Copy Link
Add to Bookmark
Report

Computer Undergroud Digest Vol. 08 Issue 88

  


Computer underground Digest Sun Dec 15, 1996 Volume 8 : Issue 88
ISSN 1004-042X

Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #8.88 (Sun, Dec 15, 1996)

File 1--SPA settles so-caled "anti-piracy" lawsuit with Tripod
File 2--(Fwd) New SPA imperatives
File 3-- An Open Letter to the SPA
File 4--Hackers access Singapore Govt. WWW site (fwd)
File 5--Re: Hackers access Singapore Govt. WWW site
File 6--Jenott: Prosecutor attempts suicide, more secrecy
File 7--BoS: Serious BIND resolver problem (fwd)
File 8--Modems, PPP, who is doing what? (fwd)
File 9--Cu Digest Header Info (unchanged since 13 Dec, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Sat, 16 Nov 1996 07:48:28 -0800 (PST)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: File 1--SPA settles so-caled "anti-piracy" lawsuit with Tripod


---------- Forwarded message ----------

For Immediate Release
Contact: David Phelps, (202) 452-1600, ext. 320, or dphelps@spa.org
Kara Berklich, (413) 458-2265, or kara@tripod.com

SPA Announces Settlement With Tripod, Inc.
On Internet Anti-Piracy Lawsuit

(Washington, D.C. -- Nov. 15, 1996) -- The Software Publishers
Association (SPA) and Tripod, Inc. of Williamstown, Massachusetts
have reached a satisfactory settlement of the lawsuit filed against
Tripod for software copyright infringement. The lawsuit was filed on
behalf of three of SPA's member companies: Adobe, Inc., Claris
Software and Traveling Software, Inc.

SPA initiated legal action against Tripod, an Internet Service
Provider (ISP), in early October after receiving information that a
number of the more than 50,000 individuals using Tripod's Homepage
Builder -- part of the larger Tripod Web site -- were allegedly
making available infringing material. After the lawsuit was filed,
Tripod worked cooperatively with SPA to remove the infringing
material and to create an addendum to its Membership Terms of Service
outlining actions Tripod may take to protect itself against copyright
infringement.

"Though we regret that legal action was taken in this matter, given
our past cooperation with SPA, we are glad to see this action
satisfactorily resolved. The addendum to our Terms of Service really
just formalizes Tripod's existing operations. Our Terms of Service
now explicitly state that we do not tolerate on our members' home
pages the presence of illegal software, serial numbers, and tools
that have no other purpose than to crack software. If we become
aware of the presence of such materials on our members' home pages,
we will alert those members and ask them to remove that data,"
said
Bo Peabody, Tripod's president.


SPA and Tripod Reach Agreement 2-2-2

"SPA hasn't asked Tripod to do anything more than any ISP does -- or
should be doing -- as part of its regular operating procedures.
Tripod sets an excellent example for ISPs. They should advise their
subscribers that infringing material will not be tolerated on their
servers and will take action if it is found,"
said Sandra Sellers,
SPA's vice president of intellectual property education and
enforcement.

"SPA urges all ISPs to adopt these measures as part of their normal
operating procedures and to turn to SPA's educational materials on
our Web site at www.spa.org,"
Sellers added.

Tripod, Inc. provides the 116,000+ members of the Tripod Web site,
recently ranked the 27th highest trafficked Web site in the world by
PC-Meter, with an array of services including the free Homepage
Builder. Both the Web site and Tripod's one million circulation
print magazine Tools for Life provide young adults with the resources
they need to make key life decisions in the areas of career, personal
finance and lifestyle. The Tripod Web site can be found at
http://www.tripod.com.

SPA is the principal software industry trade association,
representing the leading publishers as well as many start-up firms in
the business, home office, consumer, education, Internet and
entertainment markets. Its 1,200 member companies account for 85
percent of the U.S. packaged software industry. Information on SPA
and its Internet use materials can be found on SPA's Web site at
http://www.spa.org.

