20 Jan
2016
20 Jan
'16
4:51 p.m.
On 2016-01-20 16:45, Robert Armstrong wrote:
Right. But you can control the local port number if you want to, and a
few cases like that do exist, but it is unusual...
Even random IP addresses, or just random ports?
:-)
So Multinet do
not control the local port number when in active mode.
Correct. AFAIK this is like most TCP applications (e.g. telnet) that initiate
outgoing, active, connections. Does that mean
it also accepts connections from anywhere for passive connections?
Yep. Or how do they
authenticate? IP address only?
Authenticate?? We don't need no stinking authentication :-) Seriously, though, AFAIK Multinet tunnels have no
authentication at all. If somebody out there was smart enough to know what we were doing
and spoof the DECnet packets, then they could probably break in. Or at least they could
take over the DECnet tunnel - whether they could log in and access files depends on how
secure you've made your host. Since a lot of the HECnet hosts, especially ones with
TCP/IP tunnels, already have direct Internet facing ports for telnet, ssh, ftp, etc the
question of DECnet security seems moot.
Well, yes, that is true. However, I doubt many would be clever enough to
even know what they are doing.
However, a more silly thing is just simple DOS attacks. If you connect
to the multinet server, then the proper remote end cannot. Which is
simple, not super harmful, but annoying...
You can always configure your router, as I have, to
only forward port 700 traffic from specific Internet hosts. That'll solve the problem
unless somebody also cares enough to go to the trouble of spoofing IPs as well.
True.
Getting off topic - don't I remember that there
was a way to set a password on point-to-point DDCMP circuits? How (or rather, at what
level in the protocol stack) was that implemented ?
There is. I've never used it, but you can set passwords on circuits.
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol