Re: Incoherent E-mails

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 10/20/05 

Date: Thu, 20 Oct 2005 14:52:46 -0500

In the Usenet newsgroup alt.computer.security, in article
<jdB5f.1474$m4.170@newsfe2-win.ntli.net>, Hairy One Kenobi wrote:

>One of the best pranks we ever set up was to take-over terminals and
>use VT codes to duplicate system messages.

Hate to say how often that one has been pulled. A friend nearly got
tossed out of Berkeley pulling a similar trick. He escaped only because
there were multiple people on the system, and the admin couldn't pin
down which terminal it came from. Strong suspicions, but not strong
enough to "convict".

>Never really used IPX, but I seem to recall that it was very routable - just
>in the DECnet way (node-node).

Now that I look back at it, I think you may be right. We had Novell on
two subnets, but they were intentionally not connected (one was part of
corporate accounting, the other was a research network). Then to, I don't
think our routers at the time spoke IPX.

>They added a *** creastion by encapsulating IPX over IP, demonstrating
>how forcing fixed-size frames into variable packet lengths could do
>"interesting" things to networks.

I only had a passing acquaintance with Novell - but I certainly recall
how miffed a CNI was that it was needed. I only got rid of my stack
of red books about three years ago with the last round of musical
offices (seems every four years, they have to re-arrange the building
layout).

>The term in the early-mid nineties was "packet storm". Just one machine
>jabbering could take down and appreciable chunk of infrastructure (been
>there, fixed that)

Ah, the fun. We had even more joy with one lab that seemed to have
a bunch of strange systems on-line. They didn't talk to others, but
only spoke to their own kind - because they were using their own
incompatible packet formats, such as Apple's Ethertalk, IPX, XNS, and
a couple more I've forgotten about.

>> The simple advantage of TCP over UDP is the required 3-way handshake
>> before data transfer.
>
>The only thing you're checking is the IP address. Hardly a major hurdle,
>unless it's actually a legitimate machine, rather than somthing borked.

If we're talking a firewalled, and controlled network, yeah, checking
the address may not buy you much. I was specifically objecting to those
situations where things are not so well admin'ed - such as the average
windoze setup. Even small businesses do some incredibly stupid things,
never mind the "home" user who really shouldn't be offering anything
(one stupid computer, but all the "shares" are enabled). I realize
most of this is because things are enabled by default, because you
can't expect the average user/admin to have the slightest clue how
to _enable_ a service. That's also where I disagree with Theo de Raadt
when the OpenBSD is advertised as being secure because nothing is enabled
in the first place. Hell, by that token, MS-DOS is just as secure in
the default network configuration.

>In any event, who thehell has RPC exposed on a 'Net connection?!?

I could mention two very prominent universities in the vicinity of
San Francisco... but that was years ago ;-)

        Old guy