[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: SUNY-Albany and AFIT
- Subject: Re: SUNY-Albany and AFIT
- Date: Tue, 5 Mar 2002 09:15:46 -0700 (MST)
Hi Dave and Jeff,
With the wind here today, I am the one with bad hair...
OK, so we have determined that fujita cannot be resolved via DNS, but can
be fed via IP. Dave indicates some hesitancy to feed an IP the NLDN data,
and I certainly appreciate his concerns. I offer two options that may help
everyone feel better...
1) Jeff, is there a reason we cannot run the LDM on blizzard?
By doing this we couild eliminate the DNS issue as well as the propriatary
concerns of the NLDN feed.
2) Or if space and other data transfer needs prefer the LDM on fujita, we
could run an LDM on blizzard just for the NLDN data, and have blizzard
feed fujita the NLDN feed (this may be stepping on the NLDN propriatary
demands, since it is not allowed to be propogated, but since this is the
same domain David may let this go...not my call.
Comments?
-Jeff
____________________________ _____________________
Jeff Weber address@hidden
Unidata Support PH:303-497-8676
NWS-COMET Case Study Library FX:303-497-8690
University Corp for Atmospheric Research 3300 Mitchell Ln
http://www.unidata.ucar.edu/staff/jweber Boulder,Co 80307-3000
________________________________________ ______________________
On Tue, 5 Mar 2002, David Knight wrote:
> Hi Anne,
>
> Jeff Sitler at afit tells me the machine is/will
> be known as fujita.afit.edu (not that it really matters
> since the name seems to be irelavant...).
> We have an allow for both the machine name and the IP
> number. It appears that when they they connect the request
> comes from the ip#
>
> Mar 04 19:30:34 redwood rpc.ldmd[6793]: gethostbyaddr: failed for
> 129.92.9.62
> Mar 04 19:30:34 redwood 129.92.9.62[6827]: Connection from 129.92.9.62
> Mar 04 19:30:34 redwood 129.92.9.62(feed)[6827]: Starting Up:
> 20020304190240.510
> TS_ENDT {{NNEXRAD|UNIDATA, ".*"}}
> Mar 04 19:30:34 redwood 129.92.9.62(feed)[6827]: topo: 129.92.9.62
> NNEXRAD|UNIDATA
>
> Even though the gethostbyaddr fails we apparently accept their
> connection (I'm not sure if this is because we have an explicit
> allow for the IP address, or if it is a change we made to our ldm
> configuration some time ago that I simply forget right now).
> There is no entry for fujita in /etc/hosts or our NIS+ tables.
> I really don't like feeding an IP number - it doesn't bother
> me with the NOAAPORT feed, but, given the restrictions we face
> with the NLDN feed I'd really much rather be able to document
> we are feeding an .edu site.
>
> Hope this helps...
> David
>
> p.s. I understand that afit has security concerns, but, they are
> not alone in this regard. In fact I am becoming less and less
> comfortable feeding an essentially anonymous host at what appears
> to be a military site. For example, what if despite our best
> efforts either redwood or striker get hacked, and the hacker
> uses these machines to send nasty stuff over the IDD to
> the afit site - should we even be taking that risk, or, be
> exposing ourselves to that responsibility? Also IP numbers
> can be easily spoofed, and a military machine might be a likely
> target for this. If I had any hair left I'd probably have to
> say I must be having a "bad hair day" ;-)
>
> > David Knight wrote:
> > >
> > > Jeff,
> > > I don't think that is the case. I can lookup other
> > > machines at your site. For example:
> > >
> > > nslookup blizzard.afit.edu
> > > Server: redwood.atmos.albany.edu
> > > Address: 169.226.43.37
> > >
> > > Name: blizzard.afit.edu
> > > Address: 129.92.9.47
> > >
> > > I also just noticed that Jeff Weber asked me to add an allow
> > > for fujita.afit.edu, but I have entries for
> > > What is the name of that machine!?!?!?
> > >
> > > David
> > >
> >
> > Hi David,
> >
> > Just to add my own $.02:
> >
> > In working with Jeff at AFIT my experience has been that blizzard is
> > exposed while fujita is not. I've never been able to ping fujita or
> > resolve its name externally, i.e., outside of their own network.
> >
> > Also, I too have been confused by the name issue: .mil vs. .edu. I've
> > been trying all afternoon to get on to the machine to confirm the name,
> > but for some reason I can't get in. We'll get back to you ASAP on this.
> >
> > But, I'm wondering how you are able to serve the UNIDATA feed to AFIT
> > given that the name can't be resolved. Have you added a line to your
> > /etc/hosts file?
> >
> > Anne
> > --
> > ***************************************************
> > Anne Wilson UCAR Unidata Program
> > address@hidden P.O. Box 3000
> > Boulder, CO 80307
> > ----------------------------------------------------
> > Unidata WWW server http://www.unidata.ucar.edu/
> > ****************************************************
>
>
