Minutes of Smathers
Middle Manager's Meeting
February 4, 1999
Present: Rich Bennett, Pam Cenzer, Gary Cornwell, Carol Drum, David Fuller, David Hickey, Dot Hope, Martha Hruska, John Ingram, Erich Kesse, Tom Minton, Richard Phillips, Carol TurnerDenial of Service Attacks
- The University is increasingly being hit by denial of service attacks.
- Yesterday's attack targeted node 3 on the SP nodes. It was started and stopped several times.
- The attack utilized nearly all of the bandwidth on our Internet connection.
- BellSouth was contacted and worked on the problem.
- The details of the attack are as follows: the attack was ICMP based and was a series of ICMP echo replies sent against a target host. Note that these echo replies are artificially generated and are not in response to ICMP echoes sent as with a smurf attack. The ICMP reply packets are exceeding 100 packets/second and are carrying a maximum payload (1500). The source address of the packets appears to come from all over the world/internet.
- The script generates these attacks and it assembles the packets with randomly chosen source addresses. The outcome of this is that the packets are virtually untraceable. The only way to attempt to locate the source of the attack is to trace the heavy flow backward through the providers.
- All of BellSouth's customers have been affected by this attack since it has used up all of the bandwidth on their UUNet connection. BellSouth identified the peer point that the traffic is coming in through and they worked with UUNet security in an attempt to track it further.
- It is best not to plan on always having live Internet taps at your disposal for presentations, etc. It is necessary to always have hard copy back ups in case your Internet access is unavailable.
- This hacker situation is not expected to change. Federal laws do exist on the books that would allow for prosecution if the perpetrator can be caught.
- We have order 20 more Gateway workstations. They are the standard Pentium II's & will probably have a bigger hard drive or processor than our most recent purchases.
- Given that the price of computers is dropping, these new computers will be designated as replacements for outdated computers. Those Gateways reaching the end of their 3 year warranties as well as all non-Gateway machines will be replaced.
- We will also be replacing all of the dumb terminals. There will be no terminals kept as back ups - we will have the ATC Standalone catalog in place for that. We'd like to have all of the terminals eliminated by at least June, December at the latest (they are not Y2K compliant).
- Discussion ensued about staff implications with the withdrawal of terminals. Security comes into question. Bill notes that we are looking at a gizmo that will allow use of the keyboard & monitor while enabling us to lock the CPU in a closet - basically rendering it to terminal-like functions. Right now that device is expensive & we would have to find a place to keep the boxes & run wire.
- Currently, all of the public work stations have a common interface. With these PC's replacing the remote terminals, the interface will be different. Patrons will probably be expecting them to perform as the other public machines - providing access to everything. It will have to be accepted that certain machines will perform different functions (as in the email-only machines).
- We have already upgraded about 8-10 staff machines to Windows'98.
- More licenses have been requested.
- Win'98 will be around for 2 or 3 more years before the next upgrade is ready.
- We'll be upgrading staff machines first, then the public area in departmental chunks.
- So far there has been no trouble with Win'98 itself, although sometimes the upgrading process can be problematic on some machines.
- Netscape & any other browser can be run with Windows'98. Anything that currently runs on Win'95 will work on '98.
Back to the Systems Homepage
Last updated February 17, 2000
by Debra Harris