... darkrealms ...

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

BINKD

Support for the Internet BinKD mailer

8,958 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 8,331 of 8,958

Oli to Alan Ianson

Mironet

11 Feb 23 18:50:40

   MSGID: 2:280/464.47 63e7d570   
   REPLY: 1:153/757.0 95606ad4   
   PID: JamNNTPd/Linux 1   
   CHRS: LATIN-1 2   
   TZUTC: 0100   
   TID: CrashMail II/Linux 1.7   
   Alan wrote (2023-02-11):   
      
    >>> ? 11 Feb 00:00:36 [78274] Warning: remote set UNSECURE session   
    >>> + 11 Feb 00:00:36 [78274] pwd protected session (MD5)   
      
    >> This means your system is sending a session password, but the remote   
    >> session has no password set for incoming connections and returns M_OK   
    >> 'non-secure', which gets logged as "Warning: remote set UNSECURE   
    >> session". (a wrong password should return an error)   
      
    >> It is not a password protected or encrypted session, even if binkd   
    >> tells you so. It is a security flaw of binkd though.   
      
    AI> Is that a misconfiguration at the remote end, there is no (or an   
    AI> incorrect) password set?   
      
   See http://ftsc.org/docs/fts-1026.001   
      
     * M_OK "non-secure"   
       report to remote about normal password unprotected   
       session; usually used for empty password;   
      
   I think an incorrect password should return an M_ERR and close the connection.   
      
   But it depends on the server. A man in the middle, a compromised server or a   
   weird implementation could just ignore the password and send back M_OK   
   "secure".   
      
    AI> Binkd should not log "pwd protected session (MD5)" in that case.   
      
   I always use the -md option (require CRAM-MD5) for the node and check for   
   CRYPT in the perl hook script. A CRYPT session works only if both parties use   
   the same password.   
      
   ---   
    * Origin: War is Peace. Freedom is Slavery. Ignorance is Strength.   
   (2:280/464.47)   
   SEEN-BY: 1/123 15/0 90/1 103/705 105/81 106/201 114/709 120/340 123/131   
   SEEN-BY: 124/5016 129/305 153/757 7715 154/10 203/0 218/700 221/0   
   SEEN-BY: 221/1 226/30 227/114 229/110 111 112 113 114 200 206 307   
   SEEN-BY: 229/317 424 426 428 470 550 664 700 240/1120 5832 266/512   
   SEEN-BY: 280/464 5003 5555 282/1038 292/789 854 8125 301/1 310/31   
   SEEN-BY: 317/3 320/219 322/757 335/364 341/66 234 342/200 396/45 410/9   
   SEEN-BY: 423/120 460/58 633/280 712/848 770/1   
   PATH: 280/464 292/854 229/426

[ << oldest | < older | list | newer > | newest >> ]