Hello All,
Please be advised that if you run FBB BBS with outside telnet access thru BPQ32 and have the FBB gateway enabled, someone may connect to JNOS via the gateway and the internal RS232 ports and execute the '@' command on the JNOS prompt line. This gives access to Linux Directories etc.
I have not seen the '@' command mentioned in the JNOS2j documentation so not sure where it gets compiled in so if you could maybe help me there please? It does not seem to be in the DOS options and not the 'ED' definition as both are undefined.
Also my compile of JNOS2j completes ok with no 'success' indications and produces a file it seems but suffers from the dreaded crash a few minutes after it runs - I suspect it is the open port problem but yet to check that out.
Cheers Rob
You can set up a password for that. In your autoexec.nos file at the following line.
mbox password <newpassword>
This sets a new remote sysop password. A remote sysop is a user whose entry in the ftpusers file has the SYSOP_CMD bit set. When a remote sysop enters the '@' command to the Jnos mailbox, and there is a non-null mbox password established, five random numbers are displayed. The remote sysop is expected to then transmit the letters corresponding to these numbers, taken as zero-relative positions in the password string. Several lines of five letters can be sent, only one of which need be correct. The last line sent must be empty, ie, just a CR. If the response is correct, the remote sysop is then given the Jnos command-line prompt, and may issue most Jnos console commands. Commands which would require creation of a new session are disallowed. Use the "exit" command to exit from the Jnos command level.
On Sat, Jan 31, 2015 at 7:51 AM, vk1kw vk1kw@netspace.net.au wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello All,
Please be advised that if you run FBB BBS with outside telnet access thru BPQ32 and have the FBB gateway enabled, someone may connect to JNOS via the gateway and the internal RS232 ports and execute the '@' command on the JNOS prompt line. This gives access to Linux Directories etc.
I have not seen the '@' command mentioned in the JNOS2j documentation so not sure where it gets compiled in so if you could maybe help me there please? It does not seem to be in the DOS options and not the 'ED' definition as both are undefined.
Also my compile of JNOS2j completes ok with no 'success' indications and produces a file it seems but suffers from the dreaded crash a few minutes after it runs - I suspect it is the open port problem but yet to check that out.
Cheers Rob
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Hello Don,
Many thanks for the info. Unfortunately the BPQ32/FBB gateway user seems to present the sysop's FBB gateway callsign to JNOS which happens to be the only ftpuser with the sysop bit set. Hence if you don't put an mbox password in autoexec.nos file, free access! But yes, I have added the mbox password and the outside user does get the 5 digit password. I do not use the JNOS mbox so that's why I have been caught out.
The real answer of course is never enable the FBB BBS gateway if it has telnet access and other connections. I hope this has helped others with a similar setup.
Regards
-----Original Message----- From: 44net-bounces+vk1kw=netspace.net.au@hamradio.ucsd.edu [mailto:44net-bounces+vk1kw=netspace.net.au@hamradio.ucsd.edu] On Behalf Of Don Moore Sent: Sunday, February 01, 2015 12:06 AM To: AMPRNet working group Subject: Re: [44net] JNOS2 vulnerable to outside hack
(Please trim inclusions from previous messages) _______________________________________________ You can set up a password for that. In your autoexec.nos file at the following line.
mbox password <newpassword>
This sets a new remote sysop password. A remote sysop is a user whose entry in the ftpusers file has the SYSOP_CMD bit set. When a remote sysop enters the '@' command to the Jnos mailbox, and there is a non-null mbox password established, five random numbers are displayed. The remote sysop is expected to then transmit the letters corresponding to these numbers, taken as zero-relative positions in the password string. Several lines of five letters can be sent, only one of which need be correct. The last line sent must be empty, ie, just a CR. If the response is correct, the remote sysop is then given the Jnos command-line prompt, and may issue most Jnos console commands. Commands which would require creation of a new session are disallowed. Use the "exit" command to exit from the Jnos command level.
On Sat, Jan 31, 2015 at 7:51 AM, vk1kw vk1kw@netspace.net.au wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello All,
Please be advised that if you run FBB BBS with outside telnet access thru BPQ32 and have the FBB gateway enabled, someone may connect to JNOS via the gateway and the internal RS232 ports and execute the '@' command on the JNOS prompt line. This gives access to Linux Directories etc.
I have not seen the '@' command mentioned in the JNOS2j documentation so not sure where it gets compiled in so if you could maybe help me there please? It does not seem to be in the DOS options and not the 'ED' definition as both are undefined.
