Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re^4: How to implement a fourth protocol

by Moron (Curate)
on Mar 27, 2007 at 18:04 UTC ( #606822=note: print w/replies, xml ) Need Help??

in reply to Re^3: How to implement a fourth protocol
in thread How to implement a fourth protocol

Port knocking is discussed elsewhere in the thread - so you can see the problem with that.

I hope to be able to reduce the risks of "untested" by seeking as much tried and tested material as possible hence the reference to NetServer::Generic which I presume IS tested. I might be able to build the protocol over another for example, but I left that idea out to give people a chance to suggest it ;) e.g. Telnet. Of course I may be being naive about that idea - I'm not a networking guru, so I didn't want to put that idea in people's minds too early.


Free your mind

  • Comment on Re^4: How to implement a fourth protocol

Replies are listed 'Best First'.
Re^5: How to implement a fourth protocol
by Fletch (Chancellor) on Mar 27, 2007 at 18:48 UTC
    . . . I'm not a networking guru . . .

    Don't take this the wrong way, but: Stop now, because you don't know enough and you're probably going to screw something up (as if the mention of Telnet in the context of secure protocols didn't prove that already :). In all likelihood you probably don't even know what you don't know (if I may wax Rumsfeldian).

    There's an entire very good book on the subject which one probably could summarize in one sentence: "Security is hard; doing security correctly, even for people that know what they're doing, is hard and even the experts often make mistakes.".

    Now that I've at least hopefully dulled your hopes, let me say that I'm not saying 100% that you shouldn't do it (more like 99.8% that you shouldn't, lowered to a 99.4% once you've read Schneier and understand more of the implications of what you're proposing). But don't undertake this lightly and make sure you pay attention to prior art and reuse proven, tested components where possible.

    And if the desire persists, repeatedly apply the Schneier book to the forehead until the urge passes. :)

      Rather than sneer at my naievety I'd appreciate it and I am sure others would if you'd explain as if to a four year old why Telnet can't be used. As for your other comments, there's an old arab proverb that goes like this:

      He that does not know and does not know that he does not know is a fool, shun him.

      He that does not know but knows that he does not know can learn, teach him.

      There are two more combinations of this, but I fall into the second, not the first category in this regard. My nickname alone proves it. In one role three years ago I had to do a month's training in mobile phone networks and was paid top freelance rates during that month. So some people must believe in my ability to learn, even if you don't.


      Free your mind

        Oop, you did take it the wrong way. Let's try again: It's not necessarily that I don't think you can't learn, it's that even if you do doing what you want to do correctly is hard even for the people who've been doing it for much longer (again, read the Schneier book).

        Sure amateurs can launch rockets into space now, but I wouldn't sign up for a ride from the guy that just picked up a copy of Rocketry For Dummies two months ago and thinks he's the second coming of Goddard or von Braun. I'd be more comfortable with someone like Burt Ruttan that has lots of experience in a related field (aerospace) who's studied prior art and is building on top of it.

        Likewise you should be wary using the protocol written by someone who just read the IO::Socket man page last week. If you're going to move to a new protocol, you want it to have been written by someone familiar with protocol design who uses what's currently considered accepted best practices.

        And as for why you don't use telnet, it has no encryption whatsoever. Any information (such as your login and password) are sent in the clear over the network meaning any schmuck with a network tap at any point between source and destination can see everything. SSH was designed to correct this deficiency and also provide stronger authentication than was used by the Berkeley "r" services (rsh, rlogin).

        (Did I mention read the Schneier book? Because you really should.)

        Update: Gah, got my Ruttans mixed up; had Dick, his brother, instead. ENOCAFFEINE.

Re^5: How to implement a fourth protocol
by jgamble (Pilgrim) on Mar 28, 2007 at 18:37 UTC

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://606822]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (6)
As of 2018-06-21 18:29 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (118 votes). Check out past polls.