Subject: Re: netatalk security vs. ftp, ssh
From: Tom Fitzgerald (tfitz@MIT.EDU)
Date: Mon Jul 31 2000 - 15:15:52 EDT
> My personal fave Mac security hole: There is no stored key, authentication,
> _whatever_, to guarantee that a server is the same entity from session to
> session....Last time I spoke with apple about this, newer clients could
> be tuned to _not_ fall back to cleartext, but most clients will happily
> fail to recognize a server randnum or DHX, and fall back to cleartext.
For what it's worth, users with clues will see this immediately since
the "cleartext password" notice shows up next to the username/password
prompt.
It'll also be obvious that valid username/password combinations aren't
working. It should be clear to everyone that an attack is happening
and it might be time for a global password change.
> Here's how an inside attack works:
> 1. Badguy with a laptop sets up netatalk, configures the machine to have
> the same server name. Doesn't set up any password login besides cleartext.
>
> 2. Badguy laptop jacks into network, SYN's the valid appleshare server into
> silence, thus making the mac users select -his- machine in the chooser.
This doesn't sound right..... SYN-bombing will keep the appleshare server
from accepting AS/IP connections, but it won't affect what appears in the
chooser since that's coming directly over the appletalk protocol, not IP.
In fact, won't the appletalk routers start screaming when two appletalk
servers start advertising the same server name?
> With ssh, you are warned durning the key exchange if a server identity
> is being spoofed.
Only if a connection has already been established once. The first time
you connect, you have to take it on faith that you got the correct server.
(This is pretty much unavoidable unless you have a trusted central server
to authenticate all the other servers.)
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:45 EST