Item 120. Grex Board of Directors Informational Meeting Minutes - August 23, 1999 Jan Wolter (janc) Mon, Aug 23, 1999 (23:27). 154 lines, 15 responses. Cyberspace Communications August 1999 - Board of Director's Informational Meeting Minutes Presiding: John Remmers (remmers) Recording: Jan Wolter (janc) Other Board Member Present: Scott Helmke (scott) Members of the Public: Mary Remmers (mary) Andrew Lanagan (drew) Valerie Mates (valerie) Arlo Mates (arlo) Carson (carson) Board Members Absent: Mark Conger (aruba) Dan Gryniewicz (dang) Steve Andre (steve) Misti Tucker (mta) AGENDA ITEM 1: Gavel Banging - John Remmers began the meeting at 7:14pm. Since only three board members were present, we did not have a quorum, so only an "informational" meeting could be held. AGENDA ITEM 2: Chairman's Report - John Remmers had nothing to report. AGENDA ITEM 3: Treasurer's Report - Jan Wolter is filling in as treasurer while Mark Conger is on vacation. - Jan Wolter presented the treasurer's report for July. The full report is available on-line in coop item 117. * July was our eight consecutive month in the black (though this is still partly due to the phone tax refund). Total Income: $453.20 Total Expenses: $176.07 New Members: 2 * We ended the month with 92 members, 79 of which are fully paid up. The number seems to have been slowly declining for a while now. * Our bank balance is at $5,577.42, a record high in our history. - Jan Wolter presented a preliminary report for August. The phone tax rebate is history, and we are once again paying full phone bills. Income this month isn't too impressive so far: Income to Date: $208.00 Expenses: $471.17 - We are still in some doubt over how much electricity we are using. Scott has repeatedly measured the current being drawn at 5.6 amps, but this seems too much of a drop from our old usage of 7.5 amps. We have eliminated the box fan that was cooling the drives, and have replaced the old SCSI enclosures with ones with newer and better power supplies, but the power drop seems too great. We are wondering if the new power supplies are introducing a power factor effect that is distorting this reading. We have a new meter installed, but don't think it is correctly calibrated. We decided to use the value of 6.5 amps this month. That's possibly too high, but at least we're pretty sure it isn't too low. At 6.5 amps, we will be paying $54.33 per month for electricity. - There was some discussion over whether the treasurer should accept starter checks as ID for validating members for internet access. We felt that under the terms of the existing ID policy, a check need not have the customer's address pre-printed on it, but it does have to have the person's name pre-printed on it. Thus starter checks would not be acceptable as ID. AGENDA ITEM 4: Publicity Committee Report - Misti Tucker, the Publicity Czar, was not present. AGENDA ITEM 5: Technical Committee Report - Scott Helmke reported for the staff. - Marcus Watts has installed an new kernel that is more efficient at stopping fork bombs. Whenever a user tries to launch too many processes, it instantly kills all the user's processes. So far this seems to be working great. Stops fork bombs fast, and doesn't interfere with normal usage. - Scott Helmke and Steve Andre are likely to add another disk drive soon. - Staff breifly suspected that we might have had a root break-in because the permissions of one system file were reset oddly, but after investigation it was found that a misbehaving system program was responsible. That program has been fixed. - Charles Mitchell is working on installing a newer version of the operating system on the yet to be used mail machine. - Grex was the subject of a "smurf attack" which caused network connections to be slow and flakey for a while. Our internet service provider dealt with it. - Some of our dial-ins were failing to connect. Scott Helmke determined that the terminal server was misbehaving. He swapped in the spare and the problem went away. - The staff forgot to meet this month. AGENDA ITEM 6: ACLU Suit - Judge Tarnow granted us an injunction against the Internet Censorship Act (Michigan Public Act 33 of 1999). This means it will not go into effect unless the Attorney General's office can win an appeal. It is likely to be six to nine months before such an appeal is heard. - Some members objected to the temporary shut down policy passed by the Grex board in July, and a referendum was held to overthrow the policy. The final member vote was: 14 Yes 27 No So the policy remains in force. - We need on-line discussion on what we would actually do if some kind of law were passed that made it a problem to run an uncensored conferencing system with an