From henk at ripe.net Tue Apr 3 16:49:37 2001 From: henk at ripe.net (Henk Uijterwaal (RIPE-NCC)) Date: Tue, 3 Apr 2001 16:49:37 +0200 (CEST) Subject: GPS antenna's and interfaces Message-ID: Dear test-box hosts, Several sites have asked if the GPS receivers and interfaces for our latest series of test-boxes could be bought seperately, either for other experiments or to upgrade an existing (Motorola) receiver with receiption problems. Unfortunately, the first Trimble antennas that we received from the manufacturer, occasionally locked-up. Trimble solved this problem for us by replacing them with a later version of the antenna. So, we are now confident that we can sell you a working product, so we've decided to make the antennas and interfaces available as well. There are 2 options: * Trimble Antenna, 6m cable and interface board will be Euro 1000. The cable can be extended to 300 m with regular CAT-5 cable. For details on the Trimble, see http://www.trimble.com/products/catalog/timing/acutime2000.htm * Interface board only Euro 200. These prices do not include shipping and taxes. They also apply to small series of antennas or interfaces only, as we do not want to become a Trimble distributor. For larger numbers of antennas, we can point you to a local Trimble distributor. If you have a _WORKING_ Motorola receiver for which you have no use after upgrading, you can return it to us and we'll give you a 200 Euro discount. Finally, do not consider upgrading just for the sake of upgrading. As far as the test-traffic measurements are concerned, both receivers can produce equally good result and there is no gain in upgrading a receiver that works fine. When in doubt, just ask us if this would make sense. To order, simply send an email to tt-ops at ripe.net with your contact details. Kind regards, Henk ------------------------------------------------------------------------------ Henk Uijterwaal Email: henk.uijterwaal at ripe.net RIPE Network Coordination Centre WWW: http://www.ripe.net/home/henk Singel 258 Phone: +31.20.5354414 1016 AB Amsterdam Fax: +31.20.5354445 The Netherlands Mobile: +31.6.55861746 ------------------------------------------------------------------------------ As long as you don't tell your friends how I played the hand, then I won't tell my friends how you defended it. (Anonymous) From netmgr at csc.fi Tue Apr 10 09:18:03 2001 From: netmgr at csc.fi (=?ISO-8859-1?Q?Pekka_Kyt=F6laakso?=) Date: Tue, 10 Apr 2001 10:18:03 +0300 (EEST) Subject: (x)ntp buffer overflow? In-Reply-To: Message-ID: Has the ntp buffer overflow been fixed in the ripetest boxes? See http://www.linuxsecurity.com/advisories/netbsd_advisory-1255.html fore more information. regards Pekka Kyt?laakso -- Pekka.Kytolaakso at funet.fi FUNET/CSC Finnish University and Research Network PL 405 FIN-02101 Espoo FINLAND Phone: +358 9 4572246 Telefax: + 358 9 4572302 FUNET noc: noc at funet.fi +358 9 4572704 From marks at ripe.net Tue Apr 10 09:38:34 2001 From: marks at ripe.net (Mark Santcroos) Date: Tue, 10 Apr 2001 09:38:34 +0200 Subject: (x)ntp buffer overflow? In-Reply-To: ; from netmgr@csc.fi on Tue, Apr 10, 2001 at 10:18:03AM +0300 References: Message-ID: <20010410093834.C32517@laptop.6bone.nl> On Tue, Apr 10, 2001 at 10:18:03AM +0300, Pekka Kyt?laakso wrote: > Has the ntp buffer overflow been fixed in the ripetest boxes? See > http://www.linuxsecurity.com/advisories/netbsd_advisory-1255.html > fore more information. Dear Pekka, Thank you for your warning. Although we could not find any exploitable security leaks in our version of the software we still decided to take the maximum security precautions. Therefor we applied the available patches on all testboxes. The patch also logs all attempted breakins. If any of such a breakin attempt will happen on your testbox we will inform you about that. With regards, Mark Santcroos -- Mark Santcroos RIPE Network Coordination Centre http://www.ripe.net/home/mark/ New Projects Group/TTM From ana at ripe.net Fri Apr 20 12:10:57 2001 From: ana at ripe.net (Ana Susanj) Date: Fri, 20 Apr 2001 12:10:57 +0200 Subject: new auth scheme for viewing TT data Message-ID: <20010420121057.B22043@ripe.net> Hi all, As you know, the data on the TTM website is protected by a username/password combination which is valid for all TTM customers. Several TTM customers have asked for a more flexible way of accessing the TTM data. This has now been implemented and is ready for beta-testing. Under the new scheme, each TB host can create accounts for customers or people other than the TB-contact in their organization, that will allow them to see data to/from some of the test-boxes. The old style website, together with the generic ttraffic account will stay up until approximately end of June. Here is what's new: - each TTM box owner starts with a general account with a ttxy username - ttxy username can only view data to and from that ttxy box - ttxy username can add more usernames with either view or admin rights for that box, or both. These usernames can be given to customers of the site hosting the test-box or to people other than the test-box contact in the organisation hosting the test-box. AUP and copyright notice will appear on the website once the beta test is over. - ttxy can give admin or view rights to existing usernames, in case you want other TT box owners to view data to/from your box. - in the admin section you can change users' groups