps accusing us of humilating the school. It is up to
both sides to fix a problem. We, (grex) are not responsible if they do not
respond in an effective amount of time, and as a whole, need to protect the
community as a whole.
|
mdw
|
|
response 166 of 264:
|
Dec 14 00:42 UTC 1998 |
Our understanding is that IIT folks (at least "in general") do not have
direct telnet access to the internet. Here is the paragraph we got
explaining IIT's internet connection:
> yes, 164.100.25.83 is a gateway (running the Wingate s/w). It is connected
via > a DirecPC VSAT network to the internet. Since the routing of this network
> and the actual internet gateway to this machine is outside our campus >
network and jurisdiction, we are not able to implement access control lists at
> this moment to control the access to your m/c. Our main internet access is >
through a 64 kbps leased link on which > only HTTP and SMTP traffic is going
through a Proxy. Our users dont have a > telnet access to the internet at it is
bandwidth intensive (for character by > character frames). That is perhaps why
you did not get user's response when > you tried to contact them.
DirecPC VSAT is apparently a satellite based internet connect from
Hughes Electronics. It's not clear to me how much bandwidth this
supplies; but it may be fairly limited by satellite channel bandwidth
requirements. This is definitely a separate deal from the 64K link, but
it's certainly limited by the fact it has to run on a single windows 95
machine (gag).
A 64K link is tiny by US standards. Any serious university level
educational institute here would have at least a T1 link to the world
(1.5M, or 23 times faster.) To get an idea what is available in the US,
take a look here:
http://nic.merit.edu/michnet/maps/backbone.html
Unfortunately, this map only lists town names, not what's there. Some
big places: Ann Arbor = University of Michigan. Detroit = Wayne State
University. East Lansing = MSU. Marquette = NMU. Houghton = MTU.
Etc. Michnet is the long distance part of what was once called Merit.
Merit started as a 3-way consortium between MSU, UM, and Wayne state;
and the original network connects consisted of 3 56K links between A^2,
Lansing, & detroit. This was back ca. 1972, basically around the time
the internet was just starting to take off, and way pre-TCP/IP.
MTU may be most nearly comparable to IIT in terms of size. It has 6253
students, including 1639 entering students in the fall, and 636 graduate
students. There are 415 faculty members, 1016 staff, making a total
employee count of 1431. (Wages are higher in the US, so for example the
janitorial staff will be few in # and use much equipment to do their
job.) Houghton is basically located in wilderness in northern michigan;
not much industry and not a lot of people (the area of greatest
population is around detroit, in the opposite corner of the state.)
Nevertheless, Houghton has (if I read the map right) the equivalent of
something like 8 T1 lines coming into it. This capacity may be a little
deceptive, as some of it is undoubtedly shared with NMU in marquette,
nevertheless, it is safe to say that MTU has at *least* 40 times more
network connectivity than IIT's "main" internet connect.
I'm not saying any of this to belittle IIT. I realize that economics
are a bit different in India, and after all, we all have to start
*somewhere*. It wasn't that long ago that grex's internet connection
was via a dial-up 33.3K PPP line. Compared to most entities on the
internet, grex's 128K ISDN link is still pretty puny. Michnet has a
maze of 128K ISDN links running all across the state (as part of their
K-12 effort) which they don't even bother to try to map. The reason I
want to describe this, is to try to put into our perspective what we
think when we read of IIT's 64K link. Compared to most organizations on
the net, IIT's internet presence on the internet *is* tiny. I hope IIT
will be able to enlarge its network capabilities, but I also hope that
IIT will find some way to instill a better sense of network ethics in
its network community.
|
scg
|
|
response 167 of 264:
|
Dec 14 01:04 UTC 1998 |
(to pick nits... A T1 consists of 24 DS0s. A 64K leased line is a DS0.
Therefore, a T1 is 24 times faster than a DS0, not 23 times.)
|
mdw
|
|
response 168 of 264:
|
Dec 14 03:14 UTC 1998 |
(Ah. I was dividing 1500 by 64 and rounding off. There's also the
european version of a T1 which is a slightly different size (larger?)
and may be what would be found in India.)
|
scg
|
|
response 169 of 264:
|
Dec 14 04:55 UTC 1998 |
(I think the E1 is somewhere around 2M, but I'm not sure. As far as I know,
they aren't used in the US except for Intercontinental links)
|
jerome
|
|
response 170 of 264:
|
Dec 15 05:41 UTC 1998 |
(Yeah, E1 runs at 2.048e+6 bps [2M or 2.048M depending on how you want to
state it], 32 channels at 64kbps each)
Around 10:00 or 11:00 PM tonight the system had load averages around 77 again.
Was this a fork bomb from the same site?
|
steve
|
|
response 171 of 264:
|
Dec 15 11:57 UTC 1998 |
No--it was a fork bomb from a different country. ;-)
|
atticus
|
|
response 172 of 264:
|
Dec 15 13:58 UTC 1998 |
(E1 is the standard in India. BTW, in E1 (and I guess in T1 too),
channel 0 cannot be used as a data path -- it carries the framing
information. Hence, the effective bandwidth of a T1 will be 23 * DS0)
|
scg
|
|
response 173 of 264:
|
Dec 15 23:25 UTC 1998 |
That's not usually true.
Point to point data T1s (in the US anyway; I don't know about in India) are
generally sold as "clear channel" T1s. In that case, all 24 channels are
provisioned to carry 64K each of data. You can also get a fractional T1, with
any number of channels less than 24, again with all channels used for data.
You can also get T1s provisioned for 56K per channel, generally using
robbed-bit signaling, where it uses one bit per channel per signaling, but
still has 24 56K channels, or you can get PRI lines which are a T1 with 23
ISDN bearer channels for data, and one ISDN D channel for signalling. That
may be what Sreeni is thinking of.
Anyhow, that's all really off topic for this item.
|
rtg
|
|
response 174 of 264:
|
Dec 16 06:01 UTC 1998 |
spiff:
I'm glad you jumped in here and joined the discussion. I believe in an
early response to this item, someone bemoaned the fact that while we had
over 1000 users who regularly came in from that IP address, we knew of
none who were regular bbs users, and who might be able to participate in
the discussion about what might be appropriate action. Have you been in
the conferences before? Please pardon me, if I've failed to notice your
ID on other posts. Or were you directed here by the MOTD? This item was
specifically mentioned in the MOTD, in the hopes that some users from that
site would find an alternative gateway, and would be willing to help us
brainstorm a way to protect our system, so that we can continue to provide
the maximum service to the most people, within the limited budget we can
muster.
I'd rather not continue to re-hash the past, and I would prefer to work
together to prevent further abuse of the services we provide. The
thousands of IIT students that make legitimate use of our e-mail, party,
and lynx services are as important a part of our user community as anyone.
We want these services to be available to everyone.
Are you willing to help protect these services, for yourself as well as
the 26,000 other legitimate users all over the world? Do you have
personal contact with the people who administer the gateway? Might you be
able to influence them to implement a logging system, so that users of the
gateway may be traced back to their source, should an incident like this
occur again?
|
steve
|
|
response 175 of 264:
|
Dec 16 06:18 UTC 1998 |
We're already in contact with the proper people at IIT; they're
working on it now.
|
keesan
|
|
response 176 of 264:
|
Dec 28 03:50 UTC 1998 |
This was really informative, imagine over a quarter of the students at one
Indian university (all the freshmen?) using grex for email! I am starting
to get some idea of why chatting with India can be so slow, and why some
people tell me they can only communicate by email instead.
What percentage of Indian's go to college? It is probably much higher here,
where 5000 is a small college. But in India 500,000 is, I was told, a 'small
village'. I have found all Indians requesting to chat with me to be highly
intelligent and almost all of them exceptionally polite, too bad there have
been a few exceptions.
Is the IIT reconnected with grex? I have not been getting any chat
requests for a few weeks, but maybe that is due to the long vacation.
(By few exceptions I did not mean people requesting chats, but the fork
bombers).
|
steve
|
|
response 177 of 264:
|
Dec 28 04:16 UTC 1998 |
The ban is still in effect; when the holidays are over I hope to
be able to report better news on this front.
Links to India cost money and the size of those links are small.
Often an institution will have a 64K link (Grex has a 128K link) for
the entire enterprise, which means that the pipe is always completely
saturated.
|
mary
|
|
response 178 of 264:
|
Dec 28 11:09 UTC 1998 |
So, after we lifted the ban we had further instances of the
same vandalism from that same site? I was under the impression
the site was going to remain open unless problems continued.
|
steve
|
|
response 179 of 264:
|
Dec 28 12:49 UTC 1998 |
The ban this time isn't from us, but the administrators at IIT.
During the brief time that access was allowed again, there wern't
any problems, but then poof, no more iit accounts--by order of
higher authorities there.
|
mary
|
|
response 180 of 264:
|
Dec 28 21:47 UTC 1998 |
Yuck.
|
keesan
|
|
response 181 of 264:
|
Dec 28 21:51 UTC 1998 |
Seems like the proper fix for much of this is to allow freshmen email accounts
at their own university. Free ones. What would this actually cost the
university there?
|
steve
|
|
response 182 of 264:
|
Dec 28 22:54 UTC 1998 |
They already have free email. They've had it for a long time.
But its so slow compared to "fast" systems like Grex that they've
flocked en mass to us.
|
steve
|
|
response 183 of 264:
|
Dec 31 19:30 UTC 1998 |
We have a new problem with regard to the the block of IIT-kgp
users.
We now have less than 2.5M free on /var/spool/mail, where mail is
deposited when Grex receives mail. We had even less than that a few
minutes ago but I did a couple things to give us a little more space
which means we have a little more time before we're *out*.
There are two staff mailboxes that are far larger than others, but
in the grand scheme of things, they don't matter. We normally have
about 50 - 70M available on this partition, but with the IIT users
having mail piling up that space is just about completely gone.
So the question is, what do we do?
Unforunately at the rate we're using up disk--far faster than
I had thought we would--we may have to do something drastic to
keep mail service running on Grex.
Ideas that come to mind are
- Start zapping IIT accounts that are at the 1M limit. There are
several there right now. Disgusting, but would give us space.
Option B would be to just zap the mailboxes, and let mail for
these accounts start piling up again.
- Start moving full mailboxes to their owners home directories.
Much nicer, but places the strain on the /a and /c partitions
and will fill them up before long.
Longer term, we have the 1.7G disk that is on the old Sun-4/260
that we decided to bring over here, which will give us some more
breathing room. Unforunately that takes a little time to do and
demands physical presence at the Pumpkin, and this isn't a great
time for that. Maybe on the weekend.
|
albaugh
|
|
response 184 of 264:
|
Dec 31 21:39 UTC 1998 |
Compress the "large" mailboxes and place them in the users' home directories.
|
rcurl
|
|
response 185 of 264:
|
Dec 31 21:58 UTC 1998 |
What's wrong with enforcing the space limits, after warning the owners?
|
scott
|
|
response 186 of 264:
|
Dec 31 22:51 UTC 1998 |
Our space limits assume that not all users will use up their allowed space.
|
tsty
|
|
response 187 of 264:
|
Dec 31 23:17 UTC 1998 |
what about forwarding to those iit accounts where the accounts *listed*
an alternate email address? i realize that wouiod take a buncha iindividuya
...individual work on the part of staff, however for the sake of keeping
our reputation (nad making it better) as well as not cutting off *cold*
the accoounts that were here . (yeh, *we* didn;t cut the accounts, iit did
the cutting of access) ... we would be providing a tail-end service
in *favor* of smoothing hteir transitin rather than truncating it.
another alternative would be for us to inform iit that their users could
be allowed to receive email on their 'slow' machine *IFF* the are allowed
to log back in here for a 'special consideratin from iit' and specifically
identify the address to which each grex account should be sent. that way each
grex account would maintain its privacy (logging back in here w/passwd), and
the (relative) assurance that a forward-to account would be under the control
of the grex loginid.
in the meantime, gzip the mail files - perhaps into a special partition -
to keep them somewhere.
i hereby volunteer to do this work - it aint hard, it just takes some
time, which i have to volunteer to grex.,
i believe this also would, by example, show iit and their/our users that
we/grex are more than usually compasionate and helpful.
getting truncated from email is NotNiceAtAll (tm).
|
steve
|
|
response 188 of 264:
|
Jan 1 01:56 UTC 1999 |
We can't reasonably put compressed mail in folks home dirs, as we
don't have enough space in /a and /c right now. Remember, these mailboxes
are filling up, through no fault of their owners. They can't get to us
to look at the mail.
Only a few people list other email addressed; those that did and have
given an indian address (ending in .in) would be likely horrified to find
that we were trying to send them their mail. Remember, IIT kgp has a 64K
link for mail (and everything else) to the outside world. We'd clog the
link up completely doing this. Until them mail cleared their sendmail,
it would be sitting here. So that option doesn't work very well.
|
mdw
|
|
response 189 of 264:
|
Jan 1 08:56 UTC 1999 |
Chances are a lot of these people have subscribed to "very active"
mailing lists. MicroSoft, ziff-davis, and several other commercial
places seem to have some big collections of these things. There are
also some *very* active indian mailing lists.
|