FidoNet Echomail Archive

<<< Previous Index Next >>>

From: mark lewis
To: Digital Man
Date: 2019-06-14 10:47:04
Subject: possible CRYPT bug with no session password

 On 2019 Jun 13 22:34:52, you wrote to me:

 >> when they connect inbound, they are sending this...
 >> [...]
 >> VER BinkIT/2.17,JSBinkP/1.114,sbbs3.17c/Linux binkp/1.1

 DM> That means the remote BinkIT system has a session password configured for
 DM> your node. From binkp.js 1.114 ('-' is the same as a blank/no password):

 DM>        if (!this.plain_auth_only && password !== '-')
 DM>                this.sendCmd(this.command.M_NUL, "OPT CRYPT");

are you saying that if there is no session level password, we should have a
'-' in the session password field in echocfg??

i actually had nothing in the password field in my echocfg and then also in
my binkd.conf... i've since added a '-' to my binkd.conf after reviewing my
old configuration from my dead/defnuct system...

 >> there is only a tic password set in echocfg... no other passwords are
 >> set between the two systems...

 DM> How do you know? according to the information you provided, it certainly
 DM> seems the remote system has a session password configured.

they posted me a copy of my entry in their sbbsecho.ini file... it looked
exactly like the one i have for them...

----->8 snip 8<-----
        Name = XXXXXXXXXXXX
        Comment =
        Archive = None
        PacketType = 2+
        PacketPwd =
        AreaFix = false
        AreaFixPwd =
        SessionPwd =
        TicFilePwd = XXXXXXXX
        Inbox =
        Outbox =
        Passive = false
        Direct = true
        Notify = false
        Keys =
        Status = Normal
        LocalAddress = XXXXXXXXXXXX
        GroupHub =
        BinkpHost =
        BinkpPort = 24554
        BinkpPoll = false
        BinkpPlainAuthOnly = false
        BinkpAllowPlainAuth = true
        BinkpAllowPlainText = true
        BinkpSourceAddress = XXXXXXXXXXXXXXXXX
----->8 snip 8<-----

 >> i tried setting -nomd on their node line but since they are requesting
 >> CRYPT, we cannot talk... binkd does not have, that i can find, an option
 >> to turn off CRYPT per node...

 DM> Setting a blank password in BinkIT will stop the CRYPT option for outbound
 DM> connections. The only way to disable it for inbound connections is the new
 DM> global plain-text-only option.

ahhh, ok... i wasn't sure how that worked... granted, i've not been into
the code in several weeks...

 >> i'm aware that binkit.js is v2.25 and binkp.js v1.118 and there has
 >> been some recent work done in this area of the code...

 DM> All about disabling CRAM-MD5 and encryption because my uplink was
 DM> having issues that couldn't be easily debugged when those features
 DM> were used.

i know that feeling... especially when CRYPT is used and the conversation
is encrypted so you can't tell what's being sent/received when capturing
the raw network packets...

 >> with the above versions, i'm thinking that we're missing something
 >> since we seem to be setting CRYPT even when there is no session level
 >> password defined...

 DM> I don't think so.

i don't understand what's happening, then...

 >> i don't know if having that node update to the latest binkp.js and/or
 >> binkit.js will fix this particular problem with requesting CRYPT when
 >> there is no session level password set, though...

 DM> Shouldn't make any difference in that regard (for outbound connections
 DM> from BinkIT).



Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin'
it wrong...
... !edis gnorw eht morf siht ta gnikool era uoY
 * Origin:  (1:3634/12.73)
SEEN-BY: 1/120 18/0 103/705 123/0 25 50 150 153/7715 154/10 30 40 700 203/0
SEEN-BY: 221/0 6 227/201 400 229/426 240/5832 261/38 280/464 5003 340/800
SEEN-BY: 396/45 423/120 633/0 267 280 281 384 412 509 712/848 770/1 3634/0 12
SEEN-BY: 3634/50 119
@PATH: 3634/12 154/10 280/464 712/848 633/280 267

<<< Previous Index Next >>>