Re: Pssword ord ord case insensitive or not?
By: Oli to Alan Ianson on Wed Apr 22 2020 21:37:31
Oli> I wonder why we still use packet passwords.
at one time, fidonet has had some folks that like to ""play games""... one of
their games was to take messages from another (adult-oriented) network, replace
their headers with message headers from legitimate fidonet messages, and then
drop those bogus messages off in unsuspecting systems inbounds... they
generally used someone else's node number for these injections... at that time,
packet passwords were not as widely used and figuring out how to get a system's
session password was (and still is) fairly easy to do... one of the suspected
goals of these pranksters(??) was to try to increase security in fidonet... so
the victim systems, saw the mail from a supposedly legitimate link and tossed
it... the result was chaos...
Oli> Why not create a inbound filebox for every node/point that calls
Oli> and rely on the session password?
two layers of protection are better than one... at least, that's the current
thought... witness today's internet logins using a password as well as an
authentication token sent via SMS or similar...
Oli> Is there any (open source) mailer or tosser that support inbound
Oli> fileboxes?
binkd supports inbound fileboxes... i'm not sure about tossers, though...
when i was using inbound fileboxes on my previous system, i had a script that
located inbound traffic in the inbound fileboxes and moved it to a central
processing directory where the tosser could find it... in addition to moving
the traffic, the script did some additional processing to attempt to validate
the traffic as being authentic before the tosser was allowed to process it...
the traffic was also archived for later analysis if needed... it wasn't really
pretty but it worked ;)
)\/(ark
--- SBBSecho 3.10-Linux
* Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)
|
