Amiga.org
Amiga computer related discussion => Amiga Software Issues and Discussion => Topic started by: tormedhammaren on October 10, 2003, 04:11:33 PM
-
I want to address this subject because I don't see it
discussed often in Amiga newsgroups, amiga.org, ann.lu or
any other. Does few Amiga users have concerns about
security on theire systems?
Some things I would like to know:
- Where can I find information about expolits in AmigaOS tcp/ip stacks and networking apps?
(Edit: Asked it in a confusing sense)
- Which firewall solutions exist on AmigaOS? I allready
know about MiamiIPFW. Are there any open source
solutions? Have anyone ported more modern solutions than
IPFW?
- Does anyone have any thoughts on which AmigaOS stack
is overall most secure?
- Is AmiTCP (the version geekgadgets distributes) still
updated and fixed?
My own discoveries: MiamiDx is very easy to flood . Just:
ping -l (from unix system) 100000 |amiga ip|.
ping -l 10000 |amiga ip| sends 100000 echo request packets
without waiting for echo replys. It doesn't have to be
100000, but it should do.This surpasses the Flood-protection
in MiamiDx, and MiamiDx crashes because of some buffer
overrun. MiamiPFW is by the way helpless when this
occurs.
My system is btw. immune to ping -f floods and ping of
death packets. My version of MiamiDx is 1.0c, and it's a
legal version.
Have anyone brought up solutions to this problem? ;-)
Regards
Tor
-
I'm not sure you fully understand what you're asking.
AmigaOS by default has no network stack. Therefore by default it has no network services.
Once you add a stack, you can have vulnerabilities in the stack. Once you add software/services to use the stack, you can have vulnerabilities in those too, including the IP filter or firewall software. None of these say anything about the security of the operating system. The only fault of AmigaOS in this context therefore is that it has no memory protection*. However if any operating system has a vulnerability in the stack that is remotely exploitable, the operating system is almost certainly going to be fully exploitable.
- Where can I find information about expolits in AmigaOS and apps?
Try searching the bugtraq archives? I doubt AmigaOS software get many mentions, but that's the only central place I can think of.
- Does anyone have any thoughts on which AmigaOS stack is overall most secure?
I doubt any of the available stacks have a bad reputation. I think I've heard of a single vulnerability in each of them.
My own discoveries: MiamiDx is very easy to flood . Just:
ping -l (from unix system) 100000 |amiga ip|.
I did a bit of testing myself once, I wasn't able to make Miami 3.2b crash. I did however slow my Amiga to a virtual halt when I had it logging and displaying traffic during a complete port scan. Poor little 040 and PIO0. :-)
* - WARNING everyone. Do not start an argument about memory protection.
-
- Which firewall solutions exist on AmigaOS?
(Edit: pasted wrong question, D'oh!)
There are none that I know of, apart from MiamiDX's. If you want a secure Amiga, use a linux, BSD or hardware router (not Windows - ICS is incredibly unsafe).
- Is AmiTCP (the version geekgadgets distributes) still updated and fixed?
AmiTCP v5 will be available eventually, but only for MorphOS.
-
@mikeymike:
I'm not sure you fully understand what you're asking.
AmigaOS by default has no network stack. Therefore by default it has no network services.
I'm fully aware of what I'm asking. Maybe my question was
a bit clumsy in that I asked about exploits in AmigaOS and
apps. I really mean exploits in tcp/ip stacks and networking
apps. I'm addressing the securiy of these software
components.
* - WARNING everyone. Do not start an argument about memory protection.
?
@KennyR:
There are none that I know of, apart from MiamiDX's. If you
want a secure Amiga, use a linux, BSD or hardware router
(not Windows - ICS is incredibly unsafe).
Yes, I know that's an option. But I would really like to make
the system safe from inside. At least not exploitable. I
know it's far to easy to DOS it. That's why your option
counts as important.
There is an Amiga security page that is pretty good. The
address is www.geocities.com/SiliconValley/Bridge/5737/Main/sw/security.html
But it hasn't been updated since january 2002.
-
> But it hasn't been updated since january 2002.
