[Info-vax] DECnet challenge

Marc Van Dyck marc.gr.vandyck at invalid.skynet.be
Fri Mar 1 18:01:33 EST 2019 

Mark Berryman expressed precisely :
> Based on a conversation that has been going on between Simon and myself, the 
> following challenge is issued:
>
> You work at a company that still uses DECnet, phase IV in this case.
> The DECnet nodes are scattered around the various physical sites of your 
> company, some on the same LAN, others separated by WAN links.
> Different sites may or may not use different DECnet areas.  You choose.
> Your DECnet nodes make use of DECnet proxies.
>
> Your company uses Enterprise-grade routers and switches.  They have been 
> configured by a network engineering staff who knows what they are doing.
> Among other things:
>   The routers have been configured so that they do not allow any DECnet node 
> number not assigned to the LAN into the router.
>   The switches have been configured so that no port may accept a DECnet MAC 
> address not assigned to that port.
>   The holes that used to exist in switches where a host on one port could 
> snag the traffic from another port no longer exist.
> This is standard in every DECnet network still in use that I have seen.
>
> You are a node on this corporate network.  You may use any hardware and any 
> software you wish.
>
> The challenges:
> 1. Spoof an existing DECnet node on the network in order to subvert the 
> DECnet proxies in use.
> 2. Examine the DECnet traffic between any 2 DECnet nodes so that you can view 
> the in-the-clear information and learn what you can by doing so.
>
> The winner is anyone who can describe a way to accomplish either goal.
>
> A long time ago, a DECnet worm was released into the wild.  Improperly 
> configured DECnet systems (mainly those that just accepted the defaults) were 
> subject to this worm.  Properly configured systems, i.e. those that were 
> configured according to the instructions then present in the manual, were 
> immune.  Your corporation is one of those that were properly configured.  You 
> were part of the SPAN network but the WANK worm just passed you by.  Remember 
> that in this challenge.
>
> Mark Berryman

In today's world, networks that can route native DECnet have become
quite rare, most of them accepting to route IP only. Acceptance of the
various level 2 protocols used by the Digital world (AMDS, LAT, SCS,
etc) also becomes an exception, unless you are all on the same ethernet
segment. Your challenge would therefore be more realistic if it was
located in a DECnet Phase V, running over IP, environment...

-- 
Marc Van Dyck

More information about the Info-vax mailing list