Comment by RupertSalt

2 days ago

If MUDs and other games were indeed using port 23/tcp for player access, they were not only incorrect but rather dangerous.

Since 23/tcp is a well-known IANA-registered port for the Telnet service, it is an RFC violation to use it for a service that is not telnetd/remote logins via TELNET protocol.

Any port below 1024 signifies that it is a "privileged port". This is an archaic distinction that developed in high-trust R&E networks, but it did signify that the listener on the port had administrative/root access to spawn a service there, so it was kind of a signal that you could "trust" the remote server with your login credentials.

The privileged ports were also priority, because if the unprivileged ones were "first come, first served" for unprivileged users, the administrator would have the ability to enforce the uniqueness of "privileged ports", and disable or kill any process that shouldn't be using one. A MUD Wizard who finds their port in-use (bound) on start is on their own.

Typically there were no MUDs running with, or needing, root privileges. They were run under user accounts, or specific unprivileged role accounts. They had no need of a privileged port, and many were clandestine or unauthorized, and forced to use a higher port number. That's why the 4-digit ports became so popular.

Anyway, the custom has already developed of blocking port 23 to protect users from unwittingly opening a management or login interface. Most shrewd admins would choose a port that isn't routinely blocked and filtered... and port-scanned.

If your favorite MUD runs on port 23 today, such as nethack or something, then I am glad for this change, which will force the administrator to select a unique port that does not imply privilege, TELNET protocol, or shell login credentials. It is totally RFC-compliant to select an unassigned port above 1023, and MUD conventions have popularized several numbers that are still recognizable to players today.

25 comments

RupertSalt

Kim_Bruning 1 day ago

They're remote terminal applications? Remote interactive text sessions. Over TELetype NETworking?

You're saying that connecting my tty (emulator), to a remote host is not the purpose of telnet?

Though ... I suppose by now a switch to port 22 could make sense.

RupertSalt 1 day ago
No. MUDs should never have adopted port 23 or port 22 or any pre-assigned ports. There is no "well-known port assignment" from IANA for MUD-type games or servers.
The end of RFC854, the very last paragraph, states:
https://datatracker.ietf.org/doc/html/rfc854
Port Assignment When used for remote user access to service hosts (i.e., remote terminal access) this protocol is assigned server port 23 (27 octal). That is L=23.
I would say that by the letter of the law, and by longstanding convention, that port 23/tcp is given to telnetd type login servers. A server listening on port 23 is expected to accept login credentials and furnish a shell or some management interface that affects the host itself. That someone would log in as a terminal user and perform computing tasks.
A MUD game could never be confused with managing the server where it runs, or a user/admin login to access that operating system. A MUD game has a specific purpose of recreation/leisure/communication.
Again, let us not conflate port 23 with telnetd with the TELNET protocol. These are all completely separate and distinct. Except that port 23/tcp implies TELNET protocol and also implies a telnetd-type server. It is sort of a one-way chain of requirement. telnetd could be run on any port (inadvisable) while TELNET protocol could be implemented by any other service (often preferable).
A MUD server is perfectly entitled to use TELNET protocol! In my server-hacking days, I often considered it a mistake and error not to support TELNET protocol! If I had known how to implement it, I would've added it to TinyMUCK myself! Honestly, it was not a priority because there was no known client supporting TELNET, either. Of course, protocol support needs to be on both ends to be effective. Without demand or capability from clients, it didn't really make sense for server programmers to add it in.
But we were perfectly content to stay on port 2283, port 4201, or port 6250, as our players and Wizards had established the games to run there, especially in those days we wished to escape notice by admins. The TELNET protocol can run on any port and support any "network virtual terminal" service. But the "telnet port" on 23 is special, unique, and as of last month, really inadvisable for everyone.
- FEELmyAGI 1 day ago
  
