Yale Bulletin and Calendar

February 25, 2000Volume 28, Number 22

Daniel A. Updegrove

Computer hijackers and Napster
users are newest Internet threat

For a technology created to serve such a noble purpose, the Internet has spawned more than its share of problems.

These include the recent headline-grabbing attacks by Internet "terrorists" on sites such as Yahoo! and eBay, as well as the development of a new software called Napster, which not only encourages copyright violations but puts inordinate strains on network resources.

The growing problems have spurred network administrators at Yale and elsewhere to forge new strategies for protecting their local computer systems, while ensuring that the resource remains open to an ever-increasing number of legitimate users.

Yale's network administrators have installed new technologies that detect vulnerabilities in the campus network and launched an educational campaign about the University's rules regarding Internet use and the importance of protecting campus computers against attacks.

To get a deeper perspective on the issues concerning Internet use at the University, the Yale Bulletin & Calendar met recently with Daniel A. Updegrove, University director of Information Technology Services (ITS); Morrow Long, University information security officer; and Joseph Paolillo, director of data network operations. The following is an edited transcript of that conversation.

How many people at Yale can use the Internet at any one time?

Updegrove: There are 15,000 Ethernet connections on campus and another 600 dial-up lines through our remote access service. So, theoretically, we could have 15,600 Yale people using the network simultaneously. But there's the question of what you mean by the Internet. The Yale network is a component part of the Internet. Your Ethernet connects by a wire down the hall to a wiring closet; then there's a fiber optic connection to a master closet in the building; then we go underground from your building to other buildings; and everything connects and connects and connects. Finally, there's a wire that connects all the campus traffic externally to the rest of the world.

Paolillo: It's like the campus phone system. You can make calls to other campus people on their Yale telephones or you can make a call outside Yale by dialing "9" and a seven-digit number. The Internet is akin to that outside service. When you use Project X administrative applications or other web servers located on campus, strictly speaking, you're not using the Internet.

Updegrove: Theoretically, Ethernet can support 10 million bits per second of communication. Yet our connection to the Internet is only 15 Megabits per second. So, there's a very large potential for bottlenecking if you have 15,000 10-Megabit-per-second connections and only one 15-Megabit connection to the outside. How can it possibly work? The good news is most of the data communication is by people within Yale to other people within Yale. If everyone simultaneously needed information from the rest of the world, we'd fill up the connection to the commodity [commercial] Internet.

Do you know who's using the Internet the most? Do you monitor its use in that way?

Long: Over time, our statistics indicate that inbound and outbound Internet traffic tends to focus in academic and administrative buildings during the business day and in the residence halls nights and weekends. Recently, however, we've noticed an upsurge of daytime traffic from the student residences.

Do you monitor how people use the Internet?

Long: We look for both general trends and exceptions in traffic flows. If traffic suddenly increases in one building or from one laboratory, this could be an indicator of a problem, perhaps a system that has been "cracked." We are not, however, monitoring what individuals send and receive over the network.

Paolillo: If there's a danger to the operation of the Yale network that may disenfranchise other users, or if there's an improper use that may legally imperil the University, then we will try to determine what the problem is. I'd use the analogy of a highway system. We want to see how wide we have to make the road to accommodate all the cars, to see where we need to put bigger and better exit ramps. But we're not looking at who's driving, how many people they have with them, and where they're going.

What kinds of problems do you look for?

Long: The situation that we saw recently in the news about the Internet, where one machine is sending a "packet" flood across the Internet to inundate some commercial site, that's one kind of problem we would work to detect. To build on Joe's highway analogy, we've started to put a few police with radar guns looking at the traffic, looking for speeders and people driving erratically.

Paolillo: In terms of problems, there's the problem of malicious intent -- where someone from outside the University, or maybe from inside the University, for whatever reason, tries to impair other people's use of the Internet. As you might imagine, people don't want to do this from their own machines, because it points directly back to them, so they "hijack" other machines on the Internet, in order to have the attacks emanate from them.

Long: These hijackers would like to use our machines to take advantage of Yale's bandwidth to inundate an Internet site. In fact, they'd like to get several universities' bandwidths and combine them together, because it takes a lot to "flood" a site like Yahoo!

Paolillo: Universities, compared to the world at large, have good Internet access. We have high-speed connections, and we have relatively open access. For instance, a corporation quite often will block access to dot-com sites so employees can't shop during the day. For universities, it's typically the reverse. We're a free and open infrastructure. We encourage the use, for academic purposes, of the Internet by our faculty, staff and students. And we want the rest of the world to be able to use our resources, to the extent that they are publicly available. So we start with no restrictions, and then we decide, based on technological and policy issues, to restrict only those things we think will damage the operation of the University's network.

So Yale doesn't block Internet sites?

