NOTE:
The NAS website is no longer being updated. The information on this page may be out of date and/or incorrect.

For more current information on this page's topics, see:

July 1998 Netnuggets

1)  Network configurations more important due to router changes to
    protect against "smurfing" denial of service (DoS) attacks.

2)  Tampico is gone, you may need to update your bookmarks.

3)  Novell 5 coming soon, make sure your upgrade protection fees are paid now!

4)  New NAS/FAST3 classes in the works.

1.  Some routers on campus have had filters configured to protect
against a recent problematic denial of service (DoS) attack.  On or
about August 10 these filters will be enabled on all Cisco routers on
campus.  The cost of protecting your network from this attack will be
more stringent requirements for configuring hosts on your network.

In the past our routers were quite forgiving of errors in the
netmask setting.  Now the netmask and broadcast addresses must be
set correctly.  There is a handy utility on the staff cluster to check
the correct netmask for any host at UIUC called netname.  See the man
page for more details.  This example demonstrates its use:

staff2 > netname -a staff1.cso.uiuc.edu
uiuc-dcl-net.uiuc.edu   255.255.255.128 (0xffffff80)
        "contact=Bob Booth, 217-244-1251"
        "email=r-booth@uiuc.edu"
        "netname=CSO DCL Ethernet"
        "building=0210"
        "AppleTalk=1280"

The first line returns the full name of the network the host is on,
then the network mask in dotted decimal, and then hexadecimal format.
The contact should be the network administrator.
Note there is also additional useful information.

We've discovered that IBM Xstation 130 X-terminals need to have their
gateway setting removed from their configuration to boot properly with
these filters in place.

Network administrators should verify that all hosts are using the
correct network mask and broadcast adddresses.  The broadcast address is
255.255.255.255 on most networks (unless your network administrator
indicates otherwise).  If you have old X-terminals they should work with
out a gateway address even before the router filter is enabled.

Here are some references for those interested in reading further
about this:
http://www.rsng.net/presentations/nanog11/smurf/index.html
The Latest In Denial of Service Attacks: "Smurfing"
 Presentation at the Interprovider Operations BOF - NANOG 11

http://www.quadrunner.com/~chuegen/smurf/
THE LATEST IN DENIAL OF SERVICE ATTACKS: "SMURFING" DESCRIPTION AND
INFORMATION TO MINIMIZE EFFECTS (by Craig A. Huegen)

ftp://uiarchive.cso.uiuc.edu/pub/doc/rfc/rfc2267.txt
Network Ingress Filtering: Defeating Denial of Service Attacks which
employ IP Source Address Spoofing


2.  Many networking WWW pages on tampico have moved to new locations.
Your bookmarks to the old links will no longer work.

The best URL to bookmark for the Network Administrator Support
Handbook (NASH) would be the NAS homepage which will always have
a current link to the NASH.  The aliased address:
http://www.cso.uiuc.edu/ph/www/admin-help
should always work for NAS no matter where it moves.

The Automatic Host Registration Page which used to be at:
http://tampico.cso.uiuc.edu/hostreg/       is now at:
https://www-s1.cso.uiuc.edu/hostreg/

Most everything else in the Communications Engineering web has moved to:
http://www-commeng.cso.uiuc.edu/

3.  Netware 5, Novell's latest server OS, is due out in early August.
Netware 5 is tcp/ip native, which means you can access your servers from
anywhere on net without ipx routing.  Netware 5 has improved disk
caching and now has virtual memory.  The file system has been improved
to handle much larger hard drives at a much faster speed.  Netscape's
commerce server also comes bundled with it.  I've been told it will
include a 5 user Oracle server free.  Netware 5 is year 2000 compliant
(Netware 3.12 and 4.11 are now compliant out of the box, and patches are
available for older distributions).

Novell has a program of "upgrade protection" where you pay a fee at the
beginning of their year and any new versions of the software you've
protected is free to you for the rest of the year.  This year, we are
fortunate in knowing a new version of Netware is coming.  So, if you
have netware 4.x (or you bought netware 3.12 at netware 4 prices during
the strange licensing rules of netware 4.0 and 4.02), you can pay for
upgrade protection right now and get Netware 5 for "free".

A 250 user license can be protected for $983.96
A 100 user license can be protected for $550.86
A 25 user license can be protected for $290.98

You must pay your upgrade protection before Netware 5 is officially
released.

4.  CCSO is working on new NAS/FAST3 networking classes.
These new classes will no longer be limited to just network
administrators.  We will send out an email when a schedule is available,
and shortly thereafter information should be available on the NAS
Classes page:

http://www.oir.uiuc.edu/FAST3/Default.htm