[HECnet] DECnet over IP

Johnny Billquist bqt at softjar.se
Wed Jan 20 07:51:03 PST 2016 

On 2016-01-20 16:45, Robert Armstrong wrote:
>> So Multinet do not control the local port number when in active mode.
>
>    Correct.  AFAIK this is like most TCP applications (e.g. telnet) that initiate outgoing, active, connections.

Right. But you can control the local port number if you want to, and a 
few cases like that do exist, but it is unusual...

>> Does that mean it also accepts connections from anywhere for passive connections?
>
>    Yep.

Even random IP addresses, or just random ports?

>> Or how do they authenticate?  IP address only?
>
>    Authenticate??  We don't need no stinking authentication :-)

:-)

>    Seriously, though, AFAIK Multinet tunnels have no authentication at all.  If somebody out there was smart enough to know what we were doing and spoof the DECnet packets, then they could probably break in.  Or at least they could take over the DECnet tunnel - whether they could log in and access files depends on how secure you've made your host.  Since a lot of the HECnet hosts, especially ones with TCP/IP tunnels, already have direct Internet facing ports for telnet, ssh, ftp, etc the question of DECnet security seems moot.

Well, yes, that is true. However, I doubt many would be clever enough to 
even know what they are doing.
However, a more silly thing is just simple DOS attacks. If you connect 
to the multinet server, then the proper remote end cannot. Which is 
simple, not super harmful, but annoying...

>    You can always configure your router, as I have, to only forward port 700 traffic from specific Internet hosts.  That'll solve the problem unless somebody also cares enough to go to the trouble of spoofing IPs as well.

True.

>    Getting off topic - don't I remember that there was a way to set a password on point-to-point DDCMP circuits?  How (or rather, at what level in the protocol stack) was that implemented ?

There is. I've never used it, but you can set passwords on circuits.

	Johnny

-- 
Johnny Billquist                  || "I'm on a bus
                                   ||  on a psychedelic trip
email: bqt at softjar.se             ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol

More information about the Hecnet-list mailing list