------------------------------

Date: Mon, 18 Nov 1996 23:42:00 +0000
From: David Smith <bladex@bga.com>
Subject: File 2--(Fwd) New SPA imperatives

Attached are the updated codes of conduct in the SPA Internet
anti-piracy campaign.

------- Forwarded Message Follows -------

ISP Guidelines for Copyright Protection

The below signed ISP voluntarily agrees to:

1.Commit to a policy making only legally authorized software
available to subscribers, members and users.

2.Implement its policy by naming a compliance officer and using its
best efforts to ensure -

that the unauthorized reproduction and/or distribution of
copyrighted computer programs does not occur on or through its
servers,

that information that appears to have been posted to be
used to circumvent manufacturer-installed copy-protect devices in
computer programs, including, but not limited to, serial numbers and
cracker utilities (hereinafter "cracker material") will not be
posted on its server(s),

and that the linking of one or more sites
on its server(s) to one or more other sites that contain pirated
computer programs and/or cracker material does not take place unless
such linking clearly appears to be intended for lawful purposes.

3.Remove pirated computer software and cracker materials or otherwise
block access to it as soon as practicable after it is discovered.

4.Educate subscribers, members and other users of their legal obligation
to respect copyright through, among other things, public service messages,
warnings and hypertext
links to appropriate educational web pages.

5.Terminate subscribers or members who, without reasonable justification,
fail or refuse to abide by the policy of making only legally authorized software
available on its
server(s).

6.Not knowingly sponsor, endorse, or advertise access to infringing software.

------------------------------

Date: Sun, 24 Nov 1996 20:18:18 -0500 (EST)
From: jw@bway.net
Subject: File 3-- An Open Letter to the SPA

An Open Letter to the SPA


(To Ken Wasch, Software Publishers Association founder and president)

Dear Ken:

You probably don't remember me, but we spoke circa 1985 or '86.
I was practicing law then, specializing in computer law, and
I was representing a software publisher whose software
was being ripped off on bulletin boards across America.
I may have been the first attorney in the United States to
sue a bulletin board sysop for software piracy, and I called
to bring you up to speed on the case. You sent some money towards
my legal fees. Later on, you jumped into the business of
suing software pirates yourself in a major way.

I sued four or five bulletin boards before I got out
of it, and won consent injunctions and financial settlements
in every case. The difference between what I was doing back
then, and what you are doing now, is patently obvious. I was
suing BBS's with names like "The Pirate's Lair", where the
top screen bore messages like "Upload something juicy for
admission to the inner sanctum."
My client would gain admission
and would ascertain that illegal copies of his programs were being
stored on the board, with the sysop's knowledge.

You are suing Internet service providers, and you are complaining
that pages stored on their servers provide links to
other Web pages which support piracy or discuss copying
techniques. Its right there on your
Web pages. In your "ISP Code of Conduct", you require
that an ISP refrain from:

"the linking of one or more sites on its server(s)
to one or more other
sites that contain pirated computer programs and/or cracker
material.... unless such linking clearly
appears to be intended for lawful purposes. "


And, in another document called, "Why the Risk Exists--Theories
of Copyright Infringement,"
you claim that "contributory
infringment"
under copyright law includes
"linking to FTP sites where software may be unlawfully obtained;
informing others of FTP sites where software may be unlawfully obtained."



You've gone way overboard. You yourself are an attorney and
you have been in the copyright enforcement business long enough to
know that the speech you are describing cannot possibly be
contributory infringement.

A link is the online equivalent of a footnote. If I published
a book tomorrow on software piracy and cited in a footnote
a book on how to pirate software, would you sue me?
If I published a manual on how to commit software piracy, in fact
you could not sue me; the First Amendment protects not only
the speech we approve of, but even some quite despicable
speech; otherwise it wouldn't count for anything.

Add to this the fact that the ISP itself is at one remove from the
Web page containing a link. It is simply providing storage space
for a page maintained by someone else, and it doesn't have the
bandwidth to review all the Web pages contained on its equipment.
It is no more appropriate for ISP's to screen all user
pages than it would be for a bookstore to perform a legal
review of the contents of all books which
it carries or for the phone company to screen its customer's
phone calls.


By suing ISP's for contributory infringment, you are effectively
exploiting the average federal judge's continuing ignorance
about the Internet. If the judges before whom you filed
these actions clearly recognized that there is no difference, for these
purposes, between a Web page and a book or magazine, they would
dismiss your complaint, and might very well
entertain a request for Rule 11 sanctions for your unsupported
interpretations of the contributory infringment laws.

ISP's today are the weak link in the system of
online freedom of expression. Strong freedom of speech
protection for the Internet, harbingered by the decision in
ACLU v. Reno, has little practical value if any private party
opposed to the expression of an idea can effectively use the
threat of litigation to bully an ISP into pulling the plug on
a Web page.

Most ISP's, especially small ones, simply do not have the financial
resources or legal representation to defend a lawsuit, even a groundless
one, and will therefore always err on the side of unplugging a
user's web pages. The vulnerability of ISP's to tactics like yours
leaves individual users, making noncommercial uses of the Web,
extremely vulnerable.

I understand that your motivation is to be assertive in defense
of your members' interests. However, you also have a responsibility
to respect the community of which you form a part. I find your
aggressive pursuit of ISP's to be disrespectful of two
overlapping communities: software users, many of whom
maintain Web pages or at least use the Web, and the online community,
of which you form a part by maintaining Web pages of your own.

I am on the board of directors of two software companies, and would
never consider having either of them join your organization
for as long as you pursue your policy against ISP's. In addition,
I will not purchase the software of any members of your organizations
who lend their names to lawsuits which you bring against ISP's,
and I would hope that others who read this letter--which
I am posting on the Internet--will consider doing the same.

Sincerely yours,
Jonathan Wallace
jw@bway.net
http://www.spectacle.org

-----------------------------------------------
Jonathan Wallace
The Ethical Spectacle http://www.spectacle.org
Co-author, Sex, Laws and Cyberspace http://www.spectacle.org/freespch/

"We must be the change we wish to see in the world."--Gandhi

------------------------------

Date: Mon, 9 Dec 1996 16:46:44 -0800 (PST)
From: "Z.B." <zachb@netcom.com>
Subject: File 4--Hackers access Singapore Govt. WWW site (fwd)

Source - Fight-Censorship List <fight-censorship@vorlon.mit.edu>

This showed up on the DEFCON list a little while ago. I thought it might
be of some interest here.


---------- Forwarded message ----------
Date--Mon, 9 Dec 1996 15:46:41 -0800 (PST)
To--DC-Stuff List
Subject--Hackers access Singapore Govt. WWW site

Muhahaha!

Hackers Access Singapore Government's Website

SINGAPORE - Computer hackers broke into the government's Internet
website and posted a list of the user identities of more than 100
officials from various government bodies, the Straits Times newspaper
reported today.

The newspaper said Singapore's government directory was hacked into
and the list of user IDs left on the government's home page for at
least 12 hours.

The website has links to the home pages of various government bodies,
like the Singapore Broadcasting Authority, the Attorney-General's
Chambers and other ministries.

The list has now been removed from the website and its original
contents restored.

Hacking is an offense under Singapore's Computer Misuse Act, carrying
a fine of Singapore $2,000 and a two-year jail sentence.

Penalties are more severe for gaining unauthorized access to computer
data with an intent to commit an offense such as fraud.

------------------------------

Date: Mon, 9 Dec 1996 21:10:43 -0800 (PST)
From: Declan McCullagh <declan@well.com>
Subject: File 5--Re: Hackers access Singapore Govt. WWW site

Source - fight-censorship@vorlon.mit.edu

A followup article was in today's Straits Times on page 2, saying
the police were investigating this heinous crime. The Authorities
were shocked, SHOCKED, I say, that anyone would commit such an
act against the benevolent, munificient state. Perhaps the
government needs to take out anti-hacking ads on the sides of
buses -- one I saw this morning on the way downtown showed how
taxpayer money is spent: on a full-color advert promoting
"Singapore Family Values."