or delete them - each user can change their own password. If you want someone else's password changed, you have to ask one of RIPE NCC TT staff to do it. Same goes for users' real names. This is something that can be changed, depending on your input. - at the moment anyone can delete anyone, but this will be changed very soon so that every admin of a ttxy box can only delete other users who are only in that admin's group. Don't go around deleting usernames :) Note: - there's a file that lists locations of all TT boxes. Again, depending on the input we get, this could be displayed on the front page. - we have mainly concentrated on the functionality so please comment on that first. Once everything works as people want it to, we can make it look a bit nicer. OK. This is all on: http://ttm-tests.ripe.net/ripencc/mem-services/ttm/Plots/ Username and passwd are the same as the name of your TT box, e.g. if your test-box is tt01 then: username: tt01 ; passwd: tt01 (Please change it when you log in.) There is still the general account which lets you view data to/from all other boxes: username: ttraffic ; passwd: delays Help page is on: http://ttm-tests.ripe.net/ripencc/mem-services/ttm/Plots/help-pub.html If you are interested in this feature, we would appreciate it if you could take some time to test it and provide feedback. We'd like to know whether this scheme gives you enough flexibility for assigning username/password combinations. Feedback and questions can be sent to . ana. -- ~ Ana Susanj, RIPE NCC ~ ~ Oh hello, Mr. Soul, I dropped by to pick up a reason; ~ NY From wilhelm at ripe.net Tue Apr 24 01:18:38 2001 From: wilhelm at ripe.net (Rene Wilhelm) Date: Tue, 24 Apr 2001 01:18:38 +0200 (CEST) Subject: New authentication scheme for viewing TT data In-Reply-To: <3F2D1A940FB8D1118A1F0060978361295EF5EE@ntserver.heanet.ie> Message-ID: Hello Mike, On Mon, 23 Apr 2001 mike.norris at heanet.ie wrote: > service. In particular, common access to each other's TT data is due > to go at the end of June, and this will mean that each of us can > look only at our own results. We will lose the ability to compare > our results more widely, which, however you look at it, is a significant > change in the value of the results. There is some confusion here, the general, shared, account giving access to all TTM plots is also available on the ttm-tests.ripe.net website; so when that server takes over from the current www.ripe.net machine, tt-hosts will, in principle, continue to have access to plots from all other sites. Only the look-and-feel of the main pages will have changed. The new authentication scheme was setup in repsonse to requests to provide access to the results obtained with a test-box to customers of the hostsing organisation. However, the implemented scheme is very flexible, should a site feel strongly about it, we can change the access priviliges such that their main .../ttm/Plots/ttXY page is not visible from the general username/passwd combination. These ideas have been presented before to both the mailing list and the tt-wg at the last RIPE meeting. You may wish to (re)read the thread "Access to RIPE-TT data from third parties (fwd)" in http://www.ripe.net/ripe/mail-archives/tt-wg/20001001-20010101/threads.html as well as Henk's follow up e-mail dd. 14 Feb 2001 : http://www.ripe.net/ripe/mail-archives/tt-wg/20010101-20010401/msg00006.html I hope this clarifies the matter. With best regards, -- Rene =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rene Wilhelm RIPE Network Coordination Centre Email: wilhelm at ripe.net Test Traffic Measurements Phone: +31 20 535 4417 Amsterdam, the Netherlands Fax: +31 20 535 4445 http://www.ripe.net/ripencc/mem-services/ttm/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From marks at ripe.net Tue Apr 24 09:28:36 2001 From: marks at ripe.net (Mark Santcroos) Date: Tue, 24 Apr 2001 09:28:36 +0200 Subject: New authentication scheme for viewing TT data (fwd) Message-ID: <20010424092835.L5083@laptop.6bone.nl> ----- Forwarded message from owner-tt-host at ripe.net ----- Sender: "Mike Norris" To: "'Rene Wilhelm'" Cc: , Subject: RE: New authentication scheme for viewing TT data Date: Tue, 24 Apr 2001 07:28:05 +0100 Message-ID: <3F2D1A940FB8D1118A1F0060978361296118AD at ntserver.heanet.ie> Rene sorry if I caused you confusion. In a mail to tt-hosts last Friday, Ana Susanj told us about the new authentication scheme, and said: "The old style website, together with the generic ttraffic account will stay up until approximately end of June." When we sought clarification, this is what Mark Santcroos wrote: "Not all testbox hosts want to expose the quality of their network to the public, therefor (by default) you will only be able to view the traffic that is related to your testbox. That means that the generic user/passwd combination to view all data will eventually disappear." As I say, I understand the need for the change, but wonder could its effects, particularly that of Mark's last sentence above, be mitigated. All the best. Mike > -----Original Message----- > From: Rene Wilhelm [mailto:wilhelm at ripe.net] > Sent: Tuesday, April 24, 2001 12:28 AM > To: mike.norris at heanet.ie > Cc: tt-host at ripe.net; tt-wg at ripe.net > Subject: Re: New authentication scheme for viewing TT data > > > Hello Mike, > > On Mon, 23 Apr 2001 mike.norris at heanet.ie wrote: > > > service. In particular, common