Minutes of Working Group Meeting

JAC Base Facility, Hilo

June 12, 2003

Present:

• Laurie Bass (Gemini)
• Mac Cooper (SMA)
• Tony Denault (IRTF)
• David Fuselier (JAC)
• Miranda Hawarden-Ogata (IfA/IRTF)
• Nick Johnson (Gemini)
• Ryusuke Ogasawara (Subaru)
• Pui Hin Rhoads (IfA)
• Kiaina Schubert (Subaru)
• Kanoa Willington (CFHT)

Absent:

• CSO
• Keck
• UH
• VLBA

Minutes

Current Network Status

Miranda provided everyone with a block diagram of the current MKOCN.

There were several outages to report on, two of which were due to DoS attacks:

May 20 - Starting at about 5:00pm, a DoS attack originating from virus infected computers at IfA Hilo shut down connections for all MKO facilities. The attack stopped while we were still working on locating the infected machines. All connections were restored at 8:30pm except for Gemini. Recycling power on the media converters was necessary to bring the connection back the next morning. It would take almost two weeks and another attack before the root of the problem was fixed. See June 2.

May 30 - A cabling problem at the UH campus on Oahu resulted in short interruptions of 5 to 10 minutes to some Internet sites from 9:30am to 11:00am.

June 02 - An attack similar to what happened on May 20 started at 3:30pm. Having learned from our experience on May 20, we immediately isolated the IfA Hilo router. As a result, most of MKOCN was affected only for a short time. However, while still working on locating infected computers within IfA Hilo, we noticed similar traffic from JAC and Gemini. The attack stopped before we were able to get a hold of JAC and Gemini personnel. In hind-sight, the traffic we saw from JAC and Gemini was probably responses to the attack from the IfA machines.

It took IfA Hilo serveral days to go through all their PCs. Four machines were found to be infected with viruses. These viruses included: the Deborm worm, ProcKill-AF, IRC-Sdbot, and Backdoor-JZ. Following is part of the description from McAfee of these viruses:

"This trojan connects to an IRC channel and accepts commands from there. The commands are related to performing denial of service attacks and downloading and running files on the victim's computer."

Thomas Cooper reported problems with connection to I2 from SMA. CPU usage goes up to 100% every 20 hours or so on their 7200 router. He is still looking into the problem.


Emergency contact for network problems

The incident on June 2nd prompted the need for after-office-hour phone numbers from network managers. Pui Hin pointed out that the current emergency contacts are mostly directors and facility managers and their office numbers. Everyone present was happy to provide Pui Hin and Miranda with their home and cell phone numbers.

FY 03/04 Budget

Pui Hin presented the proposed FY2003/04 budget with the following comments:

The increase in the salary portion is due to the inclusion of a 20% FTE support for Miranda for the first time. She was supported by the Gemini network grant in the past two years.

The equipment budget includes money to add wireless support at HP and the dorms.

Secondary DNS at HP

Pui Hin reported that the DNS at HP is working except for the following:
• Gemini is not allowing zone transfer
• CSO advised us that they will not be able to participate because they do not manage their own DNS.
• We are still missing information from Subaru and VLBA

Wireless implementation for the Visitor Center and HP

Feedback from everyone present after consulting with their directors indicated that they were all for going ahead with the wireless implementation for the VIS as well as HP. There was no representative present from VLBA, but Pui Hin received a report of a propogation analysis from Dan Mertely indicating that the wireless implementation for the Visitor Center will be below the harmful threshold for all VLBA observations. However even though Dan noted that any concern is more theorectical than practical, he prefers to see 802.11a rather than 802.11b if wireless is deployed. Dan is also concerned about the precedent being set of installing any wireless system near a science preserve (especially one which is home to a radio telescope). A copy of Dan's analysis was distributed to all present.

The consensus of those present was to go ahead with the implementation. In addition, because of the popularity of the 802.11b standard, the group feels that 802.11b has to be supported along with 802.11a for the wireless implementation to be useful.

Further discussion on the implementation followed. For the Visitor Center, Pui Hin wants to use a bridge rather than an access POINT which will eliminate the need for the Visitor Center to buy other wireless equipment.

For the implementation at HP, all agreed that the wireless should be on a separate private network. External bandwidth usage will be limited to 10Mbps.

Next Meeting

Pui Hin proposed moving the next meeting date from September 11 to the following week, September 18.

Note: The meeting was subsequently re-scheduled for September 19th because Jonathan Chock -- who will be hosting the meeting -- will be on Oahu on September 18th.

Friday, September 19th, 10:00am at Keck, Hilo