Paolillo: Right.

Long: We want to spur collaboration for research and teaching. We want to provide open access for Yale people to the Internet, for various scholarly purposes.

Updegrove: We're very aware of the fact that more people are going onto the Web to get their Yale business done, to do their research or to do applicational things. We have to acknowledge that the students live here 24 hours a day, so they use their computers for more than just academic work. They contact home and buy sneakers and buy CDs, or whatever. One of our challenges is trying to determine when we have to increase the University's capacity to the rest of the world. That's fairly costly to do. Before we do that, we'd like to ensure that all of the traffic, or at least most of it, is legitimate traffic. To our knowledge, there are at least two potentially large illegitimate sources of traffic. One is if someone from outside the University has hijacked a Yale computer. Another is if legitimate Yale users are misusing the network in one way or another. For example, Yale could be affected in two ways by a denial-of-service attack. Others could attack us, or computers at Yale could be used to attack a remote site.

Has Yale been attacked?

Long: We've seen small attacks on Yale computers in the past, but nothing on the scale of the ones recently in the news.

How do you determine if a computer has been hijacked?

Long: If, instead of being a single spike, it continues on at that high rate for a long period of time, if it's an anomaly where we've never seen that level of traffic from that particular source before, that's the first sign.

Paolillo: We do have the ability to find out what machine on the campus network the data stream is coming from, within reason. If we can't easily identify it to a particular machine, we can identify it to a building.

What do you do if you discover a hijacked computer? Do you just turn it off?

Long: Well, you can shut down the link to the network.

Paolillo: If it's in the middle of the night, or on the weekend, and we can't get access to the computer, we will configure the device at that point where Yale connects to the Internet -- the router -- so it prohibits traffic to and from that computer address to protect it against potential malicious use until we can contact the owner and figure out what's going on.

Are there legal ramifications if your computer is used to deny access to another site?

Long: As long as you make a good faith effort to secure your machine and shut it down, in those cases, you don't have a problem. If you're the person doing it, that's a different matter.

What happens in that case?

Long: We notify people. If it's not malicious, typically people get an opportunity to deal with the problem. If there are problems which are more serious, then those problems get referred to some disciplinary body.

Paolillo: There is an Appropriate Use Policy for the network and all computer resources at Yale that all students, staff and faculty of the University are bound to (see below).

Updegrove: It's against that policy to hog resources. It's also against federal law to disrupt data networks and to crack into computers that you're not authorized to use. So, that's something that we have to be increasingly vigilant about. We want to have an increasingly sophisticated automated tool that can detect anomalies. It's extremely difficult to know what's an innovative academic use of the network, and what constitutes abuse. If there's suddenly a lot of data going from Yale to Stanford, in and of itself that's not a problem. If we get a call from Stanford saying, "One of your computers is launching a denial-of-service attack on one of our computers, please make it stop," then we respond right away.

How do you stop hijacks before they begin?

Updegrove: We have a program we run monthly that scans all the computers on campus looking for security vulnerabilities -- because, it turns out, the "crackers" have all the same tools. They run these scanning programs over the whole Internet, looking for characteristic vulnerabilities. It's almost literally like they're going door to door, checking: Is the screen door open? Is the basement door open? Is there a ground-floor or second-floor window that's unlocked? Then, they go back to gang headquarters with the information and send out teams of people with ladders or whatever, to penetrate the places that are found to be vulnerable. We basically are in a race with the crackers.

Paolillo: It's easier than you might imagine to have a computer be insecure, because quite often these insecurities are involved with the default setting of an operating system. For instance, there's this new operating system known as Linux, which is very popular with researchers. In its out-of-the-box form, it has a lot of open services on the machine -- such as file transfer, mail, time servers and other factors -- that can really be exploited. So it's a matter, in many cases, of taking some positive steps to secure your machine.

Updegrove: All too frequently, people purchase these systems and install them, and can't be bothered reading the 200 pages of fine print -- they just want to get to work.

There have been news stories recently about campus networks being overloaded through student use of the Napster program. Can you talk a little bit about that?

Updegrove: Napster is the most recent sophisticated example of desktop computer programs that can access and play digital music over the Internet. A format called MP3 was developed for data compression of very large music files to make it more feasible to store them on your hard drive and transfer them over the Internet. Music in MP3 format has become very popular over the Internet. MP3s are not inherently illegal. If you had your own band, and you wanted to record music and share it with friends, the MP3 format would be a good way of doing that. Some bands have seen MP3 on the Internet as an ideal way to get exposure without having to have a contract. Or if you have purchased a CD, and you want to play the music in a different order, it's perfectly legal to copy that CD on your hard drive so you can play the songs back over your earphones from your computer.

