From owner-freebsd-hackers  Thu Oct  5 20:15:13 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id UAA06762
          for hackers-outgoing; Thu, 5 Oct 1995 20:15:13 -0700
Received: from chemserv.umd.edu (chemserv.umd.edu [129.2.64.40])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id UAA06757
          for <freebsd-hackers@FreeBSD.ORG>; Thu, 5 Oct 1995 20:15:10 -0700
Received: from espresso.eng.umd.edu (espresso.eng.umd.edu [129.2.98.13]) by chemserv.umd.edu (8.7/8.7) with ESMTP id XAA24050; Thu, 5 Oct 1995 23:14:59 -0400 (EDT)
Received: (chuckr@localhost) by espresso.eng.umd.edu (8.7/8.6.4) id XAA13972; Thu, 5 Oct 1995 23:14:47 -0400 (EDT)
Date: Thu, 5 Oct 1995 23:14:46 -0400 (EDT)
From: Chuck Robey <chuckr@eng.umd.edu>
To: Terry Lambert <terry@lambert.org>
cc: terry@lambert.org, j@uriah.heep.sax.de, freebsd-hackers@FreeBSD.ORG
Subject: Re: Fiskars UPS support...
In-Reply-To: <199510060146.SAA00522@phaeton.artisoft.com>
Message-ID: <Pine.SUN.3.91.951005231124.13859B-100000@espresso.eng.umd.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.ORG
Precedence: bulk

On Thu, 5 Oct 1995, Terry Lambert wrote:

> > I wanted to do a program myself like this, but I was hung up on one 
> > question.  Many UPSs are going to be used to monitor more than one 
> > machine, so such a program (it seems to me) is going to have to have a 
> > local monitoring part, and a remote 'I take orders' part.  This thing is 
> > going to be on the network, then, and have the ability to shut machines 
> > down, directly or indirectly.  How then is security controlled?
> > 
> > It's not too tough a problem on the machine that listens to the UPS port, 
> > but on the other machines, I don't see it clearly.  The async port is two 
> > way, so only one machine at a time can talk to it.
> 
> 1)	Assume the host that monitors the thing is up if the thing
> 	is up.
> 
> 2)	Make a TCP connection to a priveledged port on that host.
> 	Retry at intervals if necessary.
> 
> 3)	It writes you on the connection you made when it wants to notify
> 	you of some event.

I don't find 'privileged ports' in my trusty O'Reillly TCP/IP book, could 
you give me a reference?  I just don't see, right now, what would stop 
someone with a packet sniffer, finding how I communicate, then spoofing 
the remote.  I know how to set up connections, I'm wondering about 
security, and how much is enough, when I'm talking about something that 
can shut down the machine.

> 
> Fairly easy.
> 
> 
> 					Terry Lambert
> 					terry@lambert.org
> ---
> Any opinions in this posting are my own and not those of my present
> or previous employers.
> 

----------------------------+-----------------------------------------------
Chuck Robey                 | Interests include any kind of voice or data 
chuckr@eng.umd.edu          | communications topic, C programming, and Unix.
9120 Edmonston Ct #302      |
Greenbelt, MD 20770         | I run Journey2 and n3lxx, both FreeBSD
(301) 220-2114              | version 2.2 current -- and great FUN!
----------------------------+-----------------------------------------------