Preventing VAX running VMS / Multinet from being used as SMTP relay

Paul Koning paulkoning at comcast.net
Wed Dec 6 12:34:51 CST 2017



> On Dec 2, 2017, at 5:48 AM, Doug Jackson via cctech <cctech at classiccmp.org> wrote:
> 
> Camiel,
> 
> Without sounding super negative (my day job as a security consultant let's
> me do that  enough...)  I would be especially wary of connecting anything
> with a 10 year old stack to the modern internet.  The range of automatic
> attacks based on what the state of the OS was when it was last patched is
> staggering.

That's true to a point.  On the other hand, many attacks require that the machine is running on Intel instruction set hardware, and most of them also depend on the OS being Windows.

While bugs happen, the level of security competence applied by VMS engineering is quite high compared to the usual "hack it till it no longer crashes" practice seen all too often nowadays.  That applies especially to network protocol implementations.

If the issue is design defects in the protocol specifications, such as may be found in various revisions of SSL, then having a good OS is not a complete answer.  Even there, it can help; for example, I suspect that the "heartbreak" attack on older SSL stacks, if it were operable on VMS, wouldn't get you very far because of OS and instruction set differences.  Certainly script kiddy attacks would not work.

	paul




More information about the cctalk mailing list