Re: DOSemu networking made easy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Stas Sergeev <stsp@xxxxxxx> writes:

> 25.06.2013 03:43, Eric W. Biederman пишет:
>> At a very basic level I don't know if it is wise to make it easy to
>> open up old unmaintained dos executables to the public internet.
> According to wikipedia:
> slirp cannot accept the incoming connections, and therefore
> gives as much of a protection as the NAT does.
> But I really can't follow their (wikipedia) logic: at least if the
> port is not already in use, why can't slirp open it to listen for
> the incoming connections? They claim you need a port forwarding
> for that.

slirp and qemu can do that.  You can't open a privileged port (because
you don't have permission but it otherwise works).  I do think they call
the feature port forwarding however.

NAT is sufficient to protect your old DOS mail client or to prevent
packet spoofing by the bad guys.  Let alone protect you if your DNS is
compromised or you are otherwise tricked into connecting into a site the
bad guys own.

Applications like chrome and firefox are constantly getting updates to
prevent problems in those kinds of scenarios.  Other network facing
applications are paranoid to one degree or another.

My concern was just that most DOS applications are old enough that if
anyone was serious they could use modern techniques and own your dosemu
without trying hard.

But like you say below these changes don't propogate quickly.

>> maintenance dead end.  If slirp updates can be pulled from qemu I don't
>> imagine there will be any maintenance problems.
> Well you probably know how "often" the dosemu releases
> are made: not much more frequently than the ones of slirp. :)
> So if there be some updates on slirp, even if someone will pull
> them into dosemu git quickly, they have zero chances to reach
> the user within 10 years or more, so this is not the best
> solution. :))

Shrug.  Whatever works.  My networking facing hat is quite paranoid
these days.

I suspect simply having the configuration default to off by default is
enough to protect most existing users of DOS applications.

To unsubscribe from this list: send the line "unsubscribe linux-msdos" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Index of Archives]     [Linux Console]     [Linux Audio]     [Linux for Hams]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite Camping]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Samba]     [Linux Media]     [Fedora Users]

  Powered by Linux