dcsimg
Page 5 of 5 FirstFirst ... 345
Results 41 to 49 of 49

Thread: MS-DOS, security theory

  1. #41
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    THANK YOU!!!!

    Now, how did you patch it? I didn't think DOS got patches anymore. Anyway, thanks again. What are the chances of you tossing that box into a war game? It would be fun to see how someone could break in.

    Now for those who think I'm totally serious, and thinking of making DOS a server, it was just to get some decent discussion on the front page. I'm willing to make an ass of myself for the sake of a good discussion. Done it before, and will probably do it again. And I think it's been worth it. I've got a bunch of replies, and great information on security in DOS, all in one thread, and all I had to do was form a quick theory and set the dogs on it here.

  2. #42
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    dos didn't need to be patched...arachne did and they issued a new vesion.

    where i live now high speed isnt available and although i have two phone lines the company i work for dumped the ppp account i was using on it. i dont want to tie up my account but if i can get another account threw work or find the time to put it on the T at work ill let you know by PM, dont want to make my ip block public.

    if you check out the dos web rings there are many dos web servers on the internet. not to mention fido and other types. they are protected by hardware fw's just like all the other OS's. being as dos doesn't have any native sockets one must depend on the integrity of third party software often written by folks in there spare time. put under the kind of scrutiny that commercial software is im sure they wouldn't stand a chance.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #43
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Interesting thread, from what I've read of it ... I skipped the middle. I'm going to read back through and see if anyone has listed a DOS webserver, if they have.. I'll throw it online for ya. I've found a DOS telnet/ftp server suite, Don't know if it works, but I'll grab it also and I'll see what I can get running for ya...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #44
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    I'm not going to take sides as everyone who has posted here is right in their own way. DOS of course has it's vulnabilities but unless everyone starts using it they won't be looked into. As gore suggested you could probably make a "firewall" or whatever you want to call it which prevents another task from forming while you are away from the computer. Setting up a server with DOS is a good idea but 99% of the people won't have a chance to get in as it would only allow 1 at a time, and if you do gore's idea nobody will be able to get it. Now of course this still needs to be looked into (if someone was actually looking into starting a server with DOS)..and if somebody were to find a vulnerability in DOS, they could simply go through the trouble of re-creating it and creating their own patches and etc.
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  5. #45
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    and if somebody were to find a vulnerability in DOS, they could simply go through the trouble of re-creating it and creating their own patches and etc.
    .. For a non-opensource OS?
    Space For Rent.. =]

  6. #46
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    spyder it's possible..might not come out exact but it's possible
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  7. #47
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by gore
    And where in the hell, are you going to find an exploit for DOS? It's no longer supported, so people don't even bother trying to find holes in it anymore. When have you honestly seen a DOS box get owned?
    Back when it was still being used. "Owning" wasn't really what happened back then, but there were trojans developed for Win3.11.

    I've never even seen an exploit that would work on DOS.
    Exploits need something to break. There is very little to DOS. Most of the exploitable software was terminal-oriented, therefore there was little protocol/interpretation crap to exploit (which is a fair chunk of what you see today).

    Again, as I've said before, I'll say it again:

    If you could re-write parts to DOS, so that you could actually take out and modify parts of it, then leave a program running all the time, that's a task running, and another can't be started. Well, actually, I tale that back, yes one can be, but all I'm saying is that, with proper re-write, you could make DOS very secure.
    As soon as you start to re-write the OS you aren't just "Using DOS as a secure platform", thus defeating this whole thread.

    BIOS boot password, make a Batch file to use Anti Virii to scan at every boot up and shut down.
    DOS does not shut down. Really, your lack of working experience with it speaks volumes about how you came up with the concept.


    And for the people who aren't getting the point of this thread:
    I'm not trying to make DOS out to be the greatest thing since SCO making asses of themselves publicly, I'm just trying to have something on the front page that isn't a tech support question, and where people can discuss ideas.
    That's all well and good, but IMO this isn't the type of discussion that should hang around on the front page. It looks ridiculous, and isn't even all that good a discussion. If you wanted a thread about security theory, work with something modern, don't jump to something decades old as a potential solution. The KISS (Keep It Simple, Stupid) principle applies up to the point where you are sacrificing all useability, then it falls short.

    I'm NOT trying to make out like DOS is the answer to everything, I AM trying to show uses of something most people won't even look at twice.
    Having used DOS back in its time, it was a decent option for an operating system. Nowadays it is an impractical farce at best. It served its purpose, let dead dogs lie.

    And again, I'd like to see someone show me an exploit that would actually allow you to take over a DOS box.
    Boot the operating system and leave it running. There is no login management, there is nothing preventing a person from using your box while it is running.

    Now, as for being well thought out....Mmm, I can't admit to that, it was more like "Dude, Since DOS can't handle more than one user or task, wouldn't that make it hard to break into?"
    Which is a flawed statement. DOS can handle more than one task, as I'm sure you are aware at this point.

    I'm still waiting for someone to say if it would be possible to code into DOS a bit more to make my theory true. And besides, so far the most someone has pointed out for exploits was a buffer overflow that I've never seen.
    Writing anything for dos would be a waste of time and effort. I have no doubt I could write something as you mentioned, however it is counterproductive and an utter waste of time to write proof of concept code for an operating system that ceased vendor support 8 years ago and is no longer in common (or even uncommon) use.

    But that was correct, the application set up requests, not DOS.
    Correct. The vast majority of exploits that occur occur not because of the OS itself, but rather due to applications/services running on it. Mostly you'll find privilege escalation exploits targeting the OS, but actual intrusions will occur via a service/application (eg: IE/Outlook, Apache, etc.).

    And if using it for a server is such a bad idea..... How many of you who used computers in the 1980's used something besides DOS? Anyone I've talked to from back then used DOS, and would run BBS servers on the boxes. Nothing but DOS.
    I have. BBS software is not what you would call complicated like today's servers are. They were interactive terminal packages, and that was about it.
    As for alternatives, Netware was the most popular non-mainframe server back in the '80s. My Uncle had a Netware 2 server setup in the mid-late '80s that lasted him through 1994 -- in uptime, we were talking 7+ years, had UPS and his law firm was on diesel backup. He went from that to NT.

    And it's not like no one ever broke into computers back then, so why didn't they get owned?
    They did. Read up on wardialing and so forth. The attacks were different, but just as effective.

    I know a dude who used DOS for his BBS server for over 3 years. It was up the whole 3 years, stable as hell, and his never got broken into. Explain?
    Nobody cared about his BBS? Seriously, the number of people attempting crap back in that era was basically numbered in the 100s in North America. It has honestly really only picked up a lot since the WWW brought the Internet to home users.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  8. #48
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Good god this thread is the biggest waste of time and effort I have seen next to the nonsensical thread.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  9. #49
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    HT if you serious, not that you'd ever kid, you could use the jaffa web server for dos found here, along with anything else you might need:

    http://www.hippy.freeserve.co.uk/msdosnet.htm
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •