SDSC Researchers Find Security Flaws in Popular Line of DSL Modems
Researchers Tsutomu Shimomura and Tom Perrine of SDSC identified several security flaws in the Alcatel Speed Touch ADSL modem. The Alcatel device is claimed to be the world’s most popular modem for digital subscriber line (DSL) Internet connections, with more than 1.6 million units in use worldwide and more than half a million in the United State.
On April 10, Perrine, SDSC’s manager of Security Technologies, and Shimomura, an SDSC Fellow, reported several security holes in Alcatel’s Speed Touch Home ADSL modem and the Alcatel 1000 Network Termination Device. Within hours the CERT Coordination Center at Carnegie Mellon University, had followed up with a similar announcement, based in part on SDSC’s information.
The security weaknesses can allow an intruder to take complete control of a unit–changing its configuration, uploading new firmware to change its operation, or disrupting the communications between the ADSL service provider and the user.
Shimomura is a well-known security researcher and is co-author of Takedown, a 1996 book about his pursuit and capture of computer outlaw Kevin Mitnick. Perrine specializes in critical infrastructure protection, scalable security infrastructure, and computer intrusion analysis. (v5.8)
SDSC and UCSD Researchers Analyze Internet Denial-of-Service Attacks
Using a new technique, UCSD network researchers from SDSC and the Jacobs School of Engineering analyzed the worldwide pattern of malicious denial-of-service (DoS) attacks against the computers of corporations, universities, and private individuals. In a clever twist, the researchers used key features of these messages’ forged signatures to detect and track the attacks.
"We believe our research is the only publicly available data quantifying denial-of-service activity in the Internet," said David Moore, a senior researcher in the Cooperative Association for Internet Data Analysis (CAIDA) at SDSC. Moore and UCSD Computer Science and Engineering professors Geoff Voelker and Stefan Savage have devised a new technique called "backscatter analysis" that gives an estimate of worldwide denial-of-service activity. Their research enables network engineers to understand the nature of recent attacks and to study long-term trends and recurring patterns of attacks.
The researchers collected and analyzed three week-long data sets to assess the number, duration, and focus of attacks, and to characterize their behavior. In these three time windows, they observed more than 12,000 attacks against more than 5,000 distinct targets. Some of the attacks flooded their targets with more than 600,000 message packets per second.
"We were surprised by what we found," Voelker said. "First, a significant percentage of attacks are directed against home computers with dial-up and broadband modem connections. Some of these attacks–especially those against cable modem users–can be pretty severe. This suggests that minor denial-of-service attacks are frequently being used in personal vendettas."
A small but significant fraction of attacks are directed against network infrastructure. Between two and three percent of attacks target name servers, and one to three percent target routers. The researchers view this as disturbing, since overwhelming a router could deny service to all end hosts that rely upon that router for connectivity. (v5.11)
SDSC Team Wins $108 Million, 8-Year Department of Defense High-Performance Computing Contract
SDSC is part of a national team of academic institutions and industry partners that was awarded a $108 million contract to work side-by-side with Department of Defense (DoD) researchers in 11 technical areas with broad scientific and defense applications. Led by Mississippi State University, the Ohio Supercomputer Center, and SDSC, the consortium will begin work on June 1, 2001, with a three-year basic contract and up to five one-year extension options.
The Programming Environment and Training (PET) consortium will work with the DoD’s High Performance Computing Modernization Program to provide research expertise, education and training, and technical support for computing resources. SDSC researchers will be leading efforts in education, outreach and training (EOT) and enabling technologies
The contract is one of the largest in DoD history for academic research and builds on SDSC’s involvement over the past five years with the PET program of the Naval Oceanographic Office (NAVO) Major Shared Resource Center. The new consortium will work with the Army Engineering Research and Development Center at Vicksburg, Mississippi, and the Air Force Aeronautical Systems Center in Dayton, Ohio, as well as NAVO. (v5.11)
Mount Laguna Observatory Streams Images to SDSU Campus via HPWREN
On April 16, astronomer Bill Welsh streamed images from the 40-inch telescope at San Diego State University’s (SDSU) Mount Laguna Observatory (MLO) to his SDSU laboratory via the 45-Mbps backbone of the NSF-funded High Performance Wireless Research and Education Network (HPWREN), an effort led by SDSC and the Scripps Institution of Oceanography. The following morning, the images were displayed to students in Janet Wood’s Astronomy 101 class.
"We are extremely excited about seeing a major goal of this collaborative networking project with UCSD realized," said MLO Director Paul Etzel, chair of SDSU’s Astronomy Department. "We will now work to build research, educational, and public outreach capabilities upon HPWREN."
For instance, new images can now easily be compared to archival images of the same sky fields. Such comparisons reveal the appearance of novae and supernovae in other galaxies. Similarly, MLO’s research partners at the University of Illinois and at other California State University (CSU) institutions will benefit by more efficient transfer of data to and from their home campuses.
A pilot "service" observing program is planned for the fall of 2001 in which Fred Ringwald and his students at CSU Fresno will be granted observing time at MLO. Over the Internet, Ringwald will remotely direct an SDSU observer at MLO and interact with the data flow of new images in real time to optimize observations. (v5.9)
Protein Data Bank Integrates SDSC Interactive Collaborative Environment
The Protein Data Bank (PDB) has integrated the Molecular Interactive Collaborative Environment (MICE) developed by SDSC, allowing teams of scientists worldwide to view and interact simultaneously with 3-D scenes of biological molecules through ordinary Web browsers.
"SDSC’s MICE is the first tool that lets scientists view 3-D structures together and interactively, which is a major advance for the PDB," said Philip E. Bourne, co-director of the Protein Data Bank (PDB), the world repository for 3-D macromolecular structure data managed by teams at Rutgers University, SDSC, and the National Institute of Standards and Technology. PDB stores the sequences and structures of proteins and contains numerous tools for pinpointing and visualizing the data.
Using MICE, one participant can "publish" a 3-D molecular scene, and all participants can view it simultaneously with an ordinary Web browser. Scientists can share and manipulate entire 3-D molecular structures instead of static 2-D snapshots, in real time. In the first weeks of availability, about 2,200 accesses to MICE were registered.
"MICE fits perfectly with the PDB’s mission of enabling science and arrives at a time when structures are growing in terms of number and complexity," said PDBDirector Helen M. Berman of Rutgers University. "This method of collaboration will promote new ways of seeing and thinking about structure, and it is a welcome addition to our current suite of tools." (v5.12)
Medical Informatics Leader and NPACI Thrust Leader Joins Ohio State, OSC
Joel H. Saltz will chair the newly formed Department of Medical Informatics at The Ohio State University College of Medicine and Public Health and the Ohio Supercomputer Center (OSC). Saltz is one of several high-caliber researchers hired in the past two years by Ohio State to create and spearhead one-of-kind research programs.
Saltz holds appointments as senior fellow at OSC and in the Department of Pathology and Department of Computer and Information Science. He also will serve as chief information officer and associate vice president for health sciences. Saltz will continue in his role as leader of NPACI’s Programming Tools and Environments thrust area.
At Johns Hopkins University, Saltz was a professor and director of the division of informatics in the Department of Pathology. He held a second appointment at the University of Maryland as director of the high-performance systems software laboratory. He has a medical degree in pathology and doctorate in computer science, both from Duke University. (v5.8)
End-to-End Data Transfer from Blue Horizon to HPSS Exceeds 230 MB/s
SDSC’s Storage Systems group achieved a transfer rate from Blue Horizon to the High-Performance Storage System (HPSS) disk in excess of 230 MB/s. "This milestone is our first end-to-end transfer all the way from Blue Horizon nodes through the SAN Fibre Channel to HPSS disk," said Tom Sherwin, Storage Systems group leader.
Sherwin says their target was a data transfer rate of 200 MB/s, and they managed to achieve an extra 30 MB/s. "While users won’t immediately be able to expect such high data-transfer rates in production jobs, this demonstration of the capability of our current gigabit Ethernet and Fibre Channel shows that since users can more rapidly drain the file system, they can more freely use the HPSS archive, which opens up resources and results in greater throughput and faster turnaround for everyone," said Sherwin.
The end-to-end tests transferred data from five Blue Horizon nodes with gigabit Ethernet, using the four Fibre Channel switches of SDSC’s storage-area network, to HPSS disk. Each Blue Horizon node used two-way striping to transfer data simultaneously to two HPSS disk locations.
Papers describing this research by SDSC Advanced Systems Manager Phil Andrews, Sherwin, and Bryan Banister, leader of the Systems Integration Group, were presented at the 18th IEEE Symposium on Mass Storage Systems and 9th NASA Goddard Space Flight Center Conference on Mass Storage. (v5.8)