Capital Area Central Texas UNIX Society
CACTUS Newsletter

Volume 14, Number 5 - May 1998


Contents:


May 21st CACTUS Meeting


About May's Presentation

The popularity of the Internet has put an increasing demand on IT professionals to come up with remote access solutions. People have come to expect information to be accessible independent of their location. Traditional remote access methods present problems such as proprietary hardware, data transport costs, and keeping up with new technology. Virtual Private Networking (VPN) is an alternative that addresses the concerns of location-independent remote access.

This presentation will cover a description of VPN technology, methods of implementation, and business and technical considerations. Audience participation will be encouraged, and the goal is to provide all participants with ideas on how to better address remote access issues.

Anil Desai is a MCSE and an Oracle DBA. He is employed as a consultant for Sprint Paranet, Inc., a vendor-independent integrator of hardware, software, and networks.


From The Editor

by Gil Kloepfer

Last month we encountered some problems with the newsletter. The March issue was accidentally distributed by the printer instead of the April issue. I am taking steps to help prevent this from happening again. I offer my apologies to those who failthfully read our newsletter every month. In this issue, we have included much of the non-time-sensitive content from the April newsletter.

There have been some subtle changes in the format of the newsletter over the past couple of months based on feedback from the membership. Hopefully these changes have helped to make the newsletter more readable and useful. As always, my thanks to those who have contributed articles, as the newsletter would not be what it is without articles. People certainly don't read it for the pictures!!

My ultimate goal is to encourage electronic distribution of the newsletter rather than the many paper copies that we currently distribute. Currently a separate newsletter is generated for text/USENET mailings, HTML (on the web site), and printed version. Over the next several months, I am hoping to convert this to HTML, and generate a paper and text version directly from HTML.

Please be aware that you can get the newsletter by viewing it on our web site (http://www.cactus.org/) or receiving it through electronic mail by contacting newsletter [at] cactus <dot> org. We also post the newsletter to several USENET news groups that deal with the issues we frequently discuss at our meetings.


April Meeting Report

by Ron Roberts

Over thirty people flocked to hear Steve Gibson from the Austin Police Department (APD) High-Tech crimes division. Tom Painter ordered plenty of pizza, Lenny brought soda and ice, CTG brought cookies, Lindsay brought doughnuts, and (breaking a CACTUS tradition) we even had paper plates! Some faithful old timers insisted on using ripped-up pieces of pizza boxes for tradition's sake.

After introducing the officers, Jack McKinney then solicited announcements. Kristi Brannon, program chair, was absent, preparing to become Kristi Lee. CACTUS wishes her well and thanks her for the cookies. Paulina was pinch-hitting for her: she brought the list of job positions CTG is seeking to fill for IBM. Tom Painter announced openings for Solaris administrators at Dell. Ron Roberts reported that ErgoSoft labs is looking for system administrators who have experience with TME to do part-time human factors research.

Jack McKinney, sporting a hand cuff earring for the occasion, presented a tutorial about SSH, a drop-in replacement for rsh. It's a secure remote shell that always asks for a password and uses cookies with public keys that change every hour for authentication. The public key encryption mechanism is RSA. SSH also supports port forwarding, making it especially well-suited for safely using X11 through a firewall. Version 1.2.22 is the latest available version and is free, except for the versions that run on Microsoft Windows/NT, of course. The USENET news discussion group for SSH is comp.sys.security.ssh.

Jack then introduced the featured speaker: Steve Gibson of the APD high tech crimes division. He briefly explained his background. He sold computers for a while after graduating from South West Texas State. He got his first MacIntosh in 1984. Tonight he was using a Windows laptop with a PowerPoint presentation, and has a Linux system at home. He joined APD in 1993 and spent three years on patrol in east Austin with the usual suspects. APD formed the high tech crimes division in 1995 because they were frustrated having to train detectives for each such crime. Some of the larger high tech companies got together and donated equipment to support the division's objectives (for example, Steve's presentation was on a laptop donated by Dell). There are currently five officers assigned to the unit: one sergeant, three detectives, and one senior police officer. The phone number for the group is 458-0401, but because they share a secretary, they will answer as "narcotics".

Within the unit, they have one officer who specializes in cell phone fraud, one who primarily examines confiscated equipment for use as evidence (computer forensics), and Steve is unofficially the Unix and Internet guy. Steve explained that he was a bit over-dressed (in old jeans and a T-shirt). When working sting operations, he wears jeans that are full of holes and Linux T-shirts. Gray Abbott joked that he looked more like an NT guy with his hair cut.