Singapore Net-experts, meanwhile, have been telling me that it's
not much of a hack. Rather, it's much more likely that the
offenders (might they be caned?) took advantage of a cgi script
loophole to execute a copy command moving /etc/passwd into
index.html. Boring stuff, yet exquisitely timed. Singapore is
putting its technological prowess on display this week for the
WTO summit meeting here. There's nothing more amusing than an
embarrassed repressive, censorhappy government.

------------------------------

Date: Sat, 14 Dec 1996 16:49:32 -0600 (CST)
From: Crypt Newsletter <crypt@sun.soci.niu.edu>
Subject: File 6--Jenott: Prosecutor attempts suicide, more secrecy

At the beginning of the week, the court martial of Eric Jenott took
a strange turn when the military judge, Fred Arquilla, replaced the
Army's lead prosecutor, Gordon Wells, because he had attempted to
commit suicide.

Wells tried to kill himself by slashing one of his wrists with a razor
early Sunday morning and was immediately taken to an army medical center,
according to the Fayetteville Observer.

Moving swiftly, Arquilla appointed a new lead prosecutor, Tim Lucas,
and postponed further action for a day and a half. On Monday, Jenott
also pleaded not guilty to all charges leveled at him.

Arquilla denied a defense motion to have Quihang Liu named an essential
witness. Liu is a Chinese engineer and former friend of Jenott's who
is said by the Army to have been a recipient of secret passwords supplied
by the Ft. Bragg soldier. Liu has indicated he will not return to the
United States for the trial. Arquilla also denied a request by Jenott's
defense for a review copy of the information taken from 600 diskettes
and two hard disks, formerly belonging to the Ft. Bragg soldier, and
seized by the government.

On Thursday, Army investigator James P. Samberg testified the
Ft. Bragg hacker told him he was trying to "hurt the United States
and help China"
when he gave away a "secret" password.

As the proceeding unfolded on Thursday, Samberg read from Jenott's
personal diary, a diary seized at the Ft. Bragg barracks in June.

From Jenott's diary -- dated sometime in 1991, according to Samberg:

"I just wish America, my own country, would be put to shame.
America is disgusting. I'm getting more and more impatient to go
to China."


Samberg also presented a poem, attributed to Jenott in 1993,
entitled "Red Blood and Snow." "By the way, I've been a communist for
about three years,"
was said to be the poem's closing line.

Jenott's defense counsel, Tim Dunn, attacked Samberg's credibility.
According to the Observer, Samberg had acknowledged "falsifying a
weapons qualification record."


Prosecutors tried to build the case that Jenott was a communist Chinese
defector in waiting by trotting out one of Jenott's platoon members,
Nicolas Salado. Salado had travelled with Jenott in February 1996 to
visit Quihang Liu in Knoxville. Salado testified that he saw
Jenott and Liu access Playboy's site on the Internet -- a known
hotspot of communists -- and that Jenott spoke to Liu in Chinese.

Prosecutor Matthew Wilkov claimed Jenott burned his passport because he
wanted to defect. The defense countered that Jenott merely wanted to be a
tourist.

In keeping with the aura of secrecy that has surrounded the court
martial, military judge Fred Arquilla closed the court to the public
a number of times, supposedly due to the discussion of classified
material, according to the Observer. At one point, a witness' name
rank and unit were classified. The Observer reporter got it anyway
and published the name of the classified soldier: "Alan Castle."

Willkov said Jenott had also hacked systems run by by the Joint Chiefs
of Staff, the secretary of the Army, the Department of Defense, the
Army, the Navy and the Air Force -- installing password sniffers on
them during the process.

On Friday, Fred Arquilla locked the public out of the trail for all
but three minutes. The rest of the day the court was closed under a
court order for military secrecy.

Digested from Fayetteville Observer daily news reports: http://www.foto.com .

