Rob, > The problem is with our firewall and the labs policy concerning > peer-to-peer software. Below is the text of the response from our Unix > support folks: > > Description: > > Entered on 08/20/2007 at 09:35:08 by Dan Hagedorn: > Rob, > > I received e-mail today from LDM support. Apparently they were copied > on this issue. > > Futher investigation into LDM tells me that it is NOT allowed here. I > quote from the LDM support page, "The LDM is a peer-to-peer software > system for...". Peer to peer software is specifically banned here at > the lab by SBMS. You may not have it installed and in fact, any system > that has had LDM installed, needs to be wiped and re-imaged. > > Dan Hagedorn > PNNL UNIX help desk Interesting. Apparently your UNIX support people decided that the LDM violates policy based on the poorly-defined phrase "peer-to-peer" appearing in some introductory commentary -- rather than based on an understanding of the LDM itself. Just FYI, this hasn't stopped NOAA, USGS, NASA, the US military, and governmental entities in Argentina, Brazil, Spain, Vietnam, Canada, the UK, Australia, Taiwan, China, or the EU from using the LDM. A network-capable version of the LDM was first released in 1994. As the developers of the LDM, we would have heard of any successful compromise of a computer system by means of the LDM -- and we haven't in all that time. > Entered on 08/13/2007 at 11:07:50 by Dan Hagedorn: > Rob, > > I looked up LDM. It is required to communicate with systems outside our > firewall. The data sharing is much like P2P filesharing and will not be > allowed on the network. If you have LDM installed, please remove it. > UCS may detect that it is running and querying for other systems - > essentially doing 'scanning'. > > Dan Hagedorn > PNNL UNIX help desk > > Entered on 08/13/2007 at 08:46:33 by Tim Carlson: > If LDM has to listen on a port, it is not going to work with the PNNL > firewall regardless of what port number you choose. That is just the > standard firewall policy. No desktop machines at the lab are available > from the outside on any port. Can you use the "ssh" utility to log onto a desktop system? If so, then the above assertion is false. If not, then one solution would be to run the LDM on a gateway system from which desktop LDM-s could request data. This would allow the desktop systems to remain hidden while still being able to obtain data. > See this link for example > > http://www.suominet.ucar.edu/support/suomi_network_rules.html Just FYI, if you're not going to be a member of Suominet, then you don't need to open port 22. Good luck. > Tim Regards, Steve Emmerson Ticket Details =================== Ticket ID: NQT-975754 Department: Support LDM Priority: Urgent Status: Closed
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.