The presentation was longer than the time allotted -- primarily because of all the questions from the audience. Steve did get through the mission statement. They have procedures for tracking down hackers and preventing destruction of data and continued access. Interestingly, US Customs does all of the child pornography cases because most of it is imported from Europe. They regularly train officers and help-out smaller police departments like Round Rock (who don't currently have their own special unit). Steve read us the usual statistics about high tech crimes: ten billion dollars lost last year, software piracy up by 91%, etc. He went over the various types of computer crime from hacking to theft of components. No one was surprised to learn that hacking increases in the summer when school is out. Ninety percent of ISP complaints are traced to the children who's parents are customers. When Steve began talking about crackers, several members gave accounts of their travails in trying to get law enforcement help. The attack on Lindsay Haisley's system was from out-of-state. Because he could not prove any monetary loss, the white collar crime unit in Houston and the FBI wouldn't seriously pursue the issue. Someone commented that there may be some information in phone records. Steve commented that the phone companies don't track local calls, so it is difficult to track local crackers unless caller-ID information is available and logged. Steve, however, pointed out that he could get a subpoena for anybody in Texas. He also mentioned that the FBI asserts that over 120 countries have espionage operatives trying to glean data from US computers, and that most of them target technological data, not military secrets.

Because of some computer troubles and the time limitations, Steve was barely able to get through a summary of the relevant Texas Statues updated in 1997. Steve thinks the legislature has now given law enforcement the right tools for the job. Time ran out; Jack thanked Steve and closed the presentation. Steve was immediately surrounded by members who had recently been hacked. Lenny Tropiano assisted the security department at ARL:UT by making a video recording of the presentation.

Many thanks to the Austin Police Department and Steve Gibson for the stimulating and helpful presentation.


CACTUS.ORG System News

by Lindsay Haisley

In spite of a minor disk crash and temporary loss of DNS service in March, cactus.org continues to forge ahead. At the last CACTUS officers' meeting we discussed ways of passing on to the membership at large the numerous job offerings that get sent to officers [at] cactus <dot> org. We decided that the best way to go about this would be to distribute them via a majordomo mailing list to which CACTUS members may subscribe.

Jack McKinney and I put our heads together and Jack suggested that we kill two birds with one stone, upgrade our mail server from sendmail to Qmail, and instead of majordomo, use the ezmlm mailing list manager which is written to integrate with Qmail. The conversion to qmail will involve a good deal of work, not the least part of which will be bringing everyone who uses cactus.org for mail up to speed on what the change means at a user configuration level.

In case you're not familiar with it, Qmail is a modern replacement for sendmail - faster, more secure and in many ways a good deal more configurable. It prevents relaying by default and can be easily patched to reference Paul Vixie's RBL anti-spam database. Members with .forward files may want to get the jump on the change by copying ~.forward to ~.qmail. More information about qmail can be found at http://www.qmail.org/.

Work is proceeding on our mail system in May with high priority. Our present version of sendmail does not properly document SMTP requests in headers and still allows relaying, making it a target for spammers.

If you use cactus.org, please pay close attention to the message of the day when you log on. Although we're working to make the changeover as smooth as possible, you should keep an eye on our progress and make sure that any special setup you may have for your cactus.org email is preserved. Questions or comments can be addressed to mckinney [at] cactus <dot> org or fmouse [at] cactus <dot> org.


Networld+Interop'98 Trip Report

by Lenny Tropiano

Networld+Interop'98 was held in Las Vegas (as it is done every year) the week of May 4th. Me and about 50,000 other attendees were doing the same thing. N+I has become a mini- Comdex of sorts. The Las Vegas Convention Center (LVCC) is well-prepared to handle the groups (ok, hordes) of people that come for the week-long event every year. This is my fourth N+I event, second one for VTEL. Each year it gets bigger, more complex, and harder to imagine how the entire InteropNet (network they use to connect everything together, vendors,Internet, etc..) works. The InteropNet is composed of high-end, bleeding-edge gigabit switches/routers and ATM LANE clouds. The warm fuzzies came over me seeing it all work. I took a tour of the NOC (network operations center - see more on that later) -- to believe it was seeing it!

After getting my badge, I proceeded to the north convention hall. I walked up and down all the twisty little passages (that seem alike) from 9am till 6pm (with a 1.5 hour break for lunch and feet rest). This show is the industry premier show for Networking. As networking has a broad breath of coverage, there was everything you could imagine. The hot items this year, without a doubt are ... Gigabit Ethernet (and routers/switches that's can handle this), xDSL technology, ATM backbones, VPNs (virtual private networks), Traffic Control/QoS (quality of service), SNMPv3, IP telephony, and Layer-3 switches.

Many companies were there -- the list is much too large to even try to do it justice. As expected, the large vendors like, Cisco, Bay Networks, Novell, Intel, Compaq, Tivoli, Cabletron, Microsoft, Nortel, GTE, Sun Microsystems, 3Com, HP, Madge, etc... were all there showing off their latest and greatest. As with other shows of this caliber (namely Comdex), what I call "trash and trinkets" were the hot item to get you into the booth, listen to a 5-15 minute marketing presentation, and then get your goodies, literature, and be on your way. Many vendors (the ones with the big bucks) had "flashy" gimmicks, like drawings for a new 1999 Volkswagen Beetle or Harley Davidson, or a wall for rock climbing indoors (that you could sign a waiver and do yourself, after you watched the athletic women and men do this in front of your eyes with loud rock music blaring). Vendors had food (always a good thing to get computer folk into a booth), toys (waterguns, Frisbees, bubbles for blowing, stuffed animals), and other whiz-bang things that will most likely make it to my 2 year old son and that's it.

