[Info-vax] Kernel Transplantation

[Hans Bachner]

Arne Vajhøj schrieb am 24.01.2024 um 01:01:
> On 1/22/2024 2:40 PM, Mark Berryman wrote:
>> Most likely, every public node on the Internet is behind a firewall, 
>> which severely limits what packets can reach a given node and, 
>> depending on the quality of the firewall, the nature of those packets 
>> (i.e. good firewalls can detect and reject malformed packets).
>>
>> Sadly, when an IP-based attack makes it through the firewall and into 
>> a host, the host typically does worse than "fall over".  It lets the 
>> attacker in where the attacker can then do all kinds of nefarious 
>> things.  This is often not detected until long after the fact.  If 
>> there has ever been a successful attack from an external source on a 
>> VMS system that allowed the attacker to muck around on that system, I 
>> am not aware of it.  Are you?
> 
> Long time ago: yes.
> 
>> The purpose of a firewall is to protect the IP stack of the hosts 
>> behind it.  I merely suggested a couple of ways one can firewall one's 
>> DECnet traffic, and thereby protect that stack.
> 
> Internet is IP only and firewalls does never pass DECnet traffic, so
> no DECnet attacks that way.
> 
> DECnet attacks has to either be local or get in via IP and propagate
> via DECnet.
> 
>> I ran a VMS host fully exposed to the Internet with DECnet phase V on 
>> it for years without issue.  It was a honeypot so it wanted to see as 
>> many attack attempts as possible.  It was running WASD instead of 
>> Apache so none of the attacks on the web port succeeded and none of 
>> the attacks on the ports used by DECnet ever caused an issue.
> 
> I was not even aware that DECnet used ports.
> 
> And how did DECnet traffic come in via the internet?
Mark mentioned DECnet phase V which often/mostly uses DECnet over IP 
enabled and so uses IP ports.

While there will be rarely incoming DECnet traffic, the ports for DECnet 
over IP may be attacked.

Hans.