[Planetlab-users] unc.edu planetlab nodes

Marc E. Fiuczynski mef at CS.Princeton.EDU
Thu Sep 13 22:16:06 EDT 2007 

Hello Jay,

One goal has been that services on PlanetLab nodes actually benefit its 
hosting site.  E.g., CoBlitz serves citeseer PDF, various linux 
distributions, etc..  But your setup defeats this from the get go. 

In general, if a site feels the need to isolate PL nodes then a better 
filtering configuration would be to permit campus hosts to initiate 
communication with PL nodes but not vice versa.  Any chance you could do 
this @uiuc.edu and report.

Best regards,
Marc





Patel, Jay A wrote:
> Hi Bil,
>
> @uiuc.edu, the PL nodes are DMZed and outside of IDS -- except no
> traffic is allowed from PL nodes to other campus nodes. So we can't
> connect to uiuc PL nodes on campus unless we get an exception listed for
> a particular host (which PL users can easily get and do). This may work
> for you too.
>
> Cheers,
> Jay.
>
>   
>> -----Original Message-----
>> From: users-bounces at planet-lab.org 
>> [mailto:users-bounces at planet-lab.org] On Behalf Of bil
>> Sent: Thursday, September 06, 2007 3:38 PM
>> To: users at lists.planet-lab.org
>> Subject: [Planetlab-users] unc.edu planetlab nodes
>>
>> All,
>> We have been asked by the local security folks at ITS (our 
>> main campus IT
>> group) to take a look at the security of the planetlab 
>> machines here at unc.edu. One of the options they are 
>> considering is limiting access from our two planetlab 
>> machines to the cs.unc.edu subdomain (so that only cs.unc.edu 
>> machines could be affected if the planetlab systems were 
>> somehow compromised and were used for a malicious purpose 
>> inside of the unc.edu ip domain.
>>
>> My feeling is that it would be better to have these machines 
>> open on the internet side and to cs.unc.edu than to have them 
>> behind an IDS or IPS system (which is the case now).
>>
>> This begs a very important question: would any of the 
>> research that is being carried out on these systems be 
>> adversely affected if such a restriction were imposed? 
>> Details on any adverse affects would be greatly appreciated.
>>
>> Also, if any out there has had similar conversations with 
>> university security personnel, I'd appreciate hearing what 
>> the outcome was.
>>
>> Please reply by direct email, I'm not on the planetlab list, 
>> and thanks in advance for any data you can send me, bil
>>
>>
>>
>> --
>>
>> ________________________
>> bil hays
>> Network Manager
>> Computer Science, UNC CH
>>
>> _______________________________________________
>> Users mailing list: Users at lists.planet-lab.org
>> https://lists.planet-lab.org/mailman/listinfo/users
>>
>>     
>
> _______________________________________________
> Users mailing list: Users at lists.planet-lab.org
> https://lists.planet-lab.org/mailman/listinfo/users
>

More information about the Users mailing list