[Info-vax] Kernel Transplantation

[Arne Vajhøj]

On 1/22/2024 2:40 PM, Mark Berryman wrote:
> Most likely, every public node on the Internet is behind a firewall, 
> which severely limits what packets can reach a given node and, depending 
> on the quality of the firewall, the nature of those packets (i.e. good 
> firewalls can detect and reject malformed packets).
> 
> Sadly, when an IP-based attack makes it through the firewall and into a 
> host, the host typically does worse than "fall over".  It lets the 
> attacker in where the attacker can then do all kinds of nefarious 
> things.  This is often not detected until long after the fact.  If there 
> has ever been a successful attack from an external source on a VMS 
> system that allowed the attacker to muck around on that system, I am not 
> aware of it.  Are you?

Long time ago: yes.

> The purpose of a firewall is to protect the IP stack of the hosts behind 
> it.  I merely suggested a couple of ways one can firewall one's DECnet 
> traffic, and thereby protect that stack.

Internet is IP only and firewalls does never pass DECnet traffic, so
no DECnet attacks that way.

DECnet attacks has to either be local or get in via IP and propagate
via DECnet.

> I ran a VMS host fully exposed to the Internet with DECnet phase V on it 
> for years without issue.  It was a honeypot so it wanted to see as many 
> attack attempts as possible.  It was running WASD instead of Apache so 
> none of the attacks on the web port succeeded and none of the attacks on 
> the ports used by DECnet ever caused an issue.

I was not even aware that DECnet used ports.

And how did DECnet traffic come in via the internet?

Arne