access to each other's TT > data is due > > to go at the end of June, and this will mean that each of us can > > look only at our own results. We will lose the ability to compare > > our results more widely, which, however you look at it, is > a significant > > change in the value of the results. > > There is some confusion here, the general, shared, account > giving access > to all TTM plots is also available on the ttm-tests.ripe.net > website; so > when that server takes over from the current www.ripe.net machine, > tt-hosts will, in principle, continue to have access to plots from all > other sites. Only the look-and-feel of the main pages will > have changed. > > The new authentication scheme was setup in repsonse to > requests to provide > access to the results obtained with a test-box to customers of the > hostsing organisation. However, the implemented scheme is > very flexible, > should a site feel strongly about it, we can change the > access priviliges > such that their main .../ttm/Plots/ttXY page is not visible from the > general username/passwd combination. > > These ideas have been presented before to both the mailing list and > the tt-wg at the last RIPE meeting. You may wish to (re)read the > thread "Access to RIPE-TT data from third parties (fwd)" in > > > http://www.ripe.net/ripe/mail-archives/tt-wg/20001001-20010101 /threads.html as well as Henk's follow up e-mail dd. 14 Feb 2001 : http://www.ripe.net/ripe/mail-archives/tt-wg/20010101-20010401/msg00006.html I hope this clarifies the matter. With best regards, -- Rene =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = Rene Wilhelm RIPE Network Coordination Centre Email: wilhelm at ripe.net Test Traffic Measurements Phone: +31 20 535 4417 Amsterdam, the Netherlands Fax: +31 20 535 4445 http://www.ripe.net/ripencc/mem-services/ttm/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = ----- End forwarded message ----- -- Mark Santcroos RIPE Network Coordination Centre http://www.ripe.net/home/mark/ New Projects Group/TTM From wilhelm at ripe.net Tue Apr 24 13:16:44 2001 From: wilhelm at ripe.net (Rene Wilhelm) Date: Tue, 24 Apr 2001 13:16:44 +0200 Subject: New authentication scheme for viewing TT data In-Reply-To: Message from mike.norris@heanet.ie of "Tue, 24 Apr 2001 07:28:05 BST." <3F2D1A940FB8D1118A1F0060978361296118AD@ntserver.heanet.ie> Message-ID: <200104241116.NAA24818@kantoor.ripe.net> Mike, > When we sought clarification, this is what Mark Santcroos wrote: > >"Not all testbox hosts want to expose the quality of their network to the > public, therefor (by default) you will only be able to view the traffic > that is related to your testbox. > > That means that the generic user/passwd combination to view all data will > eventually disappear." > > As I say, I understand the need for the change, but wonder could its > effects, particularly that of Mark's last sentence above, be mitigated. I am sorry for the confusion created by our e-mails, but as both Henk and I are attending the PAM2001 conference, Mark answered to to provide you with a timely reply. (and I overlooked his message when processing my e-mail last night) Let me stress again that the guiding principles behind the new authentication scheme are still those outlined by Henk in his messages to tt-wg: On Wed, 15 Nov 2000, Henk Uijterwaal (RIPE-NCC) wrote: > > > I suggest to do 2 things. > > > > The plots section of the TTM pages will be split into 3 sub-sections: > > > > A) A general section, explaining what is show in the plots and other > > documentation, but no real data. This section will not be password > > protected. > > > > B) A test-box-host section, containing all data that is currently > > available. This section will be password protected with a password > > that is made available to the TB-hosts, but may not be passed on. > > > > C) N sections for the customers of a specific site, containing only > > plots from and to a certain test-box. This is a subset of (B). The > > TB-hosts can ask for a reasonable number of password/username > > combinations for their customers. > > > > Before a customer gets the password for (C), he will be asked to sign a > > data-disclosure agreement. > (D) In the meantime, another site asked for the opposite case: they > don't mind people seeing plots from their site to the rest of the > world, but also like to install a few test boxes to measure on their > own networks only and NOT publish those results. i.e. the generic account would continue to exist and provide access to all plots _except_ those which fall in case D mentioned above. For example if we were to deny the generic account access to tt01 and tt02 others would not be able to see the results for the NCC's internal measurement tt01 <-> tt02, but the measurements involving the other testboxes would be visible from the respective sender/receiver's area. However, as the new authentication mechanism is very flexible and more organisations have joined TTM, it's a good idea to revisit the issue on the tt-wg mailing list and also in the tt-wg session at next week's RIPE meeting. -- Rene =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rene Wilhelm RIPE Network Coordination Centre Email: wilhelm at ripe.net Test Traffic Measurements Phone: +31 20 535 4417 Amsterdam, the Netherlands Fax: +31 20 535 4445 http://www.ripe.net/ripencc/mem-services/ttm/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=