Also my compile of JNOS2j completes ok with no 'success' indications and produces a file it seems but suffers from the dreaded crash a few minutes after it runs - I suspect it is the open port problem but yet to check that out.
Cheers Rob
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-- cheers, Don
Rob:
The "@" command is the "sysop" command.
In your autoexec.nos boot file add this command "mbox password somerealpasswordhere"
This "mbox password ..." command then requires anyone issuing the sysop command to enter a password to gain sysop access.
And also, the "@" sysop command is not just for anyone connecting via BPQ, but rather anyone at a bbs prompt wanting remote sysop access.
This is documented in the JNOS manual. Here is a copy of that part of the manual. ---------------------------------------------------------------------------------- mbox password <newpassword>
This sets a new remote sysop password. A remote sysop is a user whose entry in the ftpusers file has the SYSOP_CMD bit set. When a remote sysop enters the '@' command to the JNOS mailbox, and there is a non-null mbox password established, five random numbers are displayed. The remote sysop is expected to then transmit the letters corresponding to these numbers, taken as zero-relative positions in the password string. Several lines of five letters can be sent, only one of which need be correct. The last line sent must be empty, i.e., just a CR. If the response is correct, the remote sysop is then given the JNOS command-line prompt, and may issue most JNOS console commands. Commands which would require creation of a new session are disallowed. Use the "exit" command to exit from the JNOS command level. ------------------------------------------------------------------------------------
Per the notes, please make sure your users in the ftpusers file DO NOT HAVE THE SYSOP_CMD bit set. If you also set the password, then anyone trying to access can't get in without it.
Bill
At 04:51 AM 1/31/2015, you wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello All,
Please be advised that if you run FBB BBS with outside telnet access thru BPQ32 and have the FBB gateway enabled, someone may connect to JNOS via the gateway and the internal RS232 ports and execute the '@' command on the JNOS prompt line. This gives access to Linux Directories etc.
I have not seen the '@' command mentioned in the JNOS2j documentation so not sure where it gets compiled in so if you could maybe help me there please? It does not seem to be in the DOS options and not the 'ED' definition as both are undefined.
Also my compile of JNOS2j completes ok with no 'success' indications and produces a file it seems but suffers from the dreaded crash a few minutes after it runs - I suspect it is the open port problem but yet to check that out.
Cheers Rob
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Bill et al;
On Sat, 2015-01-31 at 05:37 -0800, William Lewis wrote:
Per the notes, please make sure your users in the ftpusers file DO NOT HAVE THE SYSOP_CMD bit set. If you also set the password, then anyone trying to access can't get in without it.
What Rob was saying, however, is that many run both FBB and JNOS together. If you were running FBB with the gateway feature on so that say I could use it to get from your FBB to your JNOS, I would appear at your JNOS as YOU not as ME. So, if I connected into your JNOS, I would (via your callsign) have the sysop flag set, and if I had any possible clue what your password may be I could try that and gain full access to your box.
The "gateway" feature in FBB is something the sysop can flag on|off on FBB. I believe the initial design of this feature was for the sysop to manually test his/her forwarding script before etching the path into stone.
Hi Brian
Currently a bug in linfbb as using the gateway is not using the user callsign. It is using the FBB NNS callsign in error. Working correctly when gatewaying via pactor.
The Gateway facility allows the user to connect out on to the local netrom, Radio ports if the radio ports configured in the fbb port.sys. Been used that way for years, Here. Has recently been raised on the Linfbb list 73 de Paul G4apl In message 1422721941.11017.12.camel@n1uro.ampr.org, Brian n1uro@n1uro.ampr.org writes
What Rob was saying, however, is that many run both FBB and JNOS together. If you were running FBB with the gateway feature on so that say I could use it to get from your FBB to your JNOS, I would appear at your JNOS as YOU not as ME. So, if I connected into your JNOS, I would (via your callsign) have the sysop flag set, and if I had any possible clue what your password may be I could try that and gain full access to your box.
The "gateway" feature in FBB is something the sysop can flag on|off on FBB. I believe the initial design of this feature was for the sysop to manually test his/her forwarding script before etching the path into stone.
I wonder if that fabulous little '@' could be mentioned at the top of the JNOS2-MAN.doc file with the other special characters with a ref. to the MBOX Password command please?
Regards
-
Brian -
Don Moore -
Paul Lewis -
vk1kw -
William Lewis