Hi Sampsa,
I was considering updating the HECNET-INFO in INFO.TXT with an
ACCESS field. At present it contains:
REGISTER,NOGUEST,NOIP
The latter means it is not connected to the internet.
With the OS and hardware information, this may be useful for
people to see how they can get access to an interesting machine.
I hadn't played with FAL for many months, so I discovered the password
settings for the DECNET accounts and objects were inconsistent, probably
resulting in the security alarms I had mailed you about some time
ago (sorry)!
Erik
On Wed, Sep 25, 2013 at 11:48:39AM +0200, Sampsa Laine wrote:
Of course I am more worried about the non-DEC stuff which could be 'pwned' using a
VMS or Ultrix system as a beachhead.
That's my concern as well, I really don't want to put my HECnet stuff on a
separate VLAN, right now it's on my internal network with all my other stuff.
Is it posible to deny an user access to the IP stack (either UCX or multinet)? If so, I
would setup my guest accounts to 'decnet only' access.
I'd like to do this as well - if the user has no access to IP, I'd be happier to
let pretty much anyone in.
sampsa