Re: Incoherent E-mails
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 10/19/05
- Next message: V.B.: "Secret Code 'traces copies'"
- Previous message: subscriptions_at_easypeas.net: "Re: Password Generator"
- In reply to: Hairy One Kenobi: "Re: Incoherent E-mails"
- Next in thread: Hairy One Kenobi: "Re: Incoherent E-mails"
- Reply: Hairy One Kenobi: "Re: Incoherent E-mails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Oct 2005 14:53:18 -0500
In the Usenet newsgroup alt.computer.security, in article
<Eaf5f.142$65.118@newsfe6-win.ntli.net>, Hairy One Kenobi wrote:
>"Moe Trin" <ibuprofin@painkiller.example.tld> wrote
>> So I can complain about the stupidity of microsoft for including
>> messenger without even rudimentary security precautions like TTL
>> limits or (even better) using TCP instead of UDP
>Haven't ["Don't" would be more accurate] use MSN-style stuff.
As usual, microsoft didn't invent this function either. But then, neither
did *nix.
[compton ~]$ whatis talk write wall
talk (1) - talk to another user
write (1) - send a message to another user
wall (1) - send a message to everybody's terminal
[compton ~]$
Good old stuff from Berkeley. Novell also had similar stuff, called
'send' and 'broadcast'. _REALLY_ pushing the cobweb filled spaces,
but I seem to recall Banyan Vines, and Lantastic having similar
capability though I don't recall this being part of XNS. I never got
near enough to Apple* or OS/2 to know about their skeletons.
>TTL should be a function of the stack but, architecturally, UDP is
>better suited - IMHO! - than TCP.
Re TTL, yes it's network stack function, and if you look at the basics,
several O/S (AIX, OSF/1, and Ultrix at least) used different TTLs for
TCP verses UPD. Traceroute (and clones) directly mucks with TTL, and
microsoft's gift to the MCSE who screws up the configuration of the
DHCP server called 'link-local' or 'zero-conf' is not only required
to have a TTL=1, but it's also not to be forwarded (RFC3927). DHCP and
the older BOOTP were not supposed to be forwarded either (there are
relay agents that would normally run on a router that are allowed to
forward the requests/replies), and some multicasts (RFC1301) are also
limited, often by TTL. The Novell crap was originally run on IPX
(rather than IP), and it, like microsoft's original NETBEUI was not
routable. I can't remember what Novell did when they ran IP rather
than IPX - but they used a different type number as I recall (I don't
think it was TCP/UDP/ICMP).
As for UPD verses TCP - the Berkeley services were UDP - mainly because
messages could be repeated if not understood.
>It's a one-way stream of garb^H^H^H^information, followed by like.
The original concept was to announce that the system was going to go
down for this or that reason (don't forget, this was back when they
were developing code, and many users could be logged in to a single
computer), or that Snicker-Snacks had arrived in the break room or
some-such. It's based on the much earlier TENEX 'LINKS' and 'NOTIFY'
stuff from mid-late 1960s.
A basic premise of those who re-invent the wheel is that they must
NEVER look at previous incarnations of the wheel, lest they learn
something (anything) that shouldn't be done "that" way.
>No need for a handshake, either technically or (shudder) metaphorically/in
>person.
Haven't tried 'talk' - have you? Full interactive text between users.
But then, look at your shell's man page, and discover that most have a
'mesg' like command (Bourne derived shells) to ignore messages. I haven't
used the C shell in ten years, so I can't remember if it worked there
too - a quick look at the man page is inconclusive. Setting 'mesg=n' (or
the Novell equivalent 'CASTOFF') was one of the first things we taught
new users. Also, back in 1984 or so, our standard post-install
procedure was to 'chmod 400 /bin/talk bin/write' (disable the commands),
and 'chmod 700 /bin/wall' (and rwall when that became available) to
restrict usage to root alone. Some locations allowed 750 for root:wheel
so that the secretaries (who often belonged to group 'wheel') could
announce the arrival of free pizza. One does not crimp the power of
the secretaries - or it often becomes a career limiting move.
UDP is of lesser usefulness on the Internet. The only protocol that
requires it is DNS - and if you didn't get the reply, you asked again,
but with larger delays between requests, and a maximum of 3 per server.
Sure, stuff like NFS uses UDP, but I haven't seen to many people
allowing mounts past a perimeter. The original advantage of UDP was
the lower overhead - the header is just 8 bytes, compared to 20 to
60 bytes for TCP. This was an advantage on bandwidth limiting links,
but cost some additional CPU time to compensate.
The simple advantage of TCP over UDP is the required 3-way handshake
before data transfer. This prevents the spoofing so common with
messenger spam. Sure you can firewall against UDP, but DROP or
REJECT has the same cost of bandwidth wasted - there is nothing you
can do to stop the transmission from occurring. All you can do is not
pass it on, which is why we do the portshifting trick.
The UNIX messaging services were developed before SPAM became an issue
and abuse was met by withdrawing the computer privileges of the offender.
As this would result in the miscreant failing that class (and therefore
possibly being kicked out of school), there was virtually no abuse.
Later when it became a problem, many network admins had disabled or at
least blocked the service at the perimeters.
Old guy
- Next message: V.B.: "Secret Code 'traces copies'"
- Previous message: subscriptions_at_easypeas.net: "Re: Password Generator"
- In reply to: Hairy One Kenobi: "Re: Incoherent E-mails"
- Next in thread: Hairy One Kenobi: "Re: Incoherent E-mails"
- Reply: Hairy One Kenobi: "Re: Incoherent E-mails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
