[HECnet] Minimal Requirements
Supratim Sanyal
supratim at riseup.net
Thu Apr 4 07:16:18 PDT 2019
On 4/4/2019 09:28, Paul Koning wrote:
>
>
>> On Apr 4, 2019, at 7:53 AM, Supratim Sanyal <supratim at riseup.net> wrote:
>>
>> On 4/4/19 6:12 AM, Keith Halewood wrote:
>>> Hi,
>>> I'm pretty sure that a TCP listen doesn't care who connects to it on VAX Multinet. UDP is a different matter.
>>> For example, there's a listener device set up with a 1.1.1.1 address on DUNE here. PIVAX0 connects to it from a completely different address. I use access controls on the router to restrict just who is allowed to connect to it.
>>> If you want I can set up another incoming line/circuit and you can connect to it. I'm in area 29 FYI.
>>
>> I have listeners waiting on 0.0.0.0. Yes, MULTINET does not seem to care what address connections come in from.
>
> Does that mean anyone can connect to HECnet without any authentication? Or is DECnet node init authentication used?
>
> "Security by obscurity" only goes so far. Is it good enough for HECnet?
>
> paul
>
Good point. If a TCP-x-y circuit is on, yes - anyone can establish a
connection to the corresponding port. I keep my unused circuits off
until someone wants to connect; not sure what others do.
GRE tunnels are a bit safer since they need a static IP address for both
ends.
This begs for a DECnet honeypot to be put up on the internet - could be
interesting to observe who is establishing DECnet connections over
MULTINET from where :)
Supratim
More information about the Hecnet-list
mailing list