Paolillo: It's like making yourself a cassette tape from a CD you own to play in your car. But it's illegal to make a copy and give it out or sell it for cheaper to all your friends.

Updegrove: The problem that has arisen is that it's easy to copy commercial CDs into MP3 format and then exchange them over the Internet. A few months ago there were a whole set of directories telling you where you could find MP3s, but it was rather a tedious process of surfing from directory to directory to find who's got this artist or this kind of music. Napster came along and built a much better mouse trap. They provide one big directory at www.napster.com that is said to have over a quarter-million songs available. You can download the Napster program onto your PC. It accesses the Napster website, and you just type in the artist or title that you're looking for. You can then just click on it, and the music will start coming into your computer from someplace -- you don't have to know where that someplace is.

In addition, Napster keeps a record of which files you have downloaded. You then become a potential source for that file for somebody else. Moreover, it scans your hard drive to see if you have copied any of your own CDs, and it shares that information in its directory. A number of Napster users think of it as a music playing device not realizing it is also sharing their music with the rest of the world. Our monitoring systems have detected some computers at Yale that are simultaneously serving 20 remote users through Napster. So we've seen a fairly big run-up in the outbound traffic through our Internet gateway. On some weekends, over 45% of our outbound traffic is Napster traffic.

The Napster users don't know that they're sending out this information?

Updegrove: We believe that a lot of people aren't aware that this is happening. The Napster software interface doesn't exactly highlight this feature. In fact, the software was designed in a rather questionable manner. Even though you might think you've terminated the program, it's still resident in your computer's memory and still serving up files to the outside world, even though you've gone off to class or left Yale for the weekend.

We then have two separate but related problems with Napster. One is that, because it can send out simultaneous streams like this, a small number of Napster servers can saturate our outbound Internet gateway. Anecdotal evidence suggests that, although some of the MP3 music being shared is legal, the lion's share is illegal. So, for people who have legitimately copied music for their own use, the act of sharing it through Napster takes them from legal to illegal behavior. We think some users are aware that they're violating the law and just think they'll get away with it. Others are not aware and need to be informed.

In both cases, people need to be aware that essentially everything on the Internet is identifiable. So someone who's sharing music around the world is exposing himself or herself to substantial legal liability if these, in fact, are copyright violations. Moreover, if people are using an excess amount of the Yale network -- and if they're sending 20 music files at a time, they are -- then they're violating our Appropriate Use Policy, even if there are no copyright violations.

Other universities have put a block on the Napster site. Is Yale considering that?

Long: Not at this time. We're looking at voluntary cooperation through an education

What happens if Yale discovers students are hogging resources through Napster?

Paolillo: There is a process for notifying students of violations of the Appropriate Use Policy. They are formally notified by e-mail or letter. In some cases, depending on the severity, their master or college dean is also notified. That's usually the first step.

Long: And if they continue, we may block their network access, or at least their Internet access.

Napster aside, has Yale expanded the size of its Internet gateway to accommodate the heavier traffic demands on campus?

Paolillo: We routinely do. Over the years, as the use of the Internet has grown, we have done this a number of times. Keep in mind, however, that this is an expensive resource. Our goal is to upgrade it and provide what is needed. While we don't wish to block people or restrict their use of this resource, we do want to make sure it's being used wisely. If we see that a significant percentage of the resource is being taken in a use like Napster, the question becomes: Do we just wantonly buy more bandwith? That costs everyone. We don't want to dictatorially say, "That use will stop." We want to try and educate people that "This is a community resource, folks; use it wisely."

New ITS policy

Yale has established a new Information Technology Appropriate Use Policy.

The previous policy covered only the use of facilities and services operated by Information Technology Services (ITS). The new policy, which covers use of all Yale-owned and -managed computers, networks, hardware and software, is located at www.yale.edu/policy/itaup.html.


Term bill raised by just 2.9%

African-American Studies gains department status

Dean honors music-loving Thai king

Computer hijackers and Napster users are newest Internet threat

Bradley urges support for his 'dream' for the future

Renowned opera diva shares stories of her career at master's tea

Grant supports a collaborative library project on digital books

Law students revive New Haven Cares voucher program

Orchestra readies itself for its 'biggest events'

Staged reading weaves a story about a vilified play

Playwriting festival will showcase new works by drama students

Economic development is focus of conference

Historian John Blassingame, pioneer in study of slavery, dies

Virtuoso oboist and composer Ronald Roseman dies

Educators will gather at Yale-hosted conference on social studies teaching

NASA grants awarded for space research

Concert will feature works by prize-winning composer

Sports Scoreboard

In the News

Bulletin Home|Visiting on Campus| Calendar of Events|Bulletin Board

Classified Ads|Search Archives|Production Schedule|Bulletin Staff

Public Affairs Home|News Releases| E-Mail Us|Yale Home Page