George Smith
Crypt Newsletter
http://www.soci.niu.edu/~crypt

------------------------------

Date: Wed, 20 Nov 1996 08:16:38 -0500 (EST)
From: Noah <noah@enabled.com>
Subject: File 7--BoS: Serious BIND resolver problem (fwd)

Source -Noah

---------- Forwarded message ----------
Date--Mon, 18 Nov 1996 22:53:16 -0700 (MST)
From--Oliver Friedrichs <oliver@secnet.com>
Subject--BoS--Serious BIND resolver problem

Secure Networks Inc.

Security Advisory
November 18, 1996

Vulnerability in Unchecked DNS Data.

In research for our upcoming network auditing tool, we have uncovered a
serious problem present in implementations of BIND which trust invalid data
sent to them. This vulnerability specifically applies to hostname to address
resolution and can result in local and remote users obtaining root privileges.

It is recommended that security conscious users upgrade to the latest version
of the BIND resolver immediately. Information on obtaining the latest
official release is provided at the end of this message.

Technical Details
~~~~~~~~~~~~~~~~~

When a standard hostname lookup is performed on internet connected systems,
the resulting address should be 4 bytes (Forgetting about IPv6 for now).
Assuming that the address will always be 4 bytes, many privileged and
unprivileged programs (including network daemons) trust the address length
field which is returned from gethostbyname() in the hostent structure. By
trusting the length field returned by DNS to be 4 bytes, it then copies the
address into a 4 byte address variable. The vulnerability exists due to the
fact that we can specify the size of IP address data within the DNS packet
ourselves. By specifying a size larger than 4 bytes, an overflow occurs, as
the program attempts to copy the data into the 4 byte structure it has
allocated to store the address.

One example of this vulnerability occurs in rcmd.c, the standard BSD library
routine which is used by rsh and rlogin to remotely connect to systems. Note
that the code itself is not faulty, however the resolver implementation is.
Example code follows:

hp = gethostbyname(*ahost);
if (hp == NULL) {
herror(*ahost);
return (-1);
}
*ahost = hp->h_name;

.
.
.

bzero(&sin, sizeof sin);
sin.sin_len = sizeof(struct sockaddr_in);
sin.sin_family = hp->h_addrtype;
sin.sin_port = rport;
bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);

In this example, we copy hp->h_length ammount of data into the address
variable of a sockaddr_in structure, which is 4 bytes. The hp->h_length
variable is taken directly from the DNS reply packet. If we now look at how
rcmd() declares it's variables, and after looking through rlogin with a
debugger, we can determine that this is a dangerous situation.

int rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
char **ahost;
u_short rport;
const char *locuser, *remuser, *cmd;
int *fd2p;
{
struct hostent *hp;
struct sockaddr_in sin, from;
fd_set reads;

On further testing, and implementation of exploitation code, we can verify
that this is indeed possible via the rlogin service. In order to exploit the
problem, we first start a program to send a fake DNS replies.

[root@ariel] [Dec 31 1969 11:59:59pm] [~]% ./dnsfake
oakmont.secnet.com(4732)->idoru.secnet.com(53) : lookup: random-domain.com (1:1)
sent packet fake reply: 270 bytes
idoru.secnet.com(53)->oakmont.secnet.com(4732) : reply: random-domain.com (1:1)

We then cause rcmd() within rlogin to do a host lookup and response with
our false data.

[oliver@oakmont] [Dec 31 1969 11:58:59pm] [~]% whoami
oliver
[oliver@oakmont] [Jan 01 1970 00:00:01am] [~]% rlogin random-domain.com
random-domain.com: Connection refused
# whoami
root
#

Impact
~~~~~~

By checking common BSD sources, we can see that over 20 local programs are
vulnerable to this attack, and possibly 2 remote daemons. The possibility
of exploiting local programs may seem insignificant, however if one considers
an attacker somewhere on the internet intercepting DNS lookups, and inserting
their own replies, it isn't. There is a real threat of passive attacks
present here, whereby any user on a network running any of these programs can
be a victim. Take for instance traceroute, or ping both of which fall prey
to this problem.

