
Three Dead Protocols - englishm
http://blog.annharter.com/2015/07/15/three-dead-protocols.html
======
userbinator
I think trivial protocols like this are a good thing to start with for
educational purposes, because implementing one correctly does require quite a
bit of effort for someone who has had no experience with networking or RFCs.

Even for something as simple as QOTD the implementer has to consider things
like message lengths and interpret terms like "should" (a recommendation, not
an obligatory condition for compliance.) Observe that the standard also
doesn't mandate that the message must change only once per day, so the
implementation presented is compliant. :-)

For TCP Echo, because TCP is a stream-oriented protocol and AFAIK since you
can't actually send and receive _simultaneously_ in code - it's always read or
write - the question of how much to echo back, and after how long, is also
something to consider. Theoretically, an echo server could wait to send until
several GB of data were received or the connection is closed, buffering the
data limitlessly, and still be compliant. This also shows the importance of
being clear and precise when writing standards or protocol specifications in
general, should you ever need to do so.

~~~
icebraining
_AFAIK since you can 't actually send and receive simultaneously in code -
it's always read or write_

Sure you can, there's no problem having a thread writing while another reads
in parallel.

~~~
userbinator
I did consider that scenario, but I suppose what really happens is dependent
upon the duplex of the medium, how the network stack handles it (there's
certainly a nontrivial amount of synchronisation required...), and if the CPU
is multicore. WiFi for sure is half-duplex so I think the two threads will
just alternately run.

------
linuxlizard
Late 90's I did firmware for print servers. The echo server was pretty
important to us for testing our hand-rolled TCP/IP stack.

Print server management was done through a Telnet interface. We also supported
LPD which was one of the stupider protocols ever to see the light of day.

I added a QOTD service to the firmware as an easter egg.

I'm going to go soak my teeth now.

------
Animats
As I mentioned when someone brought up the history of UDP, the original idea
was that datagram protocols would be implemented at the IP level, as seen
here. UDP offers the same functionality, but one level higher. In BSD, it was
easier to do things from user space at the UDP level rather than at the IP
level, and adding new protocols directly above IP fell out of favor.

Try to get an IP packet that's not TCP, UDP, or ICMP through a consumer level
Internet provider.

~~~
ghshephard
I've never had much difficulty with ESP (protocol 50), 6in4 (Protocol 41), or
GRE (protocol 47). By and large, if it's IP, your packet will get to the
destination without too much filtering in North America with most of the major
ISPs (Comcast, AT&T, etc...)

I can't speak for other countries.

~~~
batou
GRE tends to bugger off down a hole in a lot of ISPs in the UK from
experience. Very annoying.

~~~
ghshephard
Is that a routing issue, or a fragmentation problem? Reducing your MTU on a
GRE link _greatly_ improves performance.

I'd be interested in hearing if there were any ISPs that didn't just forward
GRE packets using normal IP routing conventions.

~~~
batou
Absolutely no idea. AFAIK they just disappear into a void.

Used to be like this on Demon, Virgin Media and Easynet. The latter fixed
their stuff circa 2007 however.

------
achillean
These protocols may be deprecated, they may be unused and they may be out of
sight but they aren't completely dead yet:

[https://www.shodan.io/report/9xshqrdb](https://www.shodan.io/report/9xshqrdb)

Many of these old protocols don't die easily and tend to linger around
forever. Maybe there's a nostalgic element to keeping them alive for sysadmins
:)

~~~
billyhoffman
Take Shodan results with a grain of salt. When you look at the entire IP4
space, you will find a little of anything.

In a decade of doing pen tests in a mix of professionally capacity and
informally for friends, I have never seen echo or daytime, and saw QOTD once
on a test box on the CS department of a university.

Of course, working with organizations who sought out someone to do a pentest
probably self-selects out networks which would have this kind of nonsense.
Reducing attack surface by turning off services or blocking them at various
firewalls has been standard operating procedure for IT for at least 2 decades.

~~~
achillean
Yeah, out of 4 billion addresses there are ~20,000 QOTD servers so I'm not
arguing that they're pervasive :) Just saying that they're not completely dead
yet.

------
kijin
Pretty much every port below 1024 is reserved for one protocol or another, but
many of them have been obsolete for years. It seems that whoever was in charge
of assigning well-known ports back then just handed them out like candy.

Well, who am I kidding? This is the same IANA that used to hand out humongous
blocks of IPv4 addresses to anyone who asked.