open newuser. John Remmers said he would enter an item. AGENDA ITEM 7: Credit Card Info - Grex now has a credit card number, which we need to pay the web banking company various fees. - We are ready to send in the paper work, or will be as soon as Mark comes back and can prepare copies of the necessary attachments (our Articles of Incorporation and our "Grex" DBA). John Remmers currently has the forms. He will sign them after reviewing them. AGENDA ITEM 8: Future Planning Meeting. - Future planning meeting will be either Sunday, September 19 or Sunday, October 3. The 19th is Yom Kippur, but the holiday doesn't start until sunset, and we plan to hold the meeting early in the afternoon. AGENDA ITEM 9: New Business - No new business. AGENDA ITEM 10: Gavel Cessation - John Remmers ended the informational meeting at 8:12pm 15 responses total. ---------- (120) #1 Steve Gibbard (scg) Tue, Aug 24, 1999 (00:45). 3 lines. I was there too. I got there a bit late, though. (I wasn't listed under "members of the public) ---------- (120) #2 Jan Wolter (janc) Tue, Aug 24, 1999 (01:08). 57 lines. Sorry. With only 3 board members attending, this represents the worst board turn-out in recent history. Here's the recent history of board attendance, based on meeting minutes (which are not 100% reliable): aruba robh srw mta scg scott valerie Jan 1996 * * * * * * * 7/7 Feb 1996 * * * * * * - 6/7 Mar 1996 - - * * * * * 5/7 Apr 1996 * * * * * * * 7/7 May 1996 * * * * * * * 7/7 Jun 1996 * * * * * * - 6/7 Jul 1996 - * * * * * * 6/7 Aug 1996 * - * * * * * 6/7 Sep 1996 * - - - * * * 4/7 (special) Sep 1996 * * * - * * * 7/7 Oct 1996 * * * * * * * 7/7 Nov 1996 * * * * * * * 7/7 Dec 1996 * * * * * * * 7/7 janc Jan 1997 * * * - * - * 6/7 (special) Jan 1997 * * * * * * * 6/7 Feb 1997 * * * * * - * 6/7 Mar 1997 * * * * * * 6/6 dang Apr 1997 * * * * * * * 7/7 May 1997 * * * * * - * 6/7 Jun 1997 * * * - * * * 6/7 Jul 1997 * * * * * - * 6/7 Aug 1997 - * * * * * * 6/7 Sep 1997 * * * - * * * 6/7 Oct 1997 * * * * * * * 7/7 Nov 1997 * - * * * - * 5/7 Dec 1997 * * * - - * * 5/7 Jan 1998 * * * * * * * 7/7 Feb 1998 - - * - * * * 4/7 Mar 1998 * * * * * - * 6/7 Apr 1998 * * * * * * * 7/7 May 1998 - * * - * * * 5/7 Jun 1998 * - * * - * * 5/7 Jul 1998 * * * * * * * 7/7 Aug 1998 - * * * * * * 6/7 Sep 1998 * * * * * * * 7/7 Oct 1998 * * * * * * * 7/7 Nov 1998 * - * * * * * 6/7 Dec 1998 * * * * * * * 7/7 steve remmers Jan 1999 * - * * * * * 6/7 Feb 1999 * * - * * * * 6/7 Mar 1999 * - * - * * * 5/7 Apr 1999 * * * - - * * 5/7 May 1999 * * * * * * * 7/7 Jun 1999 * * * * * * * 7/7 (special) Jun 1999 * - * * * * * 6/7 Jul 1999 * * * * * * * 7/7 Aug 1999 - - * - - * * 3/7 ---------- (120) #3 Marcus Watts (mdw) Tue, Aug 24, 1999 (09:37). 1 line. Evidently, a majority of the board feels a need to take a summer recess. ---------- (120) #4 STeve Andre' (steve) Tue, Aug 24, 1999 (14:08). 1 line. Had I not been feeling sick I would have been there. I'm sorry. ---------- (120) #5 Don Joffe (don) Tue, Aug 24, 1999 (19:40). 2 lines. Would I be correct in assuming that new names in a column means that someone's term ended with the next guy/gal the successor? ---------- (120) #6 Tim P. Ryan (tpryan) Tue, Aug 24, 1999 (20:11). 1 line. Seems to be a rash of no quorum making going around town. ---------- (120) #7 Steve Gibbard (scg) Tue, Aug 24, 1999 (23:26). 2 lines. re 5: yup. ---------- (120) #8 Richard J. Wallner (richard) Wed, Aug 25, 1999 (17:15). 4 lines. hey, grex's board members do better than mnet-- apparently mnet was down to $65 in the bank at the first of the month, and the August board meeting didnt take place-- board didnt make quorum (I guess as long as mnet hs at least $20 in the bank a board meeting isnt considered that critical) ---------- (120) #9 Kevin Albaugh (albaugh) Thu, Aug 26, 1999 (20:32). 2 lines. a) What is deemed to be "too many processes" for a user to have? b) What is a "smurf attach"? ---------- (120) #10 Marcus Watts (mdw) Thu, Aug 26, 1999 (22:17). 2 lines. (a) 32. (b) the possible consequence of running /a/s/f/sflux/smurf2.c ---------- (120) #11 Kevin Albaugh (albaugh) Fri, Aug 27, 1999 (00:56). 2 lines. (sorry, smurf *attack*) OK, I'll try to check out that file the next time I telnet... ---------- (120) #12 Steve Gibbard (scg) Fri, Aug 27, 1999 (01:22). 66 lines. A smurf attack works as follows: IP subnets, in addition to containing a host IP address for every computer on the network, also contain two special IP addresses, the network address and the broadcast address. The network address is the lowest address in the subnet, and the broadcast is typically the highest address. Generally, data sent to either the network or broadcast address gets sent to every computer on the network. There are several Internet protocols that can send what are known as echo requests, which means that computers receiving those packets will generally copy the data in the packet and send it back to the computer that sent the packet (or at least the computer that the packet claims to have been sent by, but we'll get to that in a minute). This is intended for testing purposes (and is, in fact, a very useful diagnostic tool). The most common protocol used for that is Internet Control Message Protocol, or ICMP. For those of you familiar with the ping command, ping sends an ICMP echo packet to a remote computer and then times the response. At some point, computer vandals noticed that they could slow down other computers' network connections by doing "ping floods." A ping flood involves sending very large ICMP echo packets, often in very quick succession, to the other computer. That is, however of very limited destructiveness unless you have a fairly fast Internet connection, as a user on a 28.8 modem can't suck up more than 28.8kbps of bandwidth on the remote link using that method. Instead, the vandals realized, they could ping the network or broadcast addresses of remote networks, and cause every computer on the remote network to generate an echo response for each incoming packet. If a remote network has a hundred computers on it, it would send out 100 times the amount of data the vandal was sending into the network, thus being able to cause some serious problems. There is also the issue of the remote computers deciding where to send the echo responses back to. Each IP packet contains a source address and a destination address, saying where the packet came from and is going to. A computer responding to data that gets sent back to it will send data to the IP address that it sees as the source address on the incoming packets. However, assuming you don't care if you can actually communicate on the Internet, the source address on the packets doesn't have to be the real IP address of the computer that's sending the packets. Therefore, when sending out these echo request packets that would hit a network or broadcast address and send back far more data than was being sent out, the vandals would send out their packets with a "spoofed" source address, thus redirecting the replies towards a third computer or network (generally the intended victim), and subjecting that network to the full force of the flood of data. Sometimes such things were a huge pain only for the person on the receiving end of the attack (who may well have done something to provoke it). More often it would saturate some network connection between the amplifier network and the victim, and cause huge problems for the networks the data was passing through. That is what smurf does. So what's being done about this? A couple of things. Network operators are now being strongly encouraged to make computers on their network not respond to broadcast packets coming from outside their network. Many modern Internet routers have easy to enable features that block such broadcast packets from entering their networks. It is also possible to put filters in routers, such that it will only let through data with certain specified source addresses. Causing replies to echo packets, and various other evil things that can be done through source address spoofing, can be largely prevented by network operators doing that on their routers. On Grex we are doing both of those. Our router has a filter in it such that data can't leave our network unless it has a source address on it that's within Grex's IP address range. Grex's router is also configured such that packets coming into Grex's network bound for either the network or broadcast address will get filtered out and will never make it to Grex's ethernet. As such, smurf is absolutely useless on Grex, or used with Grex as the amplifier network. ---------- (120) #13 Kevin Albaugh (albaugh) Fri, Aug 27, 1999 (14:43). 1 line. Thank you very much! :-) ---------- (120) #14 Spook (spooked) Fri, Aug 27, 1999 (19:08). 2 lines. Yep, well explained Steve. One must note that the broadcast message will only work on a broadcast topology, of which an Ethernet by standard is. ---------- (120) #15 Steve Gibbard (scg) Fri, Aug 27, 1999 (20:33). 6 lines. Yes and no. Point to point links often have their own IP subnet, with an IP address for each end, and a network and broadcast for the subnet. As such, if "no ip directed-broadcast" or its equivalent hasn't been set on those interfaces you can generally get two responses to your one echo packet out of it. Of course, that's pretty ineffective compared to other smurf amplifier networks, but I've heard of that sort of thing getting used.