[5188] in Release_7.7_team
Re: VPN for Solaris
daemon@ATHENA.MIT.EDU (Mitchell E Berger)
Thu Jun 30 05:00:23 2005
Message-Id: <200506300900.j5U905Xg001860@byte-me.mit.edu>
To: Alex T Prengel <alexp@MIT.EDU>
cc: "Jeffrey I. Schiller" <jis@MIT.EDU>, ops@MIT.EDU, release-team@MIT.EDU,
jdreed@MIT.EDU
In-Reply-To: Your message of "Thu, 30 Jun 2005 00:54:49 EDT."
<200506300454.j5U4sn8d015007@astrophel.mit.edu>
Date: Thu, 30 Jun 2005 05:00:05 -0400
From: Mitchell E Berger <mitchb@MIT.EDU>
X-Spam-Score: 1.041
X-Spam-Level: * (1.041)
X-Spam-Flag: NO
Hi Alex,
>The latter is 14% of the total. I can't be sure who these people are but if
>they're off-campus the only authorized users are students with Athena machines
>and I doubt they represent 14% of our Matlab launches.
>
>I tried grepping for non-MIT domain names- it's tricky to set the right grep
>filter but I found several hundred records with domains like dominia.org,
>homelinux.net, www2.cag, chronosilence.org.
I apologize in advance for intruding on this discussion, but noting the
domains you picked out above, I'd like to point out a few things I've
noticed that suggest that we may be going through a lot of work to cut off
licence access to legitimate community users.
============ dominia.org
athena% host dominia.org
dominia.org has address 18.208.0.43
athena% stella 18.208.0.43
Machine: DOMINIA.MIT.EDU
Aliases: ET-MACHINE.MIT.EDU, SAILORMOON.MIT.EDU
Address: 18.208.0.43 Network: ET
Owner: LIST et-people-acl Use data: 11-aug-2003 07:58:48
Status: Active (1) Changed: 31-aug-1995 18:23:08
Vendor: IBM Location:
Model: PC Contact:
OS: LINUX Billing Contact:
Opt: 0 Account Number:
Adm cmt:
Op cmt: ]
Created by msreynol on 31-aug-1995 18:23:08
Last mod by cfox.root@ATHENA.MIT.EDU at 19-dec-2000 12:13:58 with stella.
Though I am not 100% certain, I have strong suspicion that this is even
an Athena Linux machine.
============ www2.cag
athena% host www2.cag.csail.mit.edu
www2.cag.csail.mit.edu has address 128.30.67.18
Though I again cannot be 100% certain, I have very strong suspicion that
the machine you've found here is one of the servers in my research group,
the Computer Architecture Group (CAG) at CSAIL.
============ chronosilence.org
From the WHOIS database on the web at http://www.internic.net/whois.html:
Domain ID:D75999130-LROR
Domain Name:CHRONOSILENCE.ORG
[....]
Registrant ID:GODA-0276095
Registrant Name:Rodin Lyasoff
If you were to look in the MIT Alumni Database online at http://alum.mit.edu/,
you would find that Rodin Lyasoff received a Master of Science degree from
MIT's Aero-Astro Department in 2004, and thus was quite plausibly still a
member of the community during the period you were running these searches.
============ homelinux.net
This domain appears to be used by lots of different people, and so I can't
really find anything more specific about it, but when three of the four
"off campus" hostnames you choose from the logs as examples of likely
unauthorized access turn out to be MIT community members' machines, and when
two of those even turn out to be *ON* campus, the case that we've been
suffering a large degree of unauthorized use and are addressing a real problem
by cutting off access to non "net 18" machines, even at the expense of
legitimate users we know to have Solaris Athena machines off campus, does
not seem very strong.
Mitch
