September 1999 NAS Nuggets
Contents:
1) NAS Workshop Schedule
2) UIUC Computing and Network Policies
3) Fall '99 CCSP Training Conference
4) A new Software Tool for Net Admins
5) Where does the tutbound traffic Go?
6) Y2K? Why Not 2K?
7) Hewlett Packard Switch issue
8) Superglue for Sun Workstations
9) Walkup Computing
10) Operations Center UpdateNAS Workshop course schedule
Date Room Time Class 10/5 1330DCL 10am-noon Networking Basics 10/27 2240DCL 10am-noon Anti-Virus Distribution over Networks 11/2 1330DCL 10am-noon Networking in Windows 9x/NT 11/17 2240DCL 10am-noon Workshop-TBD 12/7 1330DCL 10am-noon Networking BasicsUIUC Computing and Networking Policies
There are always questions regarding proper usage of the UIUC network, especially at the beginning of the school year. Please refer to the following url, which contains the policy statements: http://www.uiuc.edu/unit/ccnc/uiucnet.htmlAnnouncing: Fall '99 CCSP Training Conference!
The Computer Consultant Support Program (CCSP) will host its Fall Training Conference on Tuesday, November 16, 1999. This semester, we've put together an agenda which we believe you won't want to miss! Scheduled to deliver our morning keynote address is UIUC's newly appointed CIO, Dr. Hassan Aref, who will share his thoughts about managing IT in a modern research university. Also joining us is Dr. Rob Rosenberger, who will deliver a plenary session on virus hoaxes, and back by popular request, Charley Kline has agreed to speak again. We have various other agenda items in the works which we believe make this semester's conference one of the best yet. Watch our website for further conference information at http://ccsp.cso.uiuc.edu/ for further information. NOTE: This conference is for registered CCSP members. To join CCSP, please see our web page (above) and complete the Enrollment Form as directed. Registration information will follow via the CCSP listserv. Contact Lynnell Lacy, CCSO Training and Education Services, via telephone at 244-1257 or via email at lynnell@uiuc.edu for further information. See you at Beckman Institute on November 16 (advanced registration *is* required).A new software tool for NetAdmins
Vikram Kulkarni has been working all summer on a WWW-based client to allow network administrators to monitor and manage multi-vlan switches. I'm pleased to announce that the package is now in a usable state with basic features working to the point we've asked a select group of network administrators try it out and provide feedback. The working name for the software is IRIS. The URL is: https://www-s1.cso.uiuc.edu/iris/ After Bluestem authentication you will see a list of vlans for which you are authorized to access switch information. Click on a vlan and you should get a list of all switches with ports on that vlan. Click on a switch name, and you'll get a summary of all the ports on the switch. Select a few ports with a check box and you can click on a button that will show detailed stats on those ports. Reload the detail page and you'll get delta values of the changes to the stats since the first load. Currently most netadmins are not configured to see switches. There is a fair amount of work to be done before this software is ready for general use, but individuals with great need are welcome to join the beta test. Drop us an email at admin-help@uiuc.edu if you have a vlan switch you'd like to view.Where does the outbound traffic go?
From Charley Kline: Our external connectivity has three physical paths. We have 155Mb/s to the vBNS, 12 Mb/s to Verio, both of which have points of presence here in town (the vBNS is at NCSA, Verio is colocated in Node 2). We also have 155Mb/s up to the AADS NAP in Chicago. Running on that physical link are many virtual circuits. One goes to our other Commodity provider, nap.net, from which we buy 14 Mb/s of bandwidth. Another significant VC on that link goes to Abilene, which is the transport network for Internet2. That just came up this summer and is already taking a large amount of traffic. It appears as though much of our access to other major universities takes this path. Other VC's on the NAP link go to our MREN peers (www.mren.org). MREN is a consortium of "Metropolitan Area" (although it includes things such as the University of Iowa) schools and research institutions. such as Fermilab and Argonne. Finally, we peer (exchange traffic with) on an informal basis with several Service Providers also located on the NAP. These range from big webhosting sites such as conxion.com (significant since any microsoft.com download comes via them), Exodus.net and Above.net (also hosting popular web sites) and a bevy of smaller Chicago ISP's such as MegsInet and Pilot.Y2K? Why not 2K?
