[Info-vax] DECnet challenge

[Mark Berryman]

Based on a conversation that has been going on between Simon and myself, 
the following challenge is issued:

You work at a company that still uses DECnet, phase IV in this case.
The DECnet nodes are scattered around the various physical sites of your 
company, some on the same LAN, others separated by WAN links.
Different sites may or may not use different DECnet areas.  You choose.
Your DECnet nodes make use of DECnet proxies.

Your company uses Enterprise-grade routers and switches.  They have been 
configured by a network engineering staff who knows what they are doing.
Among other things:
  The routers have been configured so that they do not allow any DECnet 
node number not assigned to the LAN into the router.
  The switches have been configured so that no port may accept a DECnet 
MAC address not assigned to that port.
  The holes that used to exist in switches where a host on one port 
could snag the traffic from another port no longer exist.
This is standard in every DECnet network still in use that I have seen.

You are a node on this corporate network.  You may use any hardware and 
any software you wish.

The challenges:
1. Spoof an existing DECnet node on the network in order to subvert the 
DECnet proxies in use.
2. Examine the DECnet traffic between any 2 DECnet nodes so that you can 
view the in-the-clear information and learn what you can by doing so.

The winner is anyone who can describe a way to accomplish either goal.

A long time ago, a DECnet worm was released into the wild.  Improperly 
configured DECnet systems (mainly those that just accepted the defaults) 
were subject to this worm.  Properly configured systems, i.e. those that 
were configured according to the instructions then present in the 
manual, were immune.  Your corporation is one of those that were 
properly configured.  You were part of the SPAN network but the WANK 
worm just passed you by.  Remember that in this challenge.

Mark Berryman