Re: Interesting Ethernet/UNIX 4.2 observation.


Barry Shein (bzs%bostonu.csnet@CSNET-RELAY.ARPA)
Mon, 24 Feb 86 12:06:37 EST


The fix to UNIX to stop broadcasting rwho information is trivial,
remove the lines that start it up from the /etc/rc (text) file.
On suns for example the system is delivered with the lines commented
out.

Another compromise might be to reduce the frequency with which
this info updated from one minute to, say, 5 or 10 minutes though
this might render it useless to some. Unfortunately that at best
just pushes the inevitable back further. Our users here seem to
like the 'ruptime' command so much that people have hacked in little
forwarders so it crosses from one local ethernet to another and all
machines can be seen. I am not saying this is right or wrong, just
that people do like the feature and frequent update is probably the
only way to acheive it, if I have to order it shut down I bet people
scream, but they always scream...

Obviously we are running into a problem that is not at all peculiar
to UNIX. Anyone could write a program that seems useful but generates
lots of traffic on a net. Even if broadcast addresses are priviliged
this could make things worse as the user circumvents this by looping
through a hosts.txt file on each machine sending, say, udp packets
to everyone.

On the other hand, the danger of resource hogging has always been
a problem, there is nothing new here EXCEPT that it used to be
limited to the machines the culprits had accounts on.

In other words, I suspect we are dealing with a purely administrative
problem here (which *might* have some technical solutions, as usual.)

        -Barry Shein, Boston University

P.S. Just a thought, perhaps the ultimate solution will be smart
interfaces that can be told a little about what packets the host
is interested in and drop all others, tho again ultimately the
problem will be the bandwidth of the cable. sigh.



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:36:04 GMT