Items of only transient interest, obsolete addresses, etc have not been included.
Produced by the Computer Board And Research Councils' Joint Network Team and Network Executive.
My apologies for the complete absence of Network News in 1987. We made determined efforts to publish but failed due to the shortage of staff and pressure of other work. The staffing position looks much brighter for 1988 and Shirley Wood has joined the production team as Assistant Editor. We intend to publish regularly and will also be aiming at improving the size and content of the newsletter. Contributions and comments are always welcome.
Bob Cooper
There have been significant developments during the past year in the provision of services to support international access. There is a growing requirement for network links with other countries arising from the widespread use of electronic mail and increasing requirements for data communications to support international collaborations. The UK academic community is served by a range of facilities that provide access to different international communities but these services have in the past been provided in a variety of ways with different funding mechanisms, management schemes and user support arrangements. The total funding requirement for these facilities is large and continues to grow. Furthermore, there is a trend for the access provided by these facilities to overlap as a result of developments in other countries to provide inter-network gateways. Faced with new demands for funding to support EARN and other new services on top of existing commitments, an initiative was launched by the JNT/NE early in 1987 with the aim of providing a consistent, rationalised and cost-effective set of services for the UK Academic Community capable of meeting the community's growing requirements at a reasonable cost. At its policy meeting in March 1987, the Computer Board adopted a set of guidelines for future support of international access services and these guidelines have since been adopted by the other principal funding bodies.
The guidelines are:
It is proposed to bring all the services within the JANET management and user liaison structure under the management and direction of the Network Executive and the Network Advisory Committee. A consistent funding, management and user support scheme will replace the ad-hoc arrangements of the past. This will encourage a more coherent service image and will also enable the range of services to be rationalised as opportunities arise. The aim is to improve the services available while at the same time containing costs.
The funding situation probably requires some clarification. International networking is significantly more expensive than intra-UK networking and it is unrealistic to expect a single funding body to cover the total funding requirement on behalf of the rest of the community. The model adopted is therefore to fund the services by contributions from appropriate funding bodies or by user charging or by a mixture of both. If a funding body agrees to support its sub-community's use of a particular service, its contribution each year will be determined from the percentage use of the service by those users in the previous year. Insignificant levels of use will not be charged for but a funding body must be prepared to increase its contribution if the user community it supports increases its share of the usage. If a funding body declines to participate, or is unwilling to provide full support for its users, the users in question can continue to use the service if they make appropriate contributions towards the costs. A similar funding model has been used over the past few years to support the JANET/ARPA Gateway.
During the past year attention has been concentrated on solving the problems facing the services which provide access to the EARN and ARPA networks. In this issue of Network News I have included a brief summary of the progress with EARN, in the next issue I hope to report on an exciting new proposal to resolve the problems afflicting the ARPA Gateway.
The NRS registration of the JANET/EARN Gateway will be changed to reflect the change in status of the Gateway resulting from the management changes. The Gateway will be registered as UK.AC.EARN-RELAY for explicit addressing and the wider use of application relay facilities in host NRS implementations will be encouraged so that explicit user routing through the Gateway is not required.
Please contact me if you have any queries on the management and funding changes.
Bob Cooper
The JNT/NE has used the above funding model and guidelines to develop a proposal for the continued support of the JANET/EARN access service after termination of the IBM funding at the end of 1987. An analysis of the UK EARN statistics revealed three principal user communities funded by the Computer Board, SERC Nuclear Physics Board and SERC Astronomy and Planetary Science Board with 56%, 27% and 7% of the traffic respectively. Several other communities use the service but generate less than 5% of the traffic. The Nuclear Physics statistics do not include a large amount of traffic to and from CERN which has in the past been carried via EARN but will in future be carried by a separate Rutherford/CERN link. The total cost of supporting the EARN service in 1988 is estimated to be £60K which includes the cost of software support but not the cost of user support, which will continue to be funded by IBM during the year. Funding contributions have been sought from the funding bodies supporting the principal user communities and to date the Computer Board has approved a contribution of £37K and the Nuclear Physics Board a contribution of £18K. A decision by the Astronomy and Planetary Science Board is expected later in the year. The Computer Board has agreed in principle to support the service for two years but has requested that every effort be made to reduce the costs, particularly in the second year when the cost of user support will place an additional burden on the funding bodies.