Gigabit networking was the number one thing this year. Everyone was showing their wares. Amazing enough, it's out of the R&D world, and into the real IT world now. You can do 1000Mbps (1Gbps) over standard CAT5 (not even Belden DT350 needed) with the same limitations of 100m as with 100Mbps ethernet. The copper physical spec for gigabit ethernet hasn't been ratified (as I was told several times today). The InteropNet itself was mostly fiber runs. They had one gigabit run though a 100km fiber spool using specialized equipment, and were able to sustain 800kbps without collisions. Cisco, as usual, has the all- encompassing solution. Everything from ISDN work-at-home (SOHO) routers, to gigabit switching and routing. They had several large booths with Lightstream 1010 ATM switches, their new Catalyst 8500 series switches, and their high-end 75xx routers. They now even have xDSL switching modules, so you can use this technology in their current switches. InteropNet was using the standard "telephone" wiring in the LVCC and the Hilton Hotel, to provide the Tutorial rooms networking connectivity using SDSL links at 2Mbps (receive and transmit). One NOC team member said it was amazing that it worked over that wiring, which has been there since the dawn of time, and doesn't even certify as CAT5 and had some lengths of over 17kft.

At the end of the day, after two trips back to the car to drop off the ton of literature I had collected, I took the InteropNet NOC tour. The NOC team spent about 30 minutes explaining their methodologies for deploying such a heterogeneous network. They're using strictly OSPF routing protocols and, as mentioned before, in some cases unreleased versions of code/hardware from vendors that donated it to the InteropNet team. Layer 2 and 3 switching, MPOA (multiprotocol over ATM), and LANE (LAN emulation) was widely used through the network. Two DS3 (45Mbps) links were brought in from the outside Internet for connectivity. Novell and Compaq provided connectivity for each registered member to read/send e-mail, web browse, and telnet access.

H.323 and VoIP (voice over IP) were hot topics for many of the companies. I was able to make several "long distance calls" free at the various booths testing their product showing off VoIP and Voice over Frame-Relay. Yes, I could hear the pin drop. Interesting aside, the cellular networks were jammed out there.

All in all it was an interesting conference. Hopefully I'll be able to make the trip next year to see what this year's hot items have developed into.


Membership Report

by Lindsay Haisley

Many thanks to renewing CACTUS members David Wieboldt, David Friedman and Eric Jones who renewed their memberships in March and to Dawn Smith and Lindsay Haisley who renewed their memberships in April.

Our membership counter needs review with regard to Y2K issues. Look for updated membership stats in future newsletters.


Membership

To renew your membership, please send check or money order payable to CACTUS ($25/yr for regular membership and $96/yr for corporate sponsorship):

CACTUS
PO BOX 9786
AUSTIN, TX 78766-9786

You can also pay in person at the general meetings. The date on the upper right hand of the newsletter mailing label indicates when your membership expires. Please direct any inquiries or address changes to membership [at] cactus <dot> org.


CACTUS Officers


Contact Information


CACTUS Sponsors


CACTUS Meeting Location: Applied Research Labs

CACTUS meets on the third Thursday of each month at the UT Applied Research Labs (ARL) in the JJ (Jake) Pickle Research Campus (JJ PRC). We'll meet in the main auditorium located directly behind the guard's desk and main lobby.

Please do not show up earlier than 6:20 pm on the specified day. Enter through the main entrance at 10000 Burnet Road for ARL:UT. Tell the guard that you are here for the CACTUS meeting. You will be required to sign a log book, but not required to wear a badge. The guards will direct you to the auditorium entrance. Limited parking in the front of the building is available, but more extensive parking is available in the large parking lot just north of the ARL building. After 6:30 pm, all entrances to JJ PRC, except for the Burnet Road entrance, are closed and locked. You can still enter the parking lot in front of the ARL building. No parking tags are necessary after 6:00 pm. See maps for further details.

Online maps are available at:

As always, please leave the facility as you saw it when you arrived. So let's clean up all pizza and soda items before we leave. Thanks and hope to see all of you there.


Map to the Monthly CACTUS Meeting

                                            | |     ^
  <---- to MOPAC                            | |     |
                                            | |     | North
                                            | | B   | to Braker Lane
                             ---------------+ | U
                             -+ /-----------+ | R
                              | |           | | N
                              | +--------+  | | E
                              |  Parking |  | | T
                              |    Lot   |  | |
                              +----------+  | | R
                                            | | D
                     +------------+         | |
                     |            | +-------+ |
                     |            | |   +---+ |
                     |            | |   |   | | Rutland
                     |    ARL     | |   |   | +---------
                     |            | |   |   | +---------
                     |            | |   +---+ |
                     |            | +---+---+ |
                     +------------+         | |  |
                                            | |  | South
                                            | |  | to US 183
                                            | |  v