Network security on AmigaOS with MiamiDx or any other stack

[tormedhammaren]

I want to address this subject because I don't see it
discussed often in Amiga newsgroups, amiga.org, ann.lu or
any other. Does few  Amiga users have concerns about
security on theire systems?

Some things I would like to know:

- Where can I find information about expolits in AmigaOS tcp/ip stacks and networking apps?
(Edit: Asked it in a confusing sense)

- Which firewall solutions exist on AmigaOS? I allready
know about MiamiIPFW. Are there any open source
solutions? Have anyone ported more modern solutions than
IPFW?

- Does anyone have any thoughts on which AmigaOS stack
is overall most secure?

- Is AmiTCP (the version geekgadgets distributes) still
updated and fixed?

My own discoveries: MiamiDx is very easy to flood . Just:

ping -l (from unix system) 100000 |amiga ip|.

ping -l 10000 |amiga ip| sends 100000 echo request packets
without waiting for echo replys. It doesn't have to be
100000, but it should do.This surpasses the Flood-protection
in MiamiDx, and MiamiDx crashes because of some buffer
overrun. MiamiPFW is by the way helpless when this
occurs.

My system is btw. immune to ping -f floods and ping of
death packets. My version of MiamiDx is 1.0c, and it's a
legal version.

Have anyone brought up solutions to this problem? ;-)

Regards
Tor

[tormedhammaren]

@mikeymike:

I'm not sure you fully understand what you're asking.

AmigaOS by default has no network stack. Therefore by default it has no network services.

I'm fully aware of what I'm asking. Maybe my question was
a bit clumsy in that I asked about exploits in AmigaOS and
apps. I really mean exploits in tcp/ip stacks and networking
apps. I'm addressing the securiy of these software
components.

* - WARNING everyone. Do not start an argument about memory protection.

?

@KennyR:

There are none that I know of, apart from MiamiDX's. If you
want a secure Amiga, use a linux, BSD or hardware router
(not Windows - ICS is incredibly unsafe).

Yes, I know that's an option. But I would really like to make
the system safe from inside. At least not exploitable. I
know it's far to easy to DOS it. That's why your option
counts as important.

There is an Amiga security page that is pretty good. The
address is www.geocities.com/SiliconValley/Bridge/5737/Main/sw/security.html
But it hasn't been updated since january 2002.

[tormedhammaren]

@lempkee:

tor: the ping issue you are talking about , you can protect it from it and the system wont crash but it will slow the system down alot (even on a 060 66mhz.)

Since my system run on a 040@40, I probably won't do it.
But how can I? Will it slow down my system only when
beeing flooded. Or - else to?

tor: which tools do you use ? , have you tried the port nabber's on aminet ? , sure its free but it doesnt mean it stinks, been too long since i installed snooptools so i can't really help you on that right away,but i will look into it asap zulu.

What's the port nabber's? Network security tools I've been
using on my Amiga includes nmap, netcat, icmpwatch,
MiamiIPFW, GoPortscan!, FWControl and openssh 3.6.

Cool avatar btw!

@KennyR:
Good advices! No, not anyone should run ftp/telnet on theire
systems anymore.  Neither deamons or clients. We should really get
sshd to work on AmigaOS.

Do you know how can I test if a MUI app is vulnerable?

[tormedhammaren]

@KennyR:

I did actually try this on someone with their permission. MiamiDX's flood protection kicked in after the first packt and they did not crash. The only difference is I pinged from MOS and not from UNIX.

Hmm. Am I the only one with this problem? I've
pinged my Amiga from bought a FreeBSD 5.1 box and
a linux 2.4.20 box. MiamiDx's flood protection
kicks in, but is surpassed. If I do a normal ping
flood, the flood protection works. What is ping
-l in MOS? If it's the same as in UNIX it's
preloading packets, not altering the lenght of
them.

I found the full security advisory about the MUI
security issue by searching for "MUI exploit" on
google.

@platon42:
Sounds like something not even M$ could have
created... When programmers want to add some
fancy functionallity that other programms don't
have, this is what often happens.

[tormedhammaren]

@Piru:
[qoute]
ping flood protection is pretty much useless, as the packets get processed until they enter the filter part. It takes considerable resources to process the packets before they "flow down" to part where the filtering is made. Enough fragmented packets with packet reassembly, and the rate of packet I/O, packet reassembly and filtering will consume all CPU time and internal buffer memory. [/quote]
The ping flood protection sends all packets to NIL: ? The
problem is that the Amiga features much less processing
power compared to more modern system. So you can
easily DOS it from just one host if bought sides have high
bandwidth.

Also, if you are unlucky enough to piss up some scriptkiddie with a botnet, you could be in real trouble. With his flood the incoming traffic will be so enormous that it will prevent any other legit traffic from reaching the system anyway, and all incoming traffic will stop (including TCP streams, that will disconnect if the flood stays persistent). Usually this is caused by DDOS attack using a botnet (network of hundreds to thousands of hacked zombie windows machines controlled by the scriptkiddie).

Can scriptkiddies get that strong? Hope there aren't to
many of those..

- TCP ISN generator is a simple 64k ruler. It is child's play
to predict. (spoofing TCP connections)

This means that you can make a system belive
that you are a trusted host. This is what Mitnick did
to break into Sutomu Shimomura's machine.

- ftpd 1.2 (Oct 3 1994) has a crash bug in STAT command:

What happen is that ftpd STAT command blindly assume fopen() succeed, that is, it doesn't check against NULL result from the call. If NULL is returned ftpd will happily peek & poke zeropage, eventually causing trashing of execbase pointer (absolute address 4). This problem is exploitable as anonymous user.

I won't provide an example on this public forum, for obvious reasons.

In which products is this ftpd used? Is there a fix?

@lempkee:
On which server/channel does Cyborg hang out?
Yes, Cyborg must come and play on amiga.org to!
How does nmap run on your machine? On my, it's dead
slow.

[tormedhammaren]

@lempkee:
Thank you. I've been looking for him.

@Piru:
Thanks for your good answers.

Regards
Tor