[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #NQT-975754]: Problems with LDM


> The problem is with our firewall and the labs policy concerning
> peer-to-peer software. Below is the text of the response from our Unix
> support folks:
> Description:
> Entered on 08/20/2007 at 09:35:08 by Dan Hagedorn:
> Rob,
> I received e-mail today from LDM support.  Apparently they were copied
> on this issue.
> Futher investigation into LDM tells me that it is NOT allowed here.  I
> quote from the LDM support page, "The LDM is a peer-to-peer software
> system for...".  Peer to peer software is specifically banned here at
> the lab by SBMS.  You may not have it installed and in fact, any system
> that has had LDM installed, needs to be wiped and re-imaged.
> Dan Hagedorn
> PNNL UNIX help desk

Interesting.  Apparently your UNIX support people decided that the LDM
violates policy based on the poorly-defined phrase "peer-to-peer" appearing
in some introductory commentary -- rather than based on an understanding of
the LDM itself.

Just FYI, this hasn't stopped NOAA, USGS, NASA, the US military, and
governmental entities in Argentina, Brazil, Spain, Vietnam, Canada, the
UK, Australia, Taiwan, China, or the EU from using the LDM.

A network-capable version of the LDM was first released in 1994.  As the
developers of the LDM, we would have heard of any successful compromise
of a computer system by means of the LDM -- and we haven't in all that

> Entered on 08/13/2007 at 11:07:50 by Dan Hagedorn:
> Rob,
> I looked up LDM.  It is required to communicate with systems outside our
> firewall.  The data sharing is much like P2P filesharing and will not be
> allowed on the network.  If you have LDM installed, please remove it.
> UCS may detect that it is running and querying for other systems -
> essentially doing 'scanning'.
> Dan Hagedorn
> PNNL UNIX help desk
> Entered on 08/13/2007 at 08:46:33 by Tim Carlson:
> If LDM has to listen on a port, it is not going to work with the PNNL
> firewall regardless of what port number you choose. That is just the
> standard firewall policy. No desktop machines at the lab are available
> from the outside on any port.

Can you use the "ssh" utility to log onto a desktop system?  If so,
then the above assertion is false.  If not, then one solution would be
to run the LDM on a gateway system from which desktop LDM-s could request
data.  This would allow the desktop systems to remain hidden while still
being able to obtain data.

> See this link for example
> http://www.suominet.ucar.edu/support/suomi_network_rules.html

Just FYI, if you're not going to be a member of Suominet, then you
don't need to open port 22.

Good luck.

> Tim

Steve Emmerson

Ticket Details
Ticket ID: NQT-975754
Department: Support LDM
Priority: Urgent
Status: Closed

NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.