PNCE Logo PNCE News

Physics Network Computing Environment News

PNCE General Computing News

PNCE Network News

13 August 2002
Blocking Access to Microsoft Networking

The campus Office of Information Technology has recently announced that as of Monday, 2 Sept 2002, the campus networking people will be blocking access to Microsoft Networking file shares and Samba shares between campus and off-campus. The details can be found at the URL: http://www.oit.umd.edu/News/Archive/2002/NetBIOS.html

This change should not negatively affect most people in the Physics building. You are only affected if you have created shares on your hard drive and have made them accessible to people off campus, or if you are accessing shares on a computer off campus. As a general rule, PCS does not set up Microsoft networking for users because of the significant security issues, so you or someone you work with would have to had set this up. Therefore, if you do not understand what Microsoft networking and shares are, you will most likely be unaffected by this policy change.

If you do use Microsoft networking to share files, you can continue to do so with other people within the department and in other departments on campus. Home users connecting via the campus annex modem pool can be considered "on- campus" for this purpose. Similarly, off-campus users connecting via the campus VPN service are also considered "on-campus" for this purpose.

The decision to block this traffic at the campus border was made to enhance the IT security of campus. The Office of Information Technology notes an average of more than one Windows NT/2000 compromise per day for the year in which the attacker gained access using vulnerabilities in Microsoft Networking protocols. They also observe roughly 200,000 attempts per week of hackers probing our Windows NT/2000 boxes for these vulnerabilities. There is also concern that if defensive measures such as this are not taken, campus machines might be used by terrorists as part of a distributed denial of service attacks against critical components of the national IT infrastructure.

This decision was made at a campus level, not by PCS. However, PCS will gladly answer any questions users may have about whether or not this will affect them, and will advise any affected users on ways to prevent this from interrupting their work. Please submit a physhelp, if you have any questions or need assistance.

PNCE Unix News

5 November 2001
Retirement of mail/web on AIX machines

Physics Computing Services is planning to shutdown a number of services on the NSCP-I AIX cluster on Tuesday, 15 Jan 2002. Specifically, email and web services will be turned off on this cluster at that time.

These services are available more robustly on the newer departmental PNCE-Unix cluster. The NSCP-I cluster cannot currently provide these services as reliably as the PNCE-Unix cluster does, and, as the NSCP-I cluster is getting on in years, the quality of service that can be provided will only deteriorate. Any attempt on PCS's part to continue these services may dilute our efforts to the point of negatively impacting the quality of these services on the main departmental PNCE-Unix cluster.

Also, the NSCP-I cluster is not designed for the component upgrades as the PNCE-Unix cluster is, and therefore has a finite usable lifespan. We are now seeing machines begin to experience hardware failures which are effectively not repairable. Although there are no plans to discontinue the cluster at this time, eventually enough machines will have died that the cluster is no longer viable. Part of the reason for the turning off email and web services now is so that these essential services can be migrated in a controlled and planned manner rather than desperately when the cluster dies.

The date for the shutdown was selected somewhat arbitrarily. Therefore, if you rely on these services and have a major conflict with that date (e. g., a major conference or report due just shortly after the date), please contact us and we can discuss shifting the date forward or backward a couple of weeks. Unless you hear otherwise, however, assume the date of 15 Jan 2002 is the actual cutoff date.

The following is a more detailed explanation of what will and will not be affected by the service shutdown, and some options PCS will be making available to ease the transition:

  1. Login Access: Login access to the client machines will not be affected. You can login, run programs, do calculations, etc., just as you do now.
  2. Batch Jobs: The continuation of LSF batch access is still under consideration. We have not noticed any use of the system in the past 4 months. As the department is paying a license for use of LSF based on the number of clients, we are considering dropping LSF on the NSCP-I cluster either to reduce our licensing cost or to increase the number of machines participating in the NSCP-II LSF cluster. If you have objections to this, please relate them to Charles Smarsh and Tom Payerle.
  3. Web Browsing: You will be able to run netscape on the AIX machines and view web pages on other systems.
  4. Web Serving:
    1. You will not be able to post web pages (personal, group or departmental) on the AIX system. All web pages that start with the URLs:
      http://nscp.umd.edu
      or
      http://katherine.physics.umd.edu
      will no longer be available to anyone, on any NSCP I system. PCS will try to provide a setup so that, when people use the former URL, they will get a page informing them that this web server has been retired, and and then be pointed to the main departmental web servers to look for their pages there. It is not clear how specific we can be in doing this (i. e. we can probably inform web surfers that http://nscp.umd.edu/~payerle doesn't exist and they should look on http://www2.physics.umd.edu, but we might not be able to inform them that they should change payerle to tpayerle). We will likely only be able to do this for the http://nscp.umd.edu URLs; the http://katherine.physics.umd.edu URLs (which you weren't supposed to be using) will likely just break.
    2. Web pages currently being served off the NSCP-I cluster will need to be moved to one of the other departmental web servers if you wish to continue to make them available to the world. There may need to be some editing of the files if they reference the old server. Please submit a 'physhelp' if you need PCS assistance in making this transition.
  5. Sending email: You will not be able to send email directly from the AIX machines. (Actually, there will be some limited ability to do so, but mail sent that way may have some odd headers and recipients may have trouble replying to it. Therefore, we strongly encourage people not to send mail from the AIX boxes. PCS will not support problems should problems arise.)
  6. Receiving email:
    1. You will not be able to receive mail on the AIX machines. It will be possible to read mail received on the system before the cutoff, and most email readers can read mail received on the main departmental email server from an AIX box, but the mail will no longer go through the AIX system. In particular, this means that your email addresses:
      user@nscpmail.physics.umd.edu
      user@katherine.physics.umd.edu
      user@_some_AIX_machine_.physics.umd.edu
      will no longer receive email. However, see #6b below.
    2. PCS recognizes that getting everyone who corresponds with you to use a new address is a somewhat difficult and a very lengthy process. We therefore will offer our mail bouncing/reflecting service to anyone who requests it for the NSCP-1 addresses. This service will also be provided automatically to anyone with a '.forward' file for their NSCP-1 mail address. This service works similarly to a '.forward' file, in that email sent to your NSCP-1 address (e. g., user@nscpmail.physics.umd.edu) will be forwarded to an email address of your choice. The only difference is that you cannot change the address being forwarded by yourself, but need to submit such requests via 'physhelp' (Please keep such changes of forward addresses to a minimum). If you expect to need to make such changes often, please consider having your NSCP-I mail bounced to another account, e. g., PNCE-Unix, where you can directly change the forwarding).

      The jist of 6a and 6b is that people can continue to send mail to your NSCP-1 address, and we will see to it that it gets sent to another account of your choice, but it will not accumulate on the AIX machines.

    3. Because most people wish to keep their archived mail in the same place as where they read new mail, you will probably wish to relocate your archived mail. Fortunately, most Unix systems are quite compatible with regards to mail formats, and most of the IMAP servers on campus(which serve mail to PC based mail clients like Outlook and Netscape) are Unix based, so this is usually quite straight forward. Submit a 'physhelp' if you need PCS assistance with this.

Note: PCS is in the process of evaluating different strategies for increasing both homespace and groupspace on the Glue'ed NSCP II systems. It is hoped that this hardware will be in place in early 2002 with possible production use of this additional disk space sometime shortly thereafter.

17 Aug 2001
NSCP-I (AIX) Break-in

Several NSCP-I (AIX) machines were broken into. It is believed to have been through a bug in the telnet daemon process. Unfortunately, no patch is available for the current OS level. As such, incoming telnet service has been disabled on that cluster indefinitely.

PNCE PC/Novell News


University of Maryland Signature     Physics Home | PNCE Info | UNIX Info | PC Info | System Info | POWL Firstaider | E-Mail

This page is maintained by the Physics Web Managers:
For Content Questions contact the WebEditor.
For Technical Questions contact the WebTech.