[HECnet] Suggestions for LAT.

Johnny Billquist bqt at softjar.se
Sun Oct 17 02:43:06 PDT 2010 

On 2010-10-17 03:34, Johnny Billquist wrote:
Hi. As a few people are sharing LAT connections now as well, I thought
I'd make a suggestion on how to make this a bit more manageable.
If people have questions on LAT, how to set up DECservers, or something
else, you can as usual just mail me.

First of all, please note that LAT is not a safe protocol. Everything
goes in clear text, and malicious people can easily snoop your sessions.

My thoughts right now are in the area of services offered. When I list
services I notice that some machine consoles are available, as well as
some general machine logins.

The console services are nice to have (I also have a few of those),
however, they are not useful for the general public, and the hope is
that people who don't have anything to do with them don't connect to
them. But they do clutter up the list of available services anyhow.

What I'd like to propose is that for services that aren't of general use
should switch to another group. The default group is group #0, and that
group is nice to continue to use for generally available systems that
people might want to log in to.

I've been using group 1 for consoles for now, and I'd suggest that
others do that too. Or perhaps pick some other group if you want to keep
your machines separate. Notice that this does not really add anything
from a security point of view, since people can change their own port to
see services in any group if they really want to.

But if people set up their port to by default only be in group 0, and we
place consoles in group 1, they will not show up in the general case,
and you'd have to explicitly turn on group 1 when you want to play with
consoles (or if you want it on by default, feel free, but it will look
nicer to some atleast).

The same goes if you have printers, for instance, as services. Place
them also in another group. Preferably in yet another group, but atleast
not in group 0. And modems as well, if you have those.

So a suggested division of groups would be as follows:

0 General systems where people might log in.
1 Consoles
2 Modems
3 Printers

If you have all of that on the same DECserver you cannot be picky,
however, since you can only specify one group for all services offered.
Use the lowest group number for which you have a matching service in
that case.

Note that the group numbers only affect which services are visible to
users connected to a DECserver. It does not affect reverse LAT
connections, which will find the right service no matter which group it
is in.

So this is mostly just to make the list of services more convenient when
you look as an interactive user on a DECserver.

Finally a short suggestion for those of you who have consoles as
services. If you haven't found it, or set it up, I'd also suggest you
place a password on those services, which can limit the possibility of
others to wreak havoc on your machines... Just a suggestion.
It will still not prevent others from potentially DoS your console port.

I just had another idea as well.

Would people think it would be an interesting idea to have group numbers for machines differentiate depending on OS? So that people could see what VMS systems there are to connect to without seeing other systems?

Or maybe it would be more meaningful if we use group 0 for systems where guest access is available, and then people use their own groups for "local" systems?

	Johnny

-- 
Johnny Billquist                                   || "I'm on a bus
                                                                  ||   on a psychedelic trip
email: bqt at softjar.se                         ||   Reading murder books
pdp is alive!                                         ||   tryin' to stay hip" - B. Idol

More information about the Hecnet-list mailing list