  > A MUD game could never be confused with managing the server where it runs
  What do you think of [], highlights: It is extremely tightly integrated with the system. Connections are handled by telnetd, and the interface is basically considered a shell by the system. MUD characters are treated as actual users by the system, with a UNIX username consisting of "m-" followed by the first 5 characters of their selected character name. The database is stored as directories and files, with occasional symlinks.
  Any programming or scripting language which is capable of manipulating Mooix's data files can be used to write custom commands, in a similar idea to, say, CGI. Libraries have been created to aid in this for several languages, including Perl, C, Ruby, and bash.
  When a character is enabled as a programmer, they basically get the amount of power normally associated with a shell account. They can create and execute files, evaluate perl scripts, and can access a simplified version of a standard UNIX shell, among other benefits. Facilities are provided to edit Mooix scripts or programs (using your favorite editor) from within the MUD, then set them up to be executed when a user types a certain command.
  []https://everything2.com/title/Mooix
  
  1 reply →
- kps 1 day ago
  
  > by longstanding convention, that port 23/tcp is given to telnetd type login servers
  First thing I ever telnetted to was Melvyl, University of California's library catalogue, around 1985. This was “remote user access” (I was a remote user) to “service hosts” (running the catalogue) providing “remote terminal access”. It was not a login.
  
  1 reply →
- simlevesque 1 day ago
  
  I don't understand how playing a MUD doesn't fit the definition of "remote user access to service hosts".
- da_chicken 1 day ago
  
  Boy, wait until I tell you what happened with http!
  
  1 reply →
- metroholografix 1 day ago
  
  The vast majority of MUDs don't even implement the full TELNET protocol, just a small subset. In typical MUD fashion, fundamental TELNET parts like option negotiation were either hacked together -badly- or altogether ignored.
  For the longest time in the 90s TELNET AYT would crash tons of custom implementations.
- Kim_Bruning 1 day ago
  
  You mean something like this?
  mudplayer:x:1001:1001:MUD Player:/home/mudplayer:/usr/games/adventure
  
  9 replies →
- antonvs 15 hours ago
  
  > I would say that by the letter of the law, and by longstanding convention,
  Those are two different things, and you're confusing or conflating them.
  "By the letter of the law", certainly if we're just talking about RFC 854, there's no mention of shells, or some of the other constraints you're projecting onto it.
  "Remote user access to service hosts (i.e., remote terminal access)" is perfectly consistent with someone accessing a MUD.
  When it comes to convention, though, which is influenced by pragmatic issues such as security constraints, you have more of a case.

ordu 1 day ago

> Any port below 1024 signifies that it is a "privileged port". This is an archaic distinction that developed in high-trust R&E networks, but it did signify that the listener on the port had administrative/root access to spawn a service there, so it was kind of a signal that you could "trust" the remote server with your login credentials.

If something is running on a privileged port is not enough to trust it. Firstly you need to trust to a host, you need to know where are you connecting to. If you connect to a random host with a privileged port and pass it your credentials you are doing stupid things.

This thing with privileged ports is protecting you from users who could run arbitrary code on a server. From them and not from anyone else. So for MUD there is a lot of reasons to run on 23 port, it is a signal for users of MUD that they are connecting to a process hat was started by the owner of the machine having the root.

> If your favorite MUD runs on port 23 today, such as nethack or something, then I am glad for this change, which will force the administrator to select a unique port that does not imply privilege, TELNET protocol, or shell login credentials. It is totally RFC-compliant to select an unassigned port above 1023, and MUD conventions have popularized several numbers that are still recognizable to players today.

If I was running a MUD, I would find some way to get around. I could use 22 for example, though it could cause me problems with logging in with ssh. But it is not an issue really, there are 1k privileged ports, I could choose one from them.

RupertSalt 1 day ago

[flagged]

unethical_ban 1 day ago

Yes, and sftp and scp should not operate on port 22 because that isn't proper, interactive SSH!

sophacles 1 day ago

> it is an RFC violation

I hate to break it to you, but RFC violations power the internet.

Also, RFCs are non-binding and the IANA port numbers are just strongly suggested.