Neither has any of the software or stacks!!
That's downright right off the press in these circles! :-P
-
t_bone:why are u saying such? , please check before you state such.
tor: the ping issue you are talking about , you can protect it from it and the system wont crash but it will slow the system down alot (even on a 060 66mhz.)
for stacks in development , roadshow , this is 68k and ppc .. it will be released as a buyable program for os3.x and will be included in os4 (full).
Amitcp is the morphos way , and its still beeing toot'd and that one is also looking to be great.
but i must add that none of theese are iinside the OS! .
tor: which tools do you use ? , have you tried the port nabber's on aminet ? , sure its free but it doesnt mean it stinks, been too long since i installed snooptools so i can't really help you on that right away,but i will look into it asap zulu.
cheers
-
If it helps, here are my recommendations on getting the most secure Amiga system. You'll probably know them, though.
· Don't put your Amiga on a direct connection to the net if possible. Their TCP/IP stacks are just too old and not updated.
· If you use AmIRC, never accept CTCP requests from users you don't know. AmIRC can be pushed over by flooding by CTCP.
· Use the most up to date MUI applications. Older internet MUI apps had a control string exploit which could be used to execute AmigaDOS commands.
· Try not to use FTP or telnet. An open port is an easy target for a nuke.
· Set your firewall not to reply to ICMP pings. Nobody is immune to DoS attacks, but at least this way it'll take powerful attack to saturate your whole bandwidth.
· Scan outgoing ports on a regular basis for trojan activity. Make sure there are no suspicious processes.
-
@lempkee:
tor: the ping issue you are talking about , you can protect it from it and the system wont crash but it will slow the system down alot (even on a 060 66mhz.)
Since my system run on a 040@40, I probably won't do it.
But how can I? Will it slow down my system only when
beeing flooded. Or - else to?
tor: which tools do you use ? , have you tried the port nabber's on aminet ? , sure its free but it doesnt mean it stinks, been too long since i installed snooptools so i can't really help you on that right away,but i will look into it asap zulu.
What's the port nabber's? Network security tools I've been
using on my Amiga includes nmap, netcat, icmpwatch,
MiamiIPFW, GoPortscan!, FWControl and openssh 3.6.
Cool avatar btw!
@KennyR:
Good advices! No, not anyone should run ftp/telnet on theire
systems anymore. Neither deamons or clients. We should really get
sshd to work on AmigaOS.
Do you know how can I test if a MUI app is vulnerable?
-
ping -l (from unix system) 100000 |amiga ip|.
ping -l 10000 |amiga ip| sends 100000 echo request packets without waiting for echo replys. It doesn't have to be 100000, but it should do.This surpasses the Flood-protection in MiamiDx, and MiamiDx crashes because of some buffer overrun. MiamiPFW is by the way helpless when this occurs.
I did actually try this on someone, with their permission. MiamiDX's flood protection kicked in after the first packet and they did not crash. The only difference is I pinged from MOS and not from UNIX.
Do you know how can I test if a MUI app is vulnerable?
I'm sorry, I don't know. It was something to do with sending control characters via internet. YAM, Voyager, SimpleMail, FreeCiv, IBrowse and AmIRC at least were made immune to this exploit.
Oh, and one more thing - never accept amigaguide files from users you don't know. It's extremely easy to imbed commands inside it and quick format your hard drive the moment you open it or click on a link.
-
> > Do you know how can I test if a MUI app is vulnerable?
>
> I'm sorry, I don't know. It was something to do with sending control characters via internet. YAM, Voyager, SimpleMail, FreeCiv, IBrowse and AmIRC at least were made immune to this exploit.
You should be a bit more precise. It is not a MUI problem per se. It is, a very dangerous file handler is installed by default on OS3.5/3.9 systems, namely the AWNPIPE:. This "thing" allows to *execute programs* using a *filepath*.
The "vulnerability" of MUI is, that it allows to load images through text strings. Now if you would try to display a text through MUI that contained a AWNPIPE: filepath with some nasty command, it would be executed without user control.
