> They can crash it. Someone has already shown how a netmail packet can be
> dropped on any system that might be in a route and the netmail will be
> sent to the system intended. No session or packet password required.
 
Yeah, one of the things I've started to notice with modern Fidonet is the
relatively lax security model.  Back in the day, there was long distance to
contend with, and your average Joe probably wasn't going to go calling
around to other systems far away to cause trouble when it was on his dime.
Local pranksters would be easier to track down.  And caller ID came into
the picture eventually as well.
 
But internet connectivity for Fidonet made it a whole different ball game.
The inherent nature of Fidonet, with direct sending of netmail to other
nodes and things of that sort, means most systems could be capable of
receiving mail from anyone.  There's no way that I'm aware of that's
currently implemented to ensure that a netmail (or echomail for that
matter) is truly from who they say they are, name or node or path or
whatever else you want to go by.  Binkd supports passwords, but a.) you
don't know who's actually using them, and b.) that really only prevents
them from receiving mail packets, not uploading it.  What a particular
system does with insecure packets is completely based on the configuration
of that particular node.
 
Basically, Fidonet suffers design flaws in similar ways to how IPv4 does
(which the internet currently still manages to function with).  Neither
were originally meant for the environment that they would eventually
function within. Everyone played by the honor system when they were
created.  And while the internet is of course a lot different than Fidonet
in terms of the sorts of users it sees, it took the internet being
exploited before they started trying to implement safeguards.  They have
the eventual solution of moving to IPv6 (whenever that actually happens),
but I don't know if anyone is discussing Fidonet's future yet.
 
Of course, trying to implement any big change of Fidonet arguably doesn't
make it Fidonet anymore to some, and I know plenty of people around here
aren't fond of change, so I really dunno what the solution is when it comes
to that aspect of it.

--- D'Bridge 2.98