Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!wuarchive!uunet!munnari.oz.au!metro!usage.csd.unsw.oz.au!plod.cbme.unsw.oz.au
From: troy@plod.cbme.unsw.oz.au (Troy Rollo)
Newsgroups: comp.sys.apollo
Subject: Re: Routing
Message-ID: <1669@usage.csd.unsw.oz.au>
Date: 30 May 91 22:47:17 GMT
References: <9105301144.AA06362@mwunix.mitre.org>
Sender: news@usage.csd.unsw.oz.au
Reply-To: troy@plod.cbme.unsw.oz.au
Lines: 35

From article <9105301144.AA06362@mwunix.mitre.org>, by m20481@MWVM.MITRE.ORG (Heather Mackintosh):
m20481> Here is the situation:  Currently I have 18 nodes on token ring.  I am going
m20481> to be moving them to our Corporate ethernet.  The problem is that there are
m20481> other departments within my company that already have Apollos on the
m20481> ethernet.  When I put my nodes on the ethernet, the other departments
m20481> will be able to get onto my nodes.  The danger is that they can log in on
m20481> their nodes as root and crp onto my nodes as root.

Which they can do even if you do change the net number. They could change their
net number to yours (which, even if you did make obscure, they could find out
by using lb_admin to ask your glb), and be a part of your net. THey could
even ctnode your node (Again by asking your glb, and llb for that matter)
for its node numbers and net numbers).


m20481> The corporate ethernet's net ID is 1.  I can't change my nodes net ID to
m20481> something else because whenever I reboot it, the net ID is changed back
m20481> to 1.

m20481> I called Apollo response line and they said that there is only one way around
m20481> it:  Put all of your nodes on a seperate ethernet line and then have a node
m20481> with 2 ethernet cards act as a router.  Well, I can't do this because we are
m20481> not allowed to do cabling in our building.  We have to use the existing
m20481> ethernet cable that is in every office.

m20481> Does anyone know a way around this problem?  Any help would be appreciated.

PRovided you don't have any diskless nodes, you can change the rtsvc line in
/etc/rc. The only time this could be a problem is while the machine is
rebooting. The other departments should change their net number too, which
would mostly avoid this. OF course the same thing about diskless nodes applies
to them.
--
__________________________________________________________________________
troy@plod.cbme.unsw.oz.au