At 8:55 AM -0500 6/16/04, Michael S Hines wrote: >The problem started with bad specifications. No thought was given to how >the ports(UNIX)/services(Win) could be abused - and how to defend from >abusive attacks.
A significant difference from DECnet is that with TCP/IP any user on the system can open up a channel (to use a neutral term) to receive incoming traffic, potentially providing a capability to the outside world without the least bit of authentication. With DECnet (Phase IV or Phase V) on VMS such actions require getting a special privilege from the system manager (potentially granted to a specific program rather than to the programmer).