On 15 May 2021 at 10:40, Ralf Quint wrote: > > On 5/15/2021 4:56 AM, Eric Auer wrote: > > > >> I had worried that the DOS machine on my network, would > >> give easy access from the Internet for gremlins! > > Because DOS normally does not run any servers, there is > > not much which the gremlins could access. So it depends > > on which servers you manually start on DOS: I guess the > > plans to talk to your printer will not require anything > > server-style to run on DOS, so you should be safe :-) > > If a DOS machine on a local network gets "accessed by gremlins from the > Internet", you are already in rather deep sh!t. That DOS machine would > be the last of your worries at that point... > > Ralf > I second that. In more detail:
As for DOS in the hypothetical role of an "entry point" (security hole): DOS is such an ancient and nowadays exotic platform, and relatively uncomfortable to program networking pranks for, that hardly anyone would waste the programming effort required to write modern malware for it. In its heyday, there were certainly viruses for DOS, but I don't recall any notable DOS virus that would spread specifically in a network environment (which one, in DOS at that time Novell was much more popular than MS Networking etc.) I can imagine "social engineering malware" spreading by just copying its funny executable binary to any network volumes it can find, and thus infect more modern platoforms... but again, making this kind of sotware compatible with DOS would nowadays mean pretty much unnecessary baggage :-) And, yes, as the DOS machine is client only, it can hardly be attacked via the network (by feeding a crafted buffer overflow attack to some network service interface, or SQL injection, or some such). It's just much too dumb to be eligible as a victim of a sophisticated network-borne attack. As for the MS Network Client for DOS, it is true that it requires ancient authentication methods with weak ciphers and whatnot, which might make it easier for an attacker to glean passwords from the traffic or some such (and then maybe log in to the server and try pulling off further mischief). But, for that, the attacker would have to be present in your local network already = you'd have a more serious problem in the first place :-) I do believe that your DOS machine on the LAN is really a non-target nowadays. I'll try to provide you with a rudimentary Samba config in a private e-mail. Frank _______________________________________________ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