Changes are also taking place in the management structure to complement the changes in funding. The UK EARN service will be brought under the management of the Network Executive and the Network Advisory Committee. Support for the service will continue to be provided by staff at the Rutherford Appleton Laboratory under contract to the Network Executive. It has been agreed that the UK Director on the EARN Board should be appointed by the Network Advisory Committee in consultation with the UK EARN users, and Professor Mike Wells has been appointed to this position for 1988. These proposals were approved by the EARN UK users at a meeting on the 5 November. It was agreed to continue the user meetings although the JANET user liaison groups will also provide another channel for users views and comments.
Bob Cooper
The JNT has been afflicted with staff shortages for many years and 1987 was no exception. At the start of the year 50% of the staff posts in the JNT were vacant. A review of the JNT's work programme for the next few years indicated that even a full strength JNT would be insufficient and this resulted in agreement between the Computer Board and the SERC to expand the complement by three posts. Although a vigorous recruiting campaign managed to fill three of the vacancies by the end of the year, the stark reality is that for most of the year the JNT could only deploy about 33% of the effort required to fully maintain the momentum of the networking programme.
The JNT has been restructured into three sections. Major areas of responsibility are now assigned to sections rather than to individuals as in the past. It is hoped that the new structure will provide better continuity of support, an improved career structure and result in more effective use of staff at all levels. A separate sheet enclosed with this Newsletter gives an updated organogram and full information on how to contact both the JNT and NE.
As a short term measure aimed at mitigating the effects of the staffing crisis, Shirley Wood and John Dyer from the Network Executive agreed to work part-time on some specific JNT projects. John subsequently gained promotion and joined the JNT full time as a result of the recruiting drive. Willie Black and Phil Jones also joined the JNT at the end of 1987, Willie has taken over as head of Section A and Phil is undertaking a dual role serving part-time as a member of Section A and part-time undertaking group-wide activities particularly aimed at improving the availability of information about the activities of both the JNT and the Executive. The increase in staff is most encouraging and I am sure all readers will join me in welcoming the new recruits. I would also like to place on record my thanks to staff in both the JNT and NE who worked so hard to keep the JNT going during 1987.
We therefore start 1988 in a more encouraging state than 1987 but we are nevertheless still seriously understaffed with three vacancies in the JNT and one in the NE.
Bob Cooper
A new user group has been formed to represent the interests of libraries using the Joint Academic Network (JANET) which links the computer centres in U.K. universities, polytechnics and research councils. The potential value of JANET to the libraries of these organisations has been considerably enhanced by a recent decision to include the British Library.
The User Group for Libraries has been formed with the support and sponsorship of the JANET Executive; the Standing Conference of National and University Libraries (SCONUL); and the Committee of Polytechnic Librarians (COPOL). Whilst there is a well established system of JANET regional user groups which meet regularly and represent all the connected sites in their own areas, the User Group for Libraries is only the second group formed to represent the interests of a particular type of network user. The other special interest group is for nuclear physicists.
The User Group for Libraries was formally inaugurated at a meeting of representatives from interested libraries at the London School of Economics in September 1986. The first AGM was held a year later in the British Library's London headquarters in Sheraton Street. The committee that was elected to pursue the interests of JANET's libraries (which soon became known as the JUGL committee) met five times in the first year.
The User Group and the JUGL Committee will keep under review the services of use to libraries, that are or should be provided by the network. It will press for new services, publicise and provide training for existing ones, and encourage improvement where the facilities are inadequate. Its recommendations and comments are channelled directly to the Network Executive.
Immediately before the first meeting of the committee, the UGC had written to all universities to invite bids for capital to support further integration of library activities in university networking. Some library services were already well established on JANET providing online catalogue lookup and use of the PSS gateway to access commercial information services such as Dialog, and, at that time, the British Library's Blaise. Other potential major uses including inter-library lending, file transfer of catalogue records, even electronic mail had, however, very few active users, while other areas such as facsimile transmission, new academic services, links to commercial mail services such as Telecom Gold had only just started to be thought about. The new funding should be a considerable stimulus.
Compared to other JANET groups, perhaps the most distinctive need of libraries is to use PSS to access commercial interactive information services. The majority of such calls are to databases indexing the abstracts of scientific journal and report literature, though other services index the full text of newspapers, or provide factual data of company information or for demographic studies. Only two years ago, most library access to PSS was by modem across expensive, slow speed, dial-up lines. JANET has provided its users with a relatively cheap, high-speed service to PSS.