Should we try to deprecate dead protocols so that low ports can be put into
better use? Or have we come to expect that all new technologies will simply
reuse ports 80 & 443, so we have no need to set aside new well-known ports
anymore?

~~~
byuu
Not everything has to be RFC approved. If I had the need for a new protocol,
I'd just use one of the dead protocol ports anyway.

I suspect firewalls blocking everything but ports 80 and 443 has a lot more to
do with why so many services these days are being stacked on top of them. I
used to run a SOCKSv5 SSH tunnel home when I worked for a more restrictive
employer, and of course I stuck it on port 443.

~~~
merb
DNS is even more open then Port 80 and 443. Lots of small WLAN appliances
which are in the most internet cafe`s today could be easily blown by putting a
vpn at the dns port

------
placeybordeaux
Given the definition[1] of the echo protocol works on UDP you could
potentially spoof the address to be coming from another echo server and have
packets going back and forth indefiniately, correct?

[https://tools.ietf.org/html/rfc862](https://tools.ietf.org/html/rfc862)

~~~
codezero
This is the premise of an old bit of code called Pepsi.c. I recall having
juvenile fun with it. Many Cisco routers at the time had these ports open.
[http://www.hoobie.net/security/exploits/hacking/pepsi.c](http://www.hoobie.net/security/exploits/hacking/pepsi.c)

~~~
coldpie
Source code written by teenagers is always such a joy.

~~~
codezero
Especially the greetz and rage. I knew quite a few on both sides 😂

------
kijin
> May 1983 [footnote] _Fwiw, RFC 2616, for HTTP, was published the same month,
> so at least some people were doing actual work in those days._

RFC 2616 was published in June 1999.

I don't know what Sir Tim was doing in May 1983, but I'm pretty sure he wasn't
writing an RFC for a protocol that he wouldn't invent for six more years.

[https://www.ietf.org/rfc/rfc2616.txt](https://www.ietf.org/rfc/rfc2616.txt)

~~~
joergsauer
The first actual RFC on HTTP was RFC 1945[1] from 1996. However, HTTP had been
in use on the Web for a couple of years already when it was published.

[1] [https://tools.ietf.org/html/rfc1945](https://tools.ietf.org/html/rfc1945)

------
emmab
I think your implementation of "RFC 862, the Echo Protocol" wouldn't work if
the input doesn't end in a newline.

~~~
akama
Also, if you send a large amount of data to the echo server, the server
crashes. This is due to how data is read off the wire into a buffer. A
suggestion is to use a fixed size buffer. I did test this earlier and I'm
sorry that I crashed it.

~~~
tyho
Oops, I should have read the comments, I too crashed it testing this theory.

------
TheLoneWolfling
This actually brings up an annoyance with FF (well, Pale Moon, but same
difference). If you try to open, say, pchs.co:17 with FF, it'll pop up a
prompt saying "this address is restricted" \- with no way of overriding it.

You have to go into the config and add a key (!) to actually be able to access
it. And worse, there's no way I've seen to actually just straight disable the
"feature". You have to add an individual port, or a range of ports, or a
comma-separated list of ports or ranges.

(For those wondering, it's "network.security.ports.banned.override", with a
value of a port, or range, or comma-separated list of ports or ranges. For
example: "7,13,17".)

Once you do, it works fine.

~~~
jerf
There are various security-related jiggery-pokeries you can perform with
access to some of those old protocols as they interact with browser security.
It's safer just to disable them. And, well, let's be frank, the inconvenience
of not being able to hit "echo" servers through your browser is pretty
minimal.

~~~
cgtyoder
Pure applesauce.

~~~
jerf
I, uh, don't even know what you're trying to say there. Is that some form of
agreement or a claim that it's nonsense? If it's the latter, well, it's not.
Security attacks against some of these old protocols were demonstrated. The
blacklist, as I understand it, may be a bit larger than it needs to be because
conservatively a few more things were blocked than were demonstrated, but
there _were_ demonstrations.

------
zx2c4
I've been running a QOTD service on my server for the last few years:

    
    
        $ nc zx2c4.com 17
    

Source here: [http://git.zx2c4.com/mulder-listen-
daemon/tree/mulderd.c](http://git.zx2c4.com/mulder-listen-
daemon/tree/mulderd.c)

I also run a toy telnet server:

    
    
        $ telnet zx2c4.com
    

:P

~~~
StavrosK
A toy telnet server that requires me to send my Google credentials to a random
server, unencrypted over the internet? Nice!

~~~
taftster
Well, at least you have a choice to send that information. Much unlike the
majority of web browsing experience, where you send quite a bit of information
without having any choice at all. The author claims it is a "toy" which
basically means use at your own peril. c.f. happy fun ball

------
rumcajz
Don't frget about TCPMUX listening on port 1. (RFC 1078) That's a serious
stuff that could see many applications even in today's world.

