1. Forum
  2. FidoNet
  3. MBSE

  • Session Password recovery

    From Vincent Coen@2:250/1 to All on Wednesday, November 13, 2024 14:10:33

    Hello everybody!

    I have a node that polls here every minute 24/7 with an unknown password.

    In order to satisfy their poll I need to set up the system here with the password used but cannot find out how to show it in the logs, but wsa able in an earlier version some how.

    Can anyone provide what I need to do setup wise etc to recover this password which if I can do this might stop this annoying behaviour.

    This may need a change to the code base to do so, please help.


    Vincent


    --- Mageia Linux v9 X64/Mbse v1.1.0/GoldED+/LNX 1.1.5-b20240309
    * Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1)
  • From Wilfred van Velzen@2:280/464 to Vincent Coen on Wednesday, November 13, 2024 15:55:07
    Hi Vincent,

    On 2024-11-13 14:10:33, you wrote to All:

    I have a node that polls here every minute 24/7 with an unknown
    password.

    In order to satisfy their poll I need to set up the system here with the password used but cannot find out how to show it in the logs, but wsa able in
    an earlier version some how.

    Can anyone provide what I need to do setup wise etc to recover this password
    which if I can do this might stop this annoying behaviour.

    If done correctly in the binkp protocol, the password is never send accross the line, only checksums that are generated with the password (I think that is what the OPT CRAM-MD5 is supposed to do). So you can't recover the password from the session.

    If you have no other way of communicating with the nodes sysop, I would block them on the firewall, maybe they notice that at some point in the future. Or perhaps an other node that has no session password set with this node, can deliver a crashmail for you?

    Btw: I have communicated with a number of the nodes in net 250 in the past regarding AmigaNet links, so maybe if this regards a node in net 250 I have an email address for you, if you can tell me their name in that case?


    Bye, Wilfred.

    --- FMail-lnx64 2.3.2.4-B20240523
    * Origin: FMail development HQ (2:280/464)
  • From Vincent Coen@2:250/1 to Wilfred van Velzen on Wednesday, November 13, 2024 20:39:17

    Hello Wilfred!

    13 Nov 24 15:55, you wrote to me:

    It is 2:301/1



    Hi Vincent,

    On 2024-11-13 14:10:33, you wrote to All:

    I have a node that polls here every minute 24/7 with an unknown
    password.

    In order to satisfy their poll I need to set up the system here
    with the password used but cannot find out how to show it in the
    logs, but wsa able in an earlier version some how.

    Can anyone provide what I need to do setup wise etc to recover
    this password which if I can do this might stop this annoying
    behaviour.

    If done correctly in the binkp protocol, the password is never send
    accross the line, only checksums that are generated with the password
    (I think that is what the OPT CRAM-MD5 is supposed to do). So you
    can't recover the password from the session.

    If you have no other way of communicating with the nodes sysop, I
    would block them on the firewall, maybe they notice that at some point
    in the future. Or perhaps an other node that has no session password
    set with this node, can deliver a crashmail for you?

    Btw: I have communicated with a number of the nodes in net 250 in the
    past regarding AmigaNet links, so maybe if this regards a node in net
    250 I have an email address for you, if you can tell me their name in
    that case?


    Bye, Wilfred.



    Vincent


    --- Mageia Linux v9 X64/Mbse v1.1.0/GoldED+/LNX 1.1.5-b20240309
    * Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1)
  • From Wilfred van Velzen@2:280/464 to Vincent Coen on Wednesday, November 13, 2024 21:57:02
    Hi Vincent,

    On 2024-11-13 20:39:17, you wrote to me:

    It is 2:301/1

    I crashed you a netmail. ;-)

    Bye, Wilfred.

    --- FMail-lnx64 2.3.2.4-B20240523
    * Origin: FMail development HQ (2:280/464)
  • From Vincent Coen@2:250/1 to Wilfred van Velzen on Wednesday, November 13, 2024 20:51:27

    Hello Wilfred!

    13 Nov 24 15:55, you wrote to me:




    If done correctly in the binkp protocol, the password is never send
    accross the line, only checksums that are generated with the password
    (I think that is what the OPT CRAM-MD5 is supposed to do). So you
    can't recover the password from the session.

    If you have no other way of communicating with the nodes sysop, I
    would block them on the firewall, maybe they notice that at some point
    in the future. Or perhaps an other node that has no session password
    set with this node, can deliver a crashmail for you?

    Thanks for that idea, done for both IP and URL.

    Now to confirm that works :(

    Thanks again.


    Vincent


    --- Mageia Linux v9 X64/Mbse v1.1.0/GoldED+/LNX 1.1.5-b20240309
    * Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1)
  • From Floris van Unen@2:280/2050 to Vincent Coen on Wednesday, November 13, 2024 22:03:32

    Hello Vincent!

    13 Nov 24 20:39, you wrote to Wilfred van Velzen:

    It is 2:301/1

    according to fidonet.org nodelist lookup the domain is abad1dea.to and there are contact details on that webpage.

    Floris


    --- GoldED+/LNX 1.1.5--b20170303
    * Origin: ----> Fidian on Azure West-Europe (Holland) IPV6. (2:280/2050)
  • From Vincent Coen@2:250/1 to Floris van Unen on Thursday, November 14, 2024 01:58:55

    Hello Floris!

    13 Nov 24 22:03, you wrote to me:


    Hello Vincent!

    13 Nov 24 20:39, you wrote to Wilfred van Velzen:

    It is 2:301/1

    according to fidonet.org nodelist lookup the domain is abad1dea.to and
    there are contact details on that webpage.

    That address is not ping-able.

    I have set its IP address to be blocked everywhere in my router.


    Vincent


    --- Mageia Linux v9 X64/Mbse v1.1.0/GoldED+/LNX 1.1.5-b20240309
    * Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1)