Aside from stock UN*X programs which ship with most vendor operating systems,
there appears to be problems related to h_length in external software packages.
Due to the flaw, FWTK (Firewall Toolkit) a freely available firewall kit
appears vulnerable. The generic routine, conn_server(), which is utilizied
by the proxy servers, appears to trust the data as well.

Vulnerable Systems
~~~~~~~~~~~~~~~~~~

At this point we would assume that most vendor systems who have incorporated
BIND directly into their operating system are vulnerable.

Solaris is not vulnerable according to Casper Dik <Casper.Dik@Holland.Sun.COM>

Fix Information
~~~~~~~~~~~~~~~

The maintainers of BIND, and CERT were notified of this problem several
months previous to this posting.

We recommend upgrading to the latest release of BIND which solves this
problem due to the incorporation of IPv6 address support.

The latest official release of BIND is availible at:

ftp.vix.com in the directory /pub/bind/release/4.9.5



We wish to acknowledge and thank Theo Deraadt, the maintainer of the OpenBSD
operating system for his help in finding and analyzing this problem. More
information on OpenBSD can be found at http://www.openbsd.org.

- Oliver Friedrichs <oliver@secnet.com>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJATn0AAAEEAJeGbZyoCw14fCoAMeBRKiZ3L6JMbd9f4BtwdtYTwD42/Uz1
A/4UiRJzRLGhARpt1J06NVQEKXQDbejxGIGzAGTcyqUCKH6yNAncqoep3+PKIQJd
Kd23buvbk7yUgyVlqQHDDsW0zMKdlSO7rYByT6zsW0Rv5JmHJh/bLKAOe7p9AAUR
tCVPbGl2ZXIgRnJpZWRyaWNocyA8b2xpdmVyQHNlY25ldC5jb20+iQCVAwUQMkBO
fR/bLKAOe7p9AQEBOAQAkTXiBzf4a31cYYDFmiLWgXq0amQ2lsamdrQohIMEDXe8
45SoGwBzXHVh+gnXCQF2zLxaucKLG3SXPIg+nJWhFczX2Fo97HqdtFmx0Y5IyMgU
qRgK/j8KyJRdVliM1IkX8rf3Bn+ha3xn0yrWlTZMF9nL7iVPBsmgyMOuXwZ7ZB8=
=xq4f
-----END PGP PUBLIC KEY BLOCK-----

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Oliver Friedrichs - (403) 262-9211 - Secure Networks Inc.
Suite 440, 703-6th Avenue S.W. Calgary, AB, Canada, T2P 0T9

------------------------------

Date: Tue, 26 Nov 1996 09:28:24 -0600
From: "Gilbert L. Sebenste" <sebenste@geog.niu.edu>
Subject: File 8--Modems, PPP, who is doing what? (fwd)

((MODERATORS' NOTE: During a busy time of the term, we had some
dial-in access problems into our University computer system
attributed to faulty modems. Some questions arose about what
resources/set-ups other universities have, and a poster to a local
discussion group provided the following information. Given the
number of CuD readers affililiated with colleges/universities,
I thought the following might be of interest -- jt)).

Hi gang,

Well, after reading the message explosion after the modems got clogged,
may of you wonder who is doing what at other universities. The program
through which we get our weather data, UNIDATA, asked that of it's
participating schools. I think you'll find this interesting.

---------- Forwarded message ----------
Date--Mon, 25 Nov 1996 12:04:54 -0500 (EST)
From--Russ De Souza <rdesouza@nimbus.millersv.edu>
To--community@unidata.ucar.edu
Subject--Summary of PPP responses. Additional data from the PA State

System of Higher Education (SSHE) is also in report. Laurie attempted to
summarize results at bottom. Summary of PPP responses. Additional data
from the PA State System.

Community Summary of PPP responses + Summary of Information

Dial-in Access Availability Non-SSHE Schools


University of Nebraska

Off-campus users use Internet providers at their own cost;
negotiating license with providers for pricing limits and service
levels in exchange for providerUs connectivity to campus network.


University of Washington

Have modem pool for dial-in PPP access; user accounts as
validation.