The user group committee will continue to encourage improved services to and from PSS; whether in shared deals in equipment and software, in regional training, in JNT/NE developments on the network or at the gateway for accounting, security and reliability, or in arrangements of benefit to the UK academic community with individual PSS-based hosts. The JNT/NE members have responded promptly to these concerns, and have explored further ways of monitoring congestion at the gateways, and of expanding their capacity.
In July last year the British Library (BL) joined the JANET community, and in doing so provided direct links from JANET to two heavily used services previously accessed via PSS. Of these, Blaise is a bibliographic online information service supporting several databases unavailable elsewhere, whereas Arttel provides a service for remote terminal entry of requests for items from the British Library's Document Supply Centre at Boston Spa. In a joint meeting of JUGL with a large number of British Library staff in April 1987, many of the potential benefits of BL's participation in the JANET community were discussed. At the end of the year the BL commissioned a research study from one of the JUGL committee members.
Concerning electronic mail, perhaps the most obvious use has been inter-library requests for loans and photocopies. Growth over the last year has been steady but not spectacular, reflecting perhaps that all library operations do not yet have immediate access to terminals and network utilities such as mail, JUGL is keen to encourage far more use of the facilities: for onward routing of requests and replies where surface post is still normal, for facsimile transmission or file transfer of text.
Not all libraries that may benefit are connected to JANET. Some of the Polytechnics for example will surely connect in time: others like the National Library of Scotland, not funded by the DES. have future connections agreed. Much will depend on the role the British Library takes; it has yet to adopt the full set of recommended networking standards. Whatever happens, libraries serving the research departments of commercial firms, the public libraries, possibly the libraries of government departments, will not be able to swap mail and files until at least X.400 systems are working: only then for example will uniform standards be able to be used for all aspects of interlending. In the meantime the group will encourage all eligible to join the JANET community to gain familiarity with all the network facilities, and it will try to find support for those that need assistance.
The number of library catalogues that can be called across the network now exceeds twenty: a directory is available from the University of Sussex Library (£1.00 prepaid only). There are two proposals current to establish centralized finding systems to search the stocks of several libraries at one time, but it will take a few years yet to make the most of the huge potential for sharing resources that the network can provide.
Networked library catalogues are available primarily because of the local site interest, but they have come to be valued by users, both inside and outside JANET is deluding the local public libraries. Almost every library contains material unlikely to be found elsewhere, and within every university are databases supporting collections or highly specialized interests that can now be searched for across the UK. Such specialized "publishing" across the academic network, of documents, datasets, catalogues, archives, accessible either to registered users or to everyone, needs its own guides and publicity.
The online catalogues provide examples of computer systems intended to be used by completely inexperienced users. The experience of planning these has made their designers critical of many computer-based information and "help" systems. In every aspect of network use likely to be encountered by library staff or library users, members of the committee have been asked to encourage explanations and prompts that are simple, unambiguous, and standard.
Most of the points above are contained in a longer document (JANET User group for libraries - priorities for JANET enhancement) which was formally submitted to the JNT/NE and the National User Group late last summer. The emphasis of the committee to date has been largely on supporting the end-user, expert in anything but computer networking. In this it has been more than well helped by members of the Network Executive, who have encouraged discussion of every initiative with information and assistance.
In September 1987, the first JUGL workshop was held at Imperial College. Initially, these will have a very practical emphasis including hands-on experience with lots of assistance on most of the appropriate services. The next workshop will be held in Sheffield on April 7th 1988.
This account started by mentioning the stimulus of the additional UGC funding for library networking. The JUGL committee itself put forward a bid to the UGC to provide training and education for university libraries. At the first AGM in September 1987 the Chairman of the JUGL committee, Ken Roberts (UWIST), was able to report that the UGC had earmarked £60K in the expectation of supporting this proposal. At the time of writing details have yet to be announced.
Peter Stone and Shirley Wood
In July last year the JNT published the final report from the OSI Transition group. The Computer Board has adopted the strategy defined in the report as part of its commitment to OSI. The Report is proving to be the most popular publication produced by the JNT with nearly 2000 copies distributed in 6 months.
The transition model has a number of innovative features that have attracted attention from other organisations attempting to navigate a smooth and well managed path towards the use of OSI. The strategy puts the UK Academic Community in a strong position with regard to the introduction of OSI although it also presents a significant implementation challenge. Much of the initial work will be preparatory development work which will provide the required transition aids. For those interested in statistics, it should be noted that 28 experts, drawn from both the UK Academic Community and external organisations, contributed to the work over a two and a half year period.
Bob Cooper
The European Workshop for Open Systems (EWOS) was launched on 15 December with the first meeting of the Steering Committee. EWOS will be the focus in Europe for work on OSI Functional Standards and it will complement the work of the existing NBS Workshop in North America and the proposed Asian/Oceanian Workshop in the Far East.
The following organisations are founder members of EWOS and are represented on the Steering Committee.
EWOS will be funded by membership fees from the member organisations represented on the Steering Committee. The eight founding members have agreed to each contribute 20K ECU for the year commencing January 1988. The Director, Dr Herbert Donner of SPAG, and a small secretariat will be based in Brussels.
In addition to the Steering Committee a Technical Assembly (TA) and one or more Expert Groups will be established. The Joint Network Team has applied to join the Technical Assembly. The UK Academic Community will therefore be well represented in EWOS activities both at the Steering Committee level, via its active participation in RARE, and at the Technical Assembly level, via the JNT membership.
The first meeting of the Technical Assembly is scheduled for the 1st and 2nd of March in Brussels. The initial work programme has still to be defined but MHS, ODA, FTAM (Access and Management), Directories, and OSI Lower Layers are strong contenders.
More information on EWOS will be included in future issues of Network News.
Bob Cooper
The definition of OSI standards has now reached the point where full 'stacks' of OSI protocols and services for the seven layers of the OSI Reference Model are complete. In most of the layers there are options of various sorts. At the tower layers there can be a choice of technology and associated services, for example remote telecommunications links (switched or permanent) and X.25 packet switching, CSMA/CD (Ethernet) LAN with Logical Link Control etc. At the higher layers there can be choices of functional subsets, for example in the case of FTAM - simple file transfer or file access of various types. In addition there are optional facilities within the standards and parameter values that may need defaults and limits to be agreed. These features to some extent reflect the nature of the OSI standardisation process which does not restrain implementation detail unnecessarily and allows for optional functionality.
It has been recognised that in order to maximise the opportunities for interworking, so called functional standards are required which cover sets of OSI layers and which tie down the options in the individual standards and provide details of conformance requirements. In terms of technical effort and agreement, the development of such functional standards is well advanced in Europe. At the initiative of the European Commission, and with the active sponsorship of the European standards bodies (CEN and CENELEC) and the European PTTs (CEPT), a number of technical working groups are generating functional standards. In the first instance pre-functional standards (ENVs) are produced which can be used as the basis for procurement. After two years the ENVs are subject to review and if appropriate they become full European functional standards (ENs) with wide applicability particularly in public procurement. The functional standards are divided into a number of categories. The two main ones are the Telecommunications functions which cover layers 1-4 and the Applications functions which cover layers 5-7. Examples of functional standards that have been, or are being developed are as follows:
A non-OSI function that has been the subject of an ENV and which is of interest is ENV 41901 which covers Triple-X terminal operation over X.25. It should also be noted that two ENVs have been defined for X.400 Message Handling (ENV 41201. 41202) but work on them has been suspended since it is expected that the full European functional standards (ENs) will be based on the ISO/X.400 1988 Message Handling definitions and not the more limited 1984 CCITT definitions which were used to develop the two ENVs.
Consideration of ENVs and their applicability to the European research community is being undertaken by technical experts within the RARE community under the current study which RARE is doing for a European OSI infrastructure project (COSINE). The study is due for completion in the third quarter of 1988.
The production of the ENVs and ENs will help to promote the availability of OSI products and services in Europe. It is intended that these documents should be made available in each country via the national standards body, in the UK this is the British Standards Institution (BSI). BSI has introduced a scheme based on subscription (BITS) which can be used to obtain ISO documents and European functional standards. Published ENVs and ISO standards can be obtained directly from the BSI sales department without subscription to BITS.
The base standard ISO 8571, parts 1-4, for FT AM (File Transfer, Access and Management) has been agreed, apart from minor editing. This means that it has now reached the status of an International Standard (IS).
