[Info-vax] DECnet challenge

superseth369 at gmail.com superseth369 at gmail.com
Tue Mar 19 13:06:52 EDT 2019 

On Friday, March 1, 2019 at 3:18:24 PM UTC-5, Mark Berryman wrote:
> Based on a conversation that has been going on between Simon and myself, 
> the following challenge is issued:
> 
> You work at a company that still uses DECnet, phase IV in this case.
> The DECnet nodes are scattered around the various physical sites of your 
> company, some on the same LAN, others separated by WAN links.
> Different sites may or may not use different DECnet areas.  You choose.
> Your DECnet nodes make use of DECnet proxies.
> 
> Your company uses Enterprise-grade routers and switches.  They have been 
> configured by a network engineering staff who knows what they are doing.
> Among other things:
>   The routers have been configured so that they do not allow any DECnet 
> node number not assigned to the LAN into the router.
>   The switches have been configured so that no port may accept a DECnet 
> MAC address not assigned to that port.
>   The holes that used to exist in switches where a host on one port 
> could snag the traffic from another port no longer exist.
> This is standard in every DECnet network still in use that I have seen.
> 
> You are a node on this corporate network.  You may use any hardware and 
> any software you wish.
> 
> The challenges:
> 1. Spoof an existing DECnet node on the network in order to subvert the 
> DECnet proxies in use.
> 2. Examine the DECnet traffic between any 2 DECnet nodes so that you can 
> view the in-the-clear information and learn what you can by doing so.
> 
> The winner is anyone who can describe a way to accomplish either goal.
> 
> A long time ago, a DECnet worm was released into the wild.  Improperly 
> configured DECnet systems (mainly those that just accepted the defaults) 
> were subject to this worm.  Properly configured systems, i.e. those that 
> were configured according to the instructions then present in the 
> manual, were immune.  Your corporation is one of those that were 
> properly configured.  You were part of the SPAN network but the WANK 
> worm just passed you by.  Remember that in this challenge.
> 
> Mark Berryman

gee I ran 30 nodes on TCPware using Phase IV over IP all over the country and to our office in Shanghai China and never had a problem.

More information about the Info-vax mailing list