[HECnet] Suggestions for LAT.

[Johnny Billquist]

Hi. As a few people are sharing LAT connections now as well, I thought I'd make a suggestion on how to make this a bit more manageable.
If people have questions on LAT, how to set up DECservers, or something else, you can as usual just mail me.

First of all, please note that LAT is not a safe protocol. Everything goes in clear text, and malicious people can easily snoop your sessions.

My thoughts right now are in the area of services offered. When I list services I notice that some machine consoles are available, as well as some general machine logins.

The console services are nice to have (I also have a few of those), however, they are not useful for the general public, and the hope is that people who don't have anything to do with them don't connect to them. But they do clutter up the list of available services anyhow.

What I'd like to propose is that for services that aren't of general use should switch to another group. The default group is group #0, and that group is nice to continue to use for generally available systems that people might want to log in to.

I've been using group 1 for consoles for now, and I'd suggest that others do that too. Or perhaps pick some other group if you want to keep your machines separate. Notice that this does not really add anything from a security point of view, since people can change their own port to see services in any group if they really want to.

But if people set up their port to by default only be in group 0, and we place consoles in group 1, they will not show up in the general case, and you'd have to explicitly turn on group 1 when you want to play with consoles (or if you want it on by default, feel free, but it will look nicer to some atleast).

The same goes if you have printers, for instance, as services. Place them also in another group. Preferably in yet another group, but atleast not in group 0. And modems as well, if you have those.

So a suggested division of groups would be as follows:

0	General systems where people might log in.
1	Consoles
2	Modems
3	Printers

If you have all of that on the same DECserver you cannot be picky, however, since you can only specify one group for all services offered. Use the lowest group number for which you have a matching service in that case.

Note that the group numbers only affect which services are visible to users connected to a DECserver. It does not affect reverse LAT connections, which will find the right service no matter which group it is in.

So this is mostly just to make the list of services more convenient when you look as an interactive user on a DECserver.

Finally a short suggestion for those of you who have consoles as services. If you haven't found it, or set it up, I'd also suggest you place a password on those services, which can limit the possibility of others to wreak havoc on your machines... Just a suggestion.
It will still not prevent others from potentially DoS your console port.

	Johnny

-- 
Johnny Billquist                                   || "I'm on a bus
                                                                  ||   on a psychedelic trip
email: bqt at softjar.se                         ||   Reading murder books
pdp is alive!                                         ||   tryin' to stay hip" - B. Idol