During 1986 and 1987 much work has been conducted in three regions: Europe, the United States and Japan, to define Functional Standards for FTAM, which describe proper subsets of FTAM, which are implementable for specific application functions of FTAM. It is the intention that products from different vendors will be conformance tested against the specifications of these Functional Standards so that interworking will be guaranteed, at least up to a very high probability.
The Functional Standards from the three regions are very close and joint meetings are further ensuring that products will interwork.
In Europe these Functional Standards are defined by CEN/CENELEC. They are based on the Profile work of the SPAG group (Standards Promotion and Application Group) of European vendors, as published in the GUS (Guide to the Use of Standards).
CEN/CENELEC has decided to define a set, more precisely a tree, of FTAM Profiles:
A/1 FTAM
-----------|----------------
| | |
A/11 A/12 A/13
--------|----- ---|------
| ! | | |
A/111 A/112 A/113 A/122 A/123
A/1 File Transfer, Access and Management
A/11 File Transfer
A/111 Simple File Transfer - Unstructured
A/112 Positional File Transfer - Flat
A/113 Full File Transfer - Hierarchical
A/12 File Access
A/122 Positional File Access - Flat
A/123 Full File Access - Hierarchical
A/!3 File Store Management
A/111 is currently prENV 41 204, and hopefully will become finally agreed in February 1988. It answers the strong need for a basic File Transfer Profile, which only allows for the transfer of whole files. This Profile win fulfil the requirements of many user groups where only simple files are exchanged, in many cases of restricted length so that there is no need for sophisticated restart and recovery mechanisms. It also allows for the implementation of the basic FTAM subset on small computers.
Other Profiles in the tree offer more functionality both in access capabilities and in access structure, ending with the full power of the FTAM standard for general hierarchical files. The access capabilities allow for the reading, writing or erasing of single records in the file structure. These are currently in an advanced draft form-.
The A/13 Profile covers the ability for an Initiator to manage the files within the Virtual Filestore to which access is provided by the Responder. Management includes the services of file creation and deletion, and of reading and changing attributes of files. This Profile is normally used by a system in conjunction with one of the A/llx or A/12x Profiles for File Transfer and File Access.
It should be noted that the three Profiles for file transfer and the two Profiles for file access are upward compatible.
Initial products from manufacturers will probably only offer simple file transfer to some, as yet unknown Functional Standard. Sites are advised not to jump at early offers but wait until the JNT can recommend a community wide Operational Requirement. By this means we will ensure the widest possible interworking.
Willie Black
It is to be greatly regretted that there has been another outbreak of serious hacking activity on JANET. This has been confined mainly to VAXs, but this is little consolation to VAX owners, and in any case well over half the machines connected to JANET and its feeder campus LANs are VAXes.
JANET provides little or no protection against such attacks, which seem to be becoming increasingly sophisticated. We have had some success in assisting sites to trace offenders, and, indeed, a number of students have been caught and punished by their Universities, but this could be seen as 'shutting the stable door'. JANET, as a matter of policy, has always been and will continue to be as open a network as we can possibly make it, and we would be most reluctant to devote effort to building up barriers which by their very nature would make life more difficult for the bone fide users as well as the rogues. Open means open to the outside world as well as to people directly connected to the network. It is simply too great an administrative burden to deal with authorising users of JANET on an individual basis.
I do not propose to say much in this article about ways of protecting against hacking or about how one might catch offenders. What I will say is that a large amount of what one might call casual hacking can, by and large, be countered by a sensible passwording strategy. It is well known that the majority of passwords used tend to come from a list of possible values less than 1000 long, which include obvious things like 'password' and common names. The use of a string of at least six digits, composed of an arbitrary combination of characters and numbers, is likely to defeat most systematic searches, as the number of possible permutations is too large to make it worthwhile trying. Users should be encouraged to change passwords fairly regularly (some system managers force this) and should not be allowed to compose a password less than six characters long. Many users are careless with passwords, and give them out to others freely or stick them in a prominent place in their office - this sort of practice should be actively discouraged. Systems should not make available to non logged-in users commands which allow them to get information about who is logged on, and sites who use systematic ways of composing account names should be aware that this makes the hackers job much simpler, in that he can guess hundreds of possible account names easily once he has a clue to the general structure. A more complete note on hacking will hopefully be circulated in the near future.
The story at the end of this newsletter gives an interesting insight into the hacker's problem.