Creighton University

Contract with USWest - faculty, staff, student, alumni can use
their service - unlimited connect time @ $11.95/month.


NE Louisiana University

PPP/SLIP not implemented due to security concerns. Some
departments considering doing limited PPP/SLIP on their own
networks.


Florida State University

250 lines with PPP connectivity. Individual departments also
have limited number of lines on their networks. Busy signals still
a problem.
Negotiating with IBM for $11.95/month unlimited access time for users.


Plymouth State

20 dialups with SLIP/PPP. Busy signals often. Suggestions to
users to find Internet Provider at own expense.


Lyndon State College

>From their research, usually less expensive and easier to
administer if access supplied by local provider. Agreement with
local provider: college provides installation seminars so local
provider reduces connectivity costs.


University of Hawaii

PPP connectivity provided; 90-minute access time limit (through
modem servers); heavily used. Some departments have limited
number of dialups available, mainly text-based.


University of Iowa

Many universities requiring faculty/students to pay for their own
SLIP/PPP connections. Have contract with MCI to provide local
dial-in phone numbers; $16/month for 60 hours access time. Are
phasing out their University-run pool of modems to save $400,000
annually.


Rutgers University

Dial-ins are handled by Cisco servers and provide a variety of
connectivity options (telnet, PPP, SLIP, etc.)
Full-time students pay $100/semester for computing services,
including networking and dial-up lines.


University of Wisconsin - Madison

400 modems, using Cisco routers. Will be increasing to 1,000
modems. Support variety of connectivity options (see Rutgers above).


Utah State University

128 dial-in lines, almost all traffic is PPP; evening access limited
to 5 hours per week per user. People wanting longer connectivity
time to ISPs, $19.95/month unlimited access time.


Summary of Information
Dial-in Access Availability

SSHE Schools

Bloomsburg University

56 modems - text only - all users have access. Networking residence halls
to support students. 16-modem PPP comm. server - limited to usage by 60
faculty and staff who have a Runiversity based need.
Recommending home user to use Internet Providers; at least
three local providers, $15 - $20/month for unlimited use.


Mansfield University

Decision was made to let existing Internet Providers handle
graphical dial-in support; recommend Epix and cable company.


Edinboro University

Do not provide graphical dial-in access; cost prohibitive.


Slippery Rock University

Text dial-in access provided an no charge. Faculty and students
wanted full graphical access are directed to third party providers.
Very few complaints from users.


Kutztown University

Text connectivity only via dial-in access. Arrangement with
Prolog as provider for alumni and friends. Average connect time
on their text dialups is 17 minutes; Service Provider reports 1 3/4
hours average connect time.


Lock Haven University

Providing PPP access, in the process of upgrading equipment.
Costs: $25,000 for 46 line support, plus phone line costs: $3,000 to
install then $1,000 per month.



Summary of comments made by people providing information:

- The costs of maintaining a modem pool to provide even text-only access
has been increasing rapidly over recent years due to a number of factors --
primarily a rapidly increasing base of users wanting this service. (University
of Nebraska)

- Serious users are still encouraged to go third-party. (Florida State)

- There is some justification for getting students to pay for their own
off-campus SLIP/PPP Internet access as it turns out that many students have
been using the University dial-in lines to browse the WWW for non-academic
purposes. (University of Iowa)

- There are many issues associated with providing Netscape to off-campus
students:

- More trunk lines will be needed;
- more modems are needed;
- Support calls are more difficult than typical text-based connections;
- How many modems is enough? Are occasional busy signals accepted?
- Should time limits be enforced to prevent net-surfing?
- With the need for faster connections every 15 months, where will the
funding come from? (28.8 modems yesterday, 33.6 modems today, 57.6 modems
tomorrow - gets expensive.) (Bloomsburg)

- With a limited number of lines the first 32 persons would be happy, but
the majority would be less than happy. (Kutztown)

------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 9--Cu Digest Header Info (unchanged since 13 Dec, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "
computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #8.88
************************************

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT