[5187] in Release_7.7_team
Re: VPN for Solaris
daemon@ATHENA.MIT.EDU (Alex T Prengel)
Thu Jun 30 00:55:01 2005
Message-Id: <200506300454.j5U4sn8d015007@astrophel.mit.edu>
To: "Jeffrey I. Schiller" <jis@MIT.EDU>
cc: alexp@MIT.EDU, ops@MIT.EDU, release-team@MIT.EDU, jdreed@MIT.EDU
In-Reply-To: Your message of "Wed, 29 Jun 2005 20:57:07 EDT."
<1120093027.20989.2.camel@jis.tzo.com>
Date: Thu, 30 Jun 2005 00:54:49 -0400
From: Alex T Prengel <alexp@MIT.EDU>
X-Spam-Score: 1.041
X-Spam-Level: * (1.041)
X-Spam-Flag: NO
>Do you know that the ACCESS DENIED is from interlopers rather then
>legitimate users off-campus who are now locked out?
There's no way to be certain, and there's only limited data for the
DENIED records from the last week or two. I'll give a sample of actual
data over a year or so (prior to the restriction being set) and some
analysis to give a sense of the issues (the only relevant data are the
raw license server logs):
In the Matlab license server log from 6/16/04 to 6/19/05, I see many records
like this:
15:16:35 (MLM) OUT: "MATLAB" xinhu@nerd-xing.mit.edu
and:
9:56:00 (MLM) OUT: "MATLAB" altay@SWIRL.MIT.EDU
obviously MIT; I also see:
15:21:05 (MLM) OUT: "MATLAB" deman@m66-064-12
which is also pretty certainly MIT. Then I see things like:
15:32:59 (MLM) OUT: "MATLAB" jvb@node-02
which could be anyone anywhere as far as I know (I don't know why the
license server records fully-qualified domain names in some cases but
not others).
An OUT event means a license was checked out; for the log file over this
period,
cat admin.log | grep OUT | wc -l gives 324846.
cat admin.log | grep OUT | grep -v @m | grep -v mit | grep -v MIT | grep -v whoi | wc -l
gives 45120 (a slight undercount because this misses things like:
17:27:43 (MLM) OUT: "MATLAB" yivanov@monterosso )
The latter is 14% of the total. I can't be sure who these people are but if
they're off-campus the only authorized users are students with Athena machines-
and I doubt they represent 14% of our Matlab launches.
I tried grepping for non-MIT domain names- it's tricky to set the right grep
filter but I found several hundred records with domains like dominia.org,
homelinux.net, www2.cag, chronosilence.org.
In any case, whatever the data, the fact remains that we were wide open
until the restrictions were put in place.
Alex
