+ 18:48 [5024] call to 21:3/0@fsxnet
+ 18:48 [5024] outgoing session with net3.fsxnet.nz:24554
- 18:48 [5024] OPT CRAM-MD5-2ac9af04c99d25b8725ef1180fd32cee
- 18:48 [5024] SYS Alterant MailHub
- 18:48 [5024] TIME Fri, 10 Sep 2021 03:48:13 +1000
- 18:48 [5024] VER binkd/1.1a-112/Linux binkp/1.1
+ 18:48 [5024] addr: 21:3/100@fsxnet
+ 18:48 [5024] addr: 21:3/0@fsxnet
? 18:48 [5024] rerror: Bad password
+ 18:48 [5024] done (to 21:3/0@fsxnet, failed, S/R: 0/0 (0/0 bytes))
Why, oh why?
(Not why do I get an error, but why is binkd so braindead?)
+ 18:48 [5024] call to 21:3/0@fsxnet
+ 18:48 [5024] outgoing session with net3.fsxnet.nz:24554
- 18:48 [5024] OPT CRAM-MD5-2ac9af04c99d25b8725ef1180fd32cee
- 18:48 [5024] SYS Alterant MailHub
- 18:48 [5024] TIME Fri, 10 Sep 2021 03:48:13 +1000
- 18:48 [5024] VER binkd/1.1a-112/Linux binkp/1.1
+ 18:48 [5024] addr: 21:3/100@fsxnet
+ 18:48 [5024] addr: 21:3/0@fsxnet
? 18:48 [5024] rerror: Bad password
+ 18:48 [5024] done (to 21:3/0@fsxnet, failed, S/R: 0/0 (0/0 bytes))
Why, oh why?
(Not why do I get an error, but why is binkd so braindead?)
The session I saw was this:
+ 10 Sep 03:48:13 [166923] incoming session with xxxxx
- 10 Sep 03:48:13 [166923] VER binkd/1.1a-112/Linux binkp/1.1^^^
- 10 Sep 03:48:13 [166923] FOR 21:3/0@fsxnet
+ 10 Sep 03:48:13 [166923] addr: 0:0/0.1@null (n/a or busy)
+ 10 Sep 03:48:13 [166923] addr: 4096:1/3@onion (n/a or busy)
? 10 Sep 03:48:13 [166923] `CRAM-MD5-7b5f59cb165df93407526c2ef6790a6e': incorrect password
The line of particular interest is the one with "FOR" - I've not seen
that before.
(I assume you were configured with the correct password.)
What I dont like about binkd is I presented you the FSXnet addresses
(zone 21) - but binkd logged the session with your fido address, even though you also presented a zone 21 address (with the same domain).
? 10 Sep 03:48:13 [166923] `CRAM-MD5-7b5f59cb165df93407526c2ef6790a6e': incorrect passworddata leak ;) that could have been a real password. Not sure how crackable the hash is. Why does binkd even log it?
That's the braindead part:
I have a password for 21:3/100 - You have a password for 21:3/102.
I have NO password for 21:3/0 - You have a password for 21:3/102.
When I call 21:3/100 it works, when I call 21:3/0 I get a password error.
+ 18:48 [5024] addr: 21:3/100@fsxnet
+ 18:48 [5024] addr: 21:3/0@fsxnet
See, that is what I mean with 'kaputt'. The server cannot know the AKA that has been polled.
M_NUL FOR
The idea is simple. Client sends the (single) AKA for the node it polls in an M_NUL "FOR <aka>" frame. It also sends a single AKA in
the
ADR frame. The server responds also with a single AKA. Now we have a single AKA <-> single AKA (1-to-1) session and all the ambiguities
go
away. If you still want to present additional AKA, you could put it in an M_NUL "AKA <aka> <aka> ..." frame for informational purposes.
? 10 Sep 03:48:13 [166923]
`CRAM-MD5-7b5f59cb1s5dfs3407s26c2es679sa6e': incorrect password
data leak ;) that could have been a real password. Not sure how
crackable the hash is. Why does binkd even log it?
Yeah if it was a cleartext password, I wouldnt have posted it for
everybody to see - there may be some sysops here with ulterior motives.
But I dont think this hash is "crackable", since it is a reply to the
nonce that I presented to you when you connected with the the addition of your password.
That's the braindead part:
I have a password for 21:3/100 - You have a password for 21:3/102.
I have NO password for 21:3/0 - You have a password for 21:3/102.
When I call 21:3/100 it works, when I call 21:3/0 I get a password
error.
+ 18:48 [5024] addr: 21:3/100@fsxnet
+ 18:48 [5024] addr: 21:3/0@fsxnet
I wonder if this is something that could be fixed upstream.
I agree and
think it should be an easy fix. When you connect, I only presented you
the FSX addresses - and specifically the hub's address first. I do think binkd could have checked for any other known passwords in the
configuration - but not sure if that would break other things.
There was MPWD in the design, but I'm not sure if/how that can be used
with CRAM, and if it could, then that probably fix this. (Not sure if
binkd actually implemented it either?)
See, that is what I mean with 'kaputt'. The server cannot know the
AKA that has been polled.
But the server can (and in binkd's case does) know the clients addresses before presenting it's own. The fact that I only presented you zone 21 addresses, my binkd should have logged the session with your zone 21 address (IMHO),
not the fido one you presented (which was probably the first one).
M_NUL FOR
The idea is simple. Client sends the (single) AKA for the node it
polls in an M_NUL "FOR <aka>" frame. It also sends a single AKA in the
ADR frame. The server responds also with a single AKA. Now we have a
single AKA <-> single AKA (1-to-1) session and all the ambiguities go
away. If you still want to present additional AKA, you could put it
in an M_NUL "AKA <aka> <aka> ..." frame for informational purposes.
Have you presented this idea to the binkd folks to see what they think of it?
I'd like the idea of authenticating with multiple AKA's - since I feed
for a few networks, clearing all mail out in the same session is
appealing to me.
Sysop: | altere |
---|---|
Location: | Houston, TX |
Users: | 66 |
Nodes: | 4 (0 / 4) |
Uptime: | 11:17:00 |
Calls: | 728 |
Calls today: | 1 |
Files: | 7,667 |
Messages: | 295,543 |