Ian Smith
Issue No. 23 of Network News gave preliminary details of the proposed upgrades to the wide area network. The infrastructure to support a high speed trunk network linking the JANET switches was installed during 1987 and real user traffic is now beginning to run over the new trunk lines. The inner network is formed from four Megastream lines running at 2.048Mbps connected in a ring from Rutherford - London - Manchester - Daresbury - Rutherford. A multiplexer at each site then subdivides the lines down to 256Kbps channels which fully interconnect the PSEs at the above sites. The network has the ability to re-configure itself in the event of a 2.048Mbps line going out of service. Our experience so far has shown that we do not lose the trunk links but as re-configuration can take up to 30 seconds there is the possibility of losing some or all of the calls supported by them.
It is expected that all trunk traffic within the central ring will be running at 256Kbps before the end of the 1st quarter of 1988.
The programme of upgrading site connections to 48Kbps, where justified, is under way. The opportunity is being taken to remove, where possible, multiple connections to sites when they are upgraded.
John Carey
During 1987 the JNT commissioned Edinburgh Regional Computing Centre to carry out a survey of High Speed X.25 PADs. A High 'speed PAD was defined as one that was capable of driving at least one X.25 link at a speed in excess of 19.2kb/s. An initial survey was made to identify those manufacturers who produced a High Speed PAD.
From the initial survey five manufacturers were picked for more detailed examination. They were CAMTEC, Dowty, Gandalf, ICL and Netcomm.
As a result of the survey and subsequent discussions with suppliers, the following recommendations were made:
It should be noted that the CAMTEC Z80-based JNT PAD is still recommended for ordinary terminal usage, whilst the SuperPAD is targeted at the more demanding use of PADs, such as high speed terminals and attachment of micros.
Shirlev Wood
The first step in enabling the various PC-based local area networks to be integrated into the open network and to intercommunicate with each other is to define a common service interface which can be provided over each of the different networking technologies. IBM have funded the specification of such an interface which will provide the OSI Network Service and the advantages offered by this approach are
The implementation of the interface is currently being considered in the following environments
The intention is that the service interface will be an open specification and implementations for other environments will be encouraged.
A draft specification was produced and circulated by IBM last year and comments invited. Some development work is in hand. It is hoped that more information on the implementation plans will be available for publication in the next edition of Network News.
Pat Moran
A group of technical experts from the academic community is convened by the JNT to discuss matters relating to ISO LAN MAC technologies. The remit of the JNT group covers
It is expected that moves into consideration of new technologies will occur. As interest grows in a particular technology separate groups will be formed. Anyone in the academic community with an active technical interest or involvement in one or more of the areas described above would be welcome to join the group. People who are familiar with the hardware aspects of any of the newer or prospective LAN technologies are particularly welcome. If you wish to join the new JNT LAN Advisory Group or want further details, please contact: JNT-B@UK.AC.RUTHERFORD.GEC-B
Shirley Wood
Since the report in the last Network News some significant changes have taken place in the operation of the NRS service. By Easter the Prime 22^0 was handling so many file transfer requests that it was not able to cope with them properly. The decision was taken to distribute the database collection service and we asked for volunteers to run 'Distribution Centres'. Six such centres were established at Cambridge, Edinburgh, SWURCC, ULCC, UMRCC and the JANET News machine and the first ones became operational during June. All are now fully operational and hold different subsets of the NRS central database.
At the same time an investigation was started to see how the service could be improved. The latest release of the Prime ISOCEPT software solved some of the problems but there still remained the limited power of the 2250. Prime offered to lend a Prime 2655 for a year so that we could determine the size of machine needed to support the present service and its intended enhancements. This machine was installed just before Christmas at UMRCC and became operational early in January. UMRCC also took over the running of the service from the beginning of the year.
John Carey
This year's Networkshop is being held at the University of Reading from Tuesday 22nd to Thursday 24th March. By the time you receive this edition of Network News, the closing date for applications will be well passed, and, since numbers are limited, it is unlikely that you will be able to obtain a place at this late date if you have not already applied.
We keep a mailing list of potential attendees, so, if you did not receive an invitation this year, but would be interested in attending in future years, please let the JNT Secretary know and she will put you on the list.