For information about campus Y2K issues, see the following url's: http://y2k.cso.uiuc.edu/ http://y2k.cso.uiuc.edu/commengHewlett-Packard switch issue
From the Network Design Office: The HP 4000M and 8000M series state in the manual that the modules are hot swappable unless you are replacing a module with a different media. The manual also states that you can install a module in an empty slot without disruption. Two (2) new 10/100 modules were placed into an 8000M. All the other modules were 10/100 as well. When the cards were inserted, the switch started to partition and generate multiple errors. The system had to be reset to correct this. So, this may be a glitch. When I receive the HP 4000M that I ordered, I plan on testing this further.Superglue for Sun Workstations New Easy Way to Patch Solaris Systems
In an effort to make it easier for people to keep their Solaris systems up to date with the latest recommended patches, the CCSO Workstation Services Group (WSG) has developed a program called superglue. It can be used to apply patches on a Solaris 2.6 or 7 system as follows: As root... 1) /usr/sbin/mount docsun.cso.uiuc.edu:/services/patches /mnt 2) /mnt/superglue 3) /usr/sbin/umount /mnt (don't forget this last step!) Superglue compares the patches already on your system with the ones in the latest patch cluster from Sun, and installs the patches you are missing. This software was developed by WSG to automate patching of systems we manage, and is now being made available to campus on an "as-is" basis. The recent security attacks on campus exploited vulnerabilities that were fixed by the recommended patches. These unfortunate incidents highlight the need to apply Sun's recommended patches, and to be diligent about applying new patches as they are released. Superglue makes it easy to patch vulnerabilities, and the three simple steps listed above should be used on a frequent and regular basis. Some notes on the use of superglue: - Remember that suplerglue is designed to work only on Solaris 2.6 and 7. - After checking what you need, superglue uses the standard patchadd command to install the needed patches. Patchadd saves a copy of the replaced system files under the /var/sadm directory, so you need to have some free space available there. The size of the saved files depends on the patch, and usually ranges from a few kilobytes up to a few megabytes. - If superglue finds that your system needs a lot of patches, it may take a little while to run. The underlying patchadd command does a lot of bookkeeping and integrity checking before installing patches, and depending on the speed of your system and your disks, this can take some time. - "superglue -h" will list all its options. For example, you can tell superglue to ignore a certain patch, which is useful if you've installed a non-Sun version of sendmail and therefore want to ignore Sun's sendmail patch. - If for any reason you want to install patches without using superglue, you can download the patch clusters from Sun directly at http://sunsolve.sun.com/pubpatch Then you can run the install_cluster script included with the clusters. If you want to download individual patches from the cluster, you can get them at http://sunsolve.sun.com/security and use the patchadd command to install them. Special note to people running Solaris 2.6: - Currently, one of the important security patches, 106592, is not included in Sun's patch cluster (this omission has been reported to Sun). You can download this missing patch via anonymous ftp from docsun.cso.uiuc.edu; the file you want is 106592-02.tar.Z in directory /pub/sun/solaris. To install the patch, become root and then uncompress 106592-02.tar.Z umask 022 tar xvf 106592-02.tar cd 106592-02 /usr/sbin/patchadd . After the patchadd completes successfully, you can delete the 106592-02 and 106592-02.tar directory and files. THE BOTTOM LINE... However you choose to do it, please patch your system regularly to prevent a needless loss of productivity and time if your system is compromised. Superglue tries to make the patching process as convenient as possible. -Mona Heath CCSO Workstation Services Group 9/13/99Walkup Computing
CCSO is testing a new Walkup Computing service at the Grainger Engineering Library. The purpose is for members of the campus community to plug in their portable computers and be connected to the Internet via the UIUC campus network. To prevent unauthorized access and provide accountability, you must authenticate before your computer is fully connected to the network. Active jacks at the Grainger Engineering Library: . 3rd floor, west end study carrels . 4th floor, west end group study rooms The Grainger jacks are subtly labeled "DATA" and "VOICE". The DATA jack seems to be the blue one. Any computer that is configured for network use should work without reconfiguration on these ports. Simply plug in to one of these data jacks (not the phone jack!) and bring up your web browser. Any attempt to access a valid web page will be redirected to the authentication page. Log in with your UIUC NetID and password, and you will then have access to the network. We have had successful tests with Windows (95/95/NT), Macintosh, and Linux. Both Netscape and MS Internet Explorer are frequently used; lynx has been used successfully, but we do not have a lot of data on lynx. Just a few ground rules: No complaints if the service is unusable. That's why this is called a trial and not a production service. Feel free to make use of this test service and to report anything you think significant to me, but do NOT rely on it and do NOT report problems with it to our Operations Center. There are some known limitations on Walkup Computing. Microsoft networking is not fully functional. For example, you cannot browse the network, though you can mount a specific file system across the network. Also, you cannot run a server or accept connections from outside hosts. You may use your standard clients for web, ftp, telnet, POP, IMAP, RealMedia, etc. Standard X servers will not work, although if you use ssh to access a remote host, the X display from that host should work as it uses the ssh channel and not a separate network connection. Appletalk will not work. If you discover any other limitations on network protocols or services, please mail information to walkup-computing@uiuc.edu Security Issues. The main URL on the Login authentication web page will be displayed as http://PublicPort/PublicPort/PP-Login or http://35.42.42.42/PublicPort/PP-Login While UIUC Bluestem authentication cautions you to never enter your NetID password into a web page other than to a www-s server, this is the only way to authenticate for the new walkup service for now. After a trial period we will issue appropriate changes to either the walkup authentication page or the Bluestem page. Each client jack is alone on a switched ethernet port, prohibiting others from seeing your traffic. Although we will try to maintain a stable system, the new service may experience unplanned outages. Comments and problem reports to walkup-computing@uiuc.edu .Operations Center Update
New Name, Same Phone Number: CCSO's NOC (network operations center) and CCSO's Machine Room Operations (MRO) are now housed in a common space referred to as "CCSO's Operations Center" (or OpCenter for short). The center can be reached at 244-1000 (which is the old NOC number). The center is staffed 24 hours a day, is now in a new location inside of DCL - complete with a new phone system and new workstations to better serve the campus.