~~~
userbinator
Interesting, it's like a layer-4 NAT. I'm not so optimistic about its
practicality though, as we don't seem to have any sort of port shortage at the
moment and a lot of new applications just get put on top of HTTP/HTTPS anyway.

------
johnwfinigan
I have actually used daytime for a "real" use: as a quick and dirty way of
eliminating the possibility of guest clock drift when running benchmark
scripts inside of emulated guests with unreliable timekeeping. Obviously a bad
idea for benchmarks measured on the order of seconds, but probably fine for
benchmarks running for hours. ntpdate -q would probably work just as well
though.

------
skrebbel
Wait, did she just start an infinite number of threads in a loop, or is ruby
awesome in ways I didn't know?

~~~
almost
Server.accept will block (wait) until a new connection happens. Once the
callback (in the form of a Ruby block) completes the thread will end. So it
starts a potentially infinite number of threads but only one per connection
and each one is terminated pretty quickly. This is a pretty common way to
write a server that can handle multiple simultaneous connections.

~~~
skrebbel
Soo the parameter to Thread.new is a function that blocks on the _parent_
thread, before a new thread is even created?

~~~
ajanuary
Ruby (and most languages) evaluates the arguments before passing them through
to the function. So it first evaluates server.accept, which blocks until a new
connection, then passes the return value through to Thread.new which spawns
the new thread.

The parameters to Thread.new are just passed straight through to the block.

~~~
skrebbel
Ahhh! I thought it was passing the accept function and not its result. Been
too long, ruby! Thanks guys :)

------
batou
I spoke to someone a few years ago who has an asymmetrical transit cost
agreement between two companies. He joked that it may have been lucrative to
just pipe /dev/random to their echo port 24/7.

I suspect that is one of the many reasons that is a dead protocol.

~~~
StavrosK
That's like a byte a second, what's that going to do?

------
foliveira
Nice little exercise. Just implemented the three servers in Node.js over lunch
time.

[1] [https://github.com/foliveira/echo-is-not-
dead](https://github.com/foliveira/echo-is-not-dead)

[2] [https://github.com/foliveira/qotd-is-not-
dead](https://github.com/foliveira/qotd-is-not-dead)

[3] [https://github.com/foliveira/daytime-is-not-
dead](https://github.com/foliveira/daytime-is-not-dead)

------
chrismorgan
RFC 2616 has been superseded by RFC 7230 et al.

------
imauld
_This isn’t about the protocol, but you should know my code for this is really
sloppy because it was my first time attempting to use vim and_ _literally
everything was hard_ _._

Ahh, Vim. It makes me happy to know that more seasoned developers than myself
have issues with it as well.

------
anotherevan
Hmmm, I run Q4TD[1] and now I’m thinking I should implement my own QOTD
service…

I wonder if I could do that with Google App Engine talking to the blog and
just picking random posts.

[1] [http://q4td.blogspot.com/](http://q4td.blogspot.com/)
[http://www.twitter.com/q4td](http://www.twitter.com/q4td)
[https://plus.google.com/u/0/110672212432591877153/posts](https://plus.google.com/u/0/110672212432591877153/posts)
[http://www.facebook.com/quote4theday](http://www.facebook.com/quote4theday)

------
dec0dedab0de
Every time I look down the well known port numbers I imagine setting up a box
with every protocol running.

A bit of an aside, how many people still use plain netcat? I switched to ncat
years ago, and haven't looked back.

------
ajslater
No mention of finger, port 79.

[https://en.wikipedia.org/wiki/Finger_protocol](https://en.wikipedia.org/wiki/Finger_protocol)

------
vhost-
I suspect a few more implementations of these are going to spin up. I just did
the qotd in Go:
[https://github.com/kyleterry/qotd](https://github.com/kyleterry/qotd)

~~~
Sami_Lehtinen
0.0.0.0 where's the IPv6 support?

------
dilap
The QOTD seems to just hang sometimes. Anyone have any guesses as to why?

~~~
molecule
For zero-based arrays, which Ruby has, it looks like the random_index passed
to the CSV array can exceed the array's bounds due to the '+1':

    
    
        random_index = rand(quotes_array.length + 1)
        @quote_body = quotes_array[random_index]["Quote"]
        @quote_author = quotes_array[random_index]["Author"]
    

[https://github.com/theaisforannie/qotd/blob/master/qotd.rb#L...](https://github.com/theaisforannie/qotd/blob/master/qotd.rb#L34-L36)

~~~
dilap
Ah, and then it just silently throws an exc and never closes the connection.
Nice.

Gracias Señor@!

------
mml
someone should tell her about the fortune file :(

