Re: netatalk security vs. ftp, ssh

Subject: Re: netatalk security vs. ftp, ssh
From: Ron Chmara (ron@Opus1.COM)
Date: Sun Jul 30 2000 - 22:35:51 EDT

• Next message: Richard Kieran: "Re: RH 5.2 Netatalk install"
• Previous message: Wilson Fletcher: "Re: RH 5.2 Netatalk install"
• In reply to: Tom Fitzgerald: "Re: netatalk security vs. ftp, ssh"
• Next in thread: Radar O'Reilly: "Re: netatalk security vs. ftp, ssh"
• Reply: Ron Chmara: "Re: netatalk security vs. ftp, ssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tom Fitzgerald wrote:
> > Hi, I am the systems administrator for my company and I have been trying to
> > find a way to shut down ftp access to our server. This would entail
> > finding an alternative file transfer protocol, such as some sort of GUI-scp
> > or a combination of netatalk and samba(?) or something else.
> >
> > What I really want to know is if there are any place (or anyone) that will
> > tell me the vulnerabilities of using netatalk.
>
> 1) File data is not encrypted, so existing sessions are vulnerable to IP
> spoofing attacks. You can block outside attacks with appropriate source
> address filters at your router, but inside attacks are harder to block.
> Authentication handshakes are encrypted, so an attacker is out of luck
> unless a session has already been set up.

My personal fave Mac security hole: There is no stored key, authentication,
_whatever_, to guarantee that a server is the same entity from session to
session....Last time I spoke with apple about this, newer clients could
be tuned to _not_ fall back to cleartext, but most clients will happily
fail to recognize a server randnum or DHX, and fall back to cleartext.

Here's how an inside attack works:
1. Badguy with a laptop sets up netatalk, configures the machine to have
the same server name. Doesn't set up any password login besides cleartext.

2. Badguy laptop jacks into network, SYN's the valid appleshare server into
silence, thus making the mac users select -his- machine in the chooser.

3. Badguy laptop then collects cleartext passwords for 5-10 minutes, (as
the users fail to login, but happily divulge passwords (see cleartext,
above)in the process). If he's lucky, the server admin may even try his
own user/pass combo. >;-)>

4. At first sign of trouble, badguy lets up on SYN flood (thus, "fixing"
the login problem).

With ssh, you are warned durning the key exchange if a server identity
is being spoofed. No suck luck with ftp or asip.

-Bop

--
Brought to you from iBop the iMac, a MacOS, Win95, Win98, LinuxPPC machine,
which is currently in MacOS land.  Your bopping may vary.

• Next message: Richard Kieran: "Re: RH 5.2 Netatalk install"
• Previous message: Wilson Fletcher: "Re: RH 5.2 Netatalk install"
• In reply to: Tom Fitzgerald: "Re: netatalk security vs. ftp, ssh"
• Next in thread: Radar O'Reilly: "Re: netatalk security vs. ftp, ssh"
• Reply: Ron Chmara: "Re: netatalk security vs. ftp, ssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:45 EST