Network Protocols What is a stateless Network Protocol?

Transcription

1 What is a stateless Network Protocol? All information about a connection is passed from client to server to client in messages No connection information is saved at the Server

2 What is a stateless Network Protocol? All information about a connection is passed from client to server to client in messages No connection information is saved at the Server What is so good about them? One attack vector involves forcing a Server to keep track of more state than it can handle DoS Supports multiple server access client can talk to one server, then another, etc. - the client sees one service A server may go down it does not matter because no connection information is lost

3 What is a stateless Network Protocol? All information about a connection is passed from client to server to client in messages No connection information is saved at the Server What is so good about them? One attack vector involves forcing a Server to keep track of more state than it can handle DoS Supports multiple server access client can talk to one server, then another, etc. - the client sees one service A server may go down it does not matter because no connection information is lost Where might stateless protocols get into trouble? Shared file systems have features needing state to be saved Ex: file locking who has locked the file?

4 Network File System (NFS) Relies on IP addresses to authenticate client hosts Vulnerable to address forgery

5 Network File System (NFS) Relies on IP addresses to authenticate client hosts Vulnerable to address forgery Relies on the client to authenticate the user Vulnerable to attacker compromising client's machine

6 Network File System (NFS) Relies on IP addresses to authenticate client hosts Vulnerable to address forgery Relies on the client to authenticate the user Vulnerable to attacker compromising client's machine Doesn't check client authentication on every request Assumes a valid file handle means client access authorized Attacker with forged or captured file handle can access the filesystem just as easily as a legitimate client can

7 Network File System (NFS) Relies on IP addresses to authenticate client hosts Vulnerable to address forgery Relies on the client to authenticate the user Vulnerable to attacker compromising client's machine Doesn't check client authentication on every request Assumes a valid file handle means client access authorized Attacker with forged or captured file handle can access the filesystem just as easily as a legitimate client can Trust in the client is established when the client mounts FS Trust does not change after that

8 Network File System (NFS) Relies on IP addresses to authenticate client hosts Vulnerable to address forgery Relies on the client to authenticate the user Vulnerable to attacker compromising client's machine Doesn't check client authentication on every request Assumes a valid file handle means client access authorized Attacker with forged or captured file handle can access the filesystem just as easily as a legitimate client can Trust in the client is established when the client mounts FS Trust does not change after that Client asks permission to mount, gets file handle if granted Client specifies file op and supplies handle for authorization

9 Network File System (NFS) Relies on IP addresses to authenticate client hosts Vulnerable to address forgery Relies on the client to authenticate the user Vulnerable to attacker compromising client's machine Doesn't check client authentication on every