Ian Smith
This tale is provided mainly for amusement but there are some serious points to note about the hacker problem. It is understood to be based on a real-life experience but the source is anonymous. The tale is written in the form of a conversation between two people, jo and ke. Read on........
jo: Hi. Its not often I see somebody smiling while they are reading a journal.
ke: Yeah but this one is different. ACM's Software Engineering Notes has some really zany stuff in it from time to time. I get it circulated to me now. When I used to read it in the Library I was in real danger of being zapped by Jacki ... she's really keen on that Silence Rule.
jo: Lets have a look. OK so its the October 86 issue. What's so funny? I bet it isn't the article on Software Methodology! Hang on there's an article on Hacking.
ke: Hole in one. Or may be two. Yes, that's it. The account about the Stanford break-ins is not only technically interesting but has some humorous social comment.
jo: Hmmm ... I heard you've been having a spot of trouble at your place, although why anybody in their right mind would want to bother I can't think.
ke: Yes, a while back we were logging about 50 to 60 break-in attempts a day and Kronchic, who's been lumbered as our security officer, was going a nice shade of pallid grey. In fact its rather amusing looking back on it all, since people reacted in all sorts of different ways.
jo: **** committees probably ... going on for hours and hours, kippering themselves in pipe smoke and ...
ke: Too true but actually some useful changes were made in reaction to the attacks. Due to an earlier scare we had reasonable security measures in place but like everywhere there are always loop holes.
jo: And the standard of hacking is going up too. If you're unlucky, there are some mighty evil ways that they can fix up your system for you. Anyway, amuse me by telling about the loop holes.
ke: Nothing special. There was a list of the initial passwords, amazingly all different, and we found several of them still valid. So it shows that research groups resist changing their password even if the system makes them alter it. And then, by asking around, we discovered that some of our folk had slightly stupid passwords that you might guess if you had worked in a similar environment.
jo> Did you tweak any of the system parameters?
ke: You bet we did ... in fact we changed the number of log on failures that have to occur in a certain time window before a user id is classified as an intruder and also the time for which that id is disabled. We disabled all service ids as well.
jo: Did that improve Kronchic's colour?
ke: A little but it was rather nerve racking. All we could do was study the breakin log and of course some statistics fanatic just has to do an analysis of it.
jo: Yeah ... being keen on statistics is a terrible disease. Luckily it doesn't appear to be catching. Couldn't you trace the network calls?
ke: Sure, but it wasn't much help. They were all coming from a PAD on a campus network the size of Yorkshire. The blokes there were very helpful but didn't have the tools to track the problem down. And anyway, all the network guys worked in a different building to this PAD and had to gallop over to use the console. We were actually talking to them on the phone when half a dozen hack attempts were made and there was nothing that could be done.
jo: Kronchic appears to be his normal florid colour again so what happened .... did one of the research groups catch the guy?
ke: The group leaders were very concerned and helpful too. One of them was particularly worried since he had just completed a course on networking to a class of undergraduates when it all started. But strangely enough, it was the statistics stuff which helped. We gradually built up a picture of the guy. He started up around 10am and gave up around 9pm and we identified about half a dozen times which he preferred. It was almost as if he was doing his own computing but when he took a coffee or meal break he would have a hack for a while.
jo: I see, assuming its a bloke are you? Typical MCP attitude.
ke: Oh shut up or I won't tell you what happened.
jo: OK clever clogs. So how did you you catch the person?
ke: In the end we got worried about the hacker because the attempts were so unskilful. We found certain id/password combinations occurred frequently which ain't smart at all. We were liaising with the folk at the other site of course and one day we happened to mention this and the guy said 'OK then, tell me one'. You know how it is when some comment goes home. It was one of their ids so he rapidly checked and found the combination was valid. I gave him three more and they were all correct combinations too. I could almost hear the penny dropping .... maybe their PAD was leaking.
jo: No!
ke: You see they try really hard to make things user friendly on that site. So to make a call you type P followed by a one-letter mnemonic.
jo: Like PG to call Glasgow I like it; I would rather type that than all this NRS rubbish. But why P?
ke: Why not? It's at the top right hand of the keyboard so it must be easiest to hit! Any way our machine was PP
jo: Ahh! So if you were heavy fingered the repeat mechanism on the terminal would give you more than one P and I suppose the PAD just took the first two characters.
ke: That's it. Of course you have to be sleepy not to notice that you've got the wrong banner. And to keep doing it several times in rapid succession, that really takes the biscuit! Anyway, its all fixed now...we are PZ. A case of the Hacker who never was.