BUT the problem is not MUI. It is AWNPIPE! Because it is broken by design. It is the security hole! Any program that would use filenames from an external source (e.g. internet) then is a potential key to your machine. Let it be a browser (e.g. an image). Let it be an E-Mail. DCC request, Sound requests, etc. But also, let it just be some *configuration file* with external paths. The possibilities are endless, and no one application programmer has to take care of such a mess in a system.
Just take care that you don't use (mount) the AWNPIPE and you're safe.
-
@KennyR:
I did actually try this on someone with their permission. MiamiDX's flood protection kicked in after the first packt and they did not crash. The only difference is I pinged from MOS and not from UNIX.
Hmm. Am I the only one with this problem? I've
pinged my Amiga from bought a FreeBSD 5.1 box and
a linux 2.4.20 box. MiamiDx's flood protection
kicks in, but is surpassed. If I do a normal ping
flood, the flood protection works. What is ping
-l in MOS? If it's the same as in UNIX it's
preloading packets, not altering the lenght of
them.
I found the full security advisory about the MUI
security issue by searching for "MUI exploit" on
google.
@platon42:
Sounds like something not even M$ could have
created... When programmers want to add some
fancy functionallity that other programms don't
have, this is what often happens.
-
Just take care that you don't use (mount) the AWNPIPE and you're safe.
APIPE: has similar problem, so take care you don't mount either AWNPIPE or APIPE:.
-
MiamiDx's flood protection kicks in, but is surpassed.
ping flood protection is pretty much useless, as the packets get processed until they enter the filter part. It takes considerable resources to process the packets before they "flow down" to part where the filtering is made. Enough fragmented packets with packet reassembly, and the rate of packet I/O, packet reassembly and filtering will consume all CPU time and internal buffer memory.
Also, if you are unlucky enough to piss up some scriptkiddie with a botnet, you could be in real trouble. With his flood the incoming traffic will be so enormous that it will prevent any other legit traffic from reaching the system anyway, and all incoming traffic will stop (including TCP streams, that will disconnect if the flood stays persistent). Usually this is caused by DDOS attack using a botnet (network of hundreds to thousands of hacked zombie windows machines controlled by the scriptkiddie).
Only way to stop such flood is to have 100mbit pipe to internet and serious networking hardware filtering the traffic at that point, or by having your ISP block the flood earlier.
-
Is AmiTCP (the version geekgadgets distributes) still updated and fixed?
Free version of AmiTCP is not updated, and never really was.
Even latest commercial AmiTCP included with AmigaOS 3.9 has some grave issues:
- TCP ISN generator is a simple 64k ruler. It is child's play to predict. (spoofing TCP connections)
- ftpd 1.2 (Oct 3 1994) has a crash bug in STAT command:
What happen is that ftpd STAT command blindly assume fopen() succeed, that is, it doesn't check against NULL result from the call. If NULL is returned ftpd will happily peek & poke zeropage, eventually causing trashing of execbase pointer (absolute address 4). This problem is exploitable as anonymous user.
I won't provide an example on this public forum, for obvious reasons.
-
* - WARNING everyone. Do not start an argument about memory protection.
?
The next bone-headed discussion I hear on the lines of 'whether AmigaOS needs memory protection or not' is going to result in casualties. Some people appear to just want to kick off another discussion on the subject.
I would put a smiley here but I'm not really joking.
-
Well I'm feeling quite paranoid now...
I have no idea what half the stuff you guys talked about is.
I use MiamiDx, IBrowse, YAM, DOpusFTP, occasionally AmIRC (very unstable), over a 33.6 modem connection.
I don't have AWNPipe installed though.
I'm pretty much a novice at the internet (you'd probably noticed), should I be worried about this stuff? Should I be using a firewall, and how would I set one up?
How does one avoid using FTP?
-
xyth: Don't worry man. Seriusly. The risc of a hacker (read: cracker) being able to know his head from his ass in AmigaOS is near zero. It's like worrying about e-mail worms on your C64, if you get my drift.
If you don't get into someones attention span by writing the wrong things in the wrong IRC channel, then you have nothing to worry about.
(edit) This does not apply to *nix, Windoze or anything running some kind of server; such are hacked by the thousands using automated software and therefore needs proper counter meashures. (/edit)
-
lempkee wrote:
t_bone:why are u saying such? , please check before you state such.
Is there a new version of Miami I missed? :-o
Seriously, I wouldn't be concerned because the security page is "a whole year old."
If this were Windows, it'd be a different story.
-
tor: ok it looks like all the answers have been posted ;( ..abit too slow (me) ..
i also talked to cyborg (thw owner of the security page) and he is still active , but there havent been any needs for updating the page (according to him) , he also posted some info (on irc) but he went offline and i was away ...ARGH! ;(
for port tools , you seem to use the same as me.
t_bone: sorry , but it seemed like a troll statement, anyway i explained what is happening atm in the amiga world of tcpip stacks.
but i guess u are right , if its in dev and not out...then you shouldnt wait for it either...or?
pps:lets hope cyborg comes and visit us here at amiga.org , why he didnt post was because of "he had to register to post here" ....
-
@Piru:
[qoute]
ping flood protection is pretty much useless, as the packets get processed until they enter the filter part. It takes considerable resources to process the packets before they "flow down" to part where the filtering is made. Enough fragmented packets with packet reassembly, and the rate of packet I/O, packet reassembly and filtering will consume all CPU time and internal buffer memory. [/quote]
The ping flood protection sends all packets to NIL: ? The
problem is that the Amiga features much less processing
power compared to more modern system. So you can
easily DOS it from just one host if bought sides have high
bandwidth.
Also, if you are unlucky enough to piss up some scriptkiddie with a botnet, you could be in real trouble. With his flood the incoming traffic will be so enormous that it will prevent any other legit traffic from reaching the system anyway, and all incoming traffic will stop (including TCP streams, that will disconnect if the flood stays persistent). Usually this is caused by DDOS attack using a botnet (network of hundreds to thousands of hacked zombie windows machines controlled by the scriptkiddie).
Can scriptkiddies get that strong? Hope there aren't to
many of those..
- TCP ISN generator is a simple 64k ruler. It is child's play
to predict. (spoofing TCP connections)
This means that you can make a system belive
that you are a trusted host. This is what Mitnick did
to break into Sutomu Shimomura's machine.
- ftpd 1.2 (Oct 3 1994) has a crash bug in STAT command:
What happen is that ftpd STAT command blindly assume fopen() succeed, that is, it doesn't check against NULL result from the call. If NULL is returned ftpd will happily peek & poke zeropage, eventually causing trashing of execbase pointer (absolute address 4). This problem is exploitable as anonymous user.
I won't provide an example on this public forum, for obvious reasons.
In which products is this ftpd used? Is there a fix?
@lempkee:
On which server/channel does Cyborg hang out?
Yes, Cyborg must come and play on amiga.org to!
How does nmap run on your machine? On my, it's dead
slow.
-
@tormedhammaren
The ping flood protection sends all packets to NIL: ?
Yes. Well, not literally NIL:, the packets are just discarded. But those packets still need to pass thru SANA2 driver and IP level before they can be detected and dropped. This code pathway is quite long so it can cause problems, at least with slower systems.
The problem is that the Amiga features much less processing power compared to more modern system. So you can easily DOS it from just one host if bought sides have high bandwidth.
Right. With modern hardware simple pingflood is not going to take the system down, instead all the bandwidth need to be consumed (usually with DDoS).
Can scriptkiddies get that strong? Hope there aren't to many of those..
They are that strong already. Some years ago there was problem with kiddies crashing irc servers and/or causing netsplits and then riding the split to perform channel takeovers. Some very large websites have been taken down, even most DNS root servers simultanously (http://slashdot.org/article.pl?sid=02/10/22/2332233&mode=thread&tid=99).
In fact, some of the modern viruses turn the Windoze boxes into these zombies, part of the botnet. Another common way is to send out trojan via email that patch the system and add it as node to such network.
There is some speculation that these viruses would in fact be spread by spammers (http://slashdot.org/article.pl?sid=03/09/28/1311246&mode=thread&tid=111&tid=126) to generate large networks to send out spam email and to DDoS antispam services. At least three large AS services have (http://slashdot.org/article.pl?sid=03/08/27/0214238&mode=thread&tid=111&tid=126) already been shut down (http://yro.slashdot.org/article.pl?sid=03/09/24/132216&mode=thread&tid=111&tid=126&tid=95) due to enduring DDoS attacks.
Another wild theory is that these viruses are in fact made by NSA to test large scale electronic warfare. It would be of interest to USA since they're most vulnerable for such attack, if ever performed as an act of war or terrorism. The date triggered self destruct of the viruses backs up this theory somewhat, since this way the effect of the virus is limited.
This means that you can make a system belive that you are a trusted host. This is what Mitnick did to break into Sutomu Shimomura's machine.
Right. Mitnick used this method to spoof trusted LAN host and used rsh service to execute a command to inject "+ +" to root's .rhosts file. This way, all hosts could rlogin as root or execute remote commands as root. There is a description of the hack on usenet (http://groups.google.com/groups?selm=199501251236.EAA05736%40ariel.sdsc.edu&output=gplain) by Tsutomu Shimomura.
In which products is this ftpd used?
To my knowlegle all AmiTCP/IP versions available (that include the ftpd).
Is there a fix?
No fix is available. However, you can disable anonymous access to limit the threat to trusted users only.
I would still recommended you use some other ftpd instead.
-
@lempkee:
On which server/channel does Cyborg hang out?
Yes, Cyborg must come and play on amiga.org to!
How does nmap run on your machine? On my, it's dead
slow.
tor: he is on #amigafun (german channel) , or you can reach Yenzy on Arcnet #morphos .
Nmap is horrible slow when active here , never tried it on 040 but i guess its even slower. . ;(
cheers
-
@lempkee:
Thank you. I've been looking for him.
@Piru:
Thanks for your good answers.
Regards
Tor
-
Hey, very informative thread!
I have some questions regarding this issue, if i may..
Set your firewall not to reply to ICMP pings. Nobody is immune to DoS attacks, but at least this way it'll take powerful attack to saturate your whole bandwidth.
My router's firewall doesn't have a specific setting for ICMP pings, so i blocked all incoming ICMP traffic. This had a side effect: Not only i stopped to respond to pings but i lost the ability to ping others as well (like servers etc) and i don't like that. Therefore i disabled this setting.
The manual of my router mentions that it has built-in ping-flood protection, thus i should be fine? :-?
Do you know how can I test if a MUI app is vulnerable?
I'm not sure iirc, but one app which is vulnerable is an old IRC client. Probably BlackIRC and some other very old MUI progs.
Just take care that you don't use (mount) the AWNPIPE and you're safe.
APIPE: has similar problem, so take care you don't mount either AWNPIPE or APIPE:.
Hmm... I don't mount any of these devices at startup, BUT i use a nifty feature of MCP called AutoMount. It mounts devices only on demand. That is, if something makes a call to a device which is not mounted, AutoMount searches the storage/dosdrivers/ directory and the devs:mountlist and mounts the appropriate device automatically if it exists.
My question is: Is it possible for a hacker to take advantage of this feature and mount these devices from his computer or not?
- ftpd 1.2 (Oct 3 1994) has a crash bug in STAT command:
What happen is that ftpd STAT command blindly assume fopen() succeed, that is, it doesn't check against NULL result from the call. If NULL is returned ftpd will happily peek & poke zeropage, eventually causing trashing of execbase pointer (absolute address)
If i don't run an FTP server on my Amiga, should i worry about this at all?
I have disable the ftp service in db/services, along with other services which are not of any use to me.
-
excuse my ignorance, but i thought the amiga was faily well shielded from the rubbish floating around the internet as none of its IP stacks implement modern "services". just the basics needed to function. plus that my machine is not running windows, nor based on an intel chip. or thinking about it internet exploder, nor firefox.
exactly _what_can_ someone on the outside do to my machine?
:-?
its not like its going to be a zombie bot or filled with spyware?
-
Just one bump in case someone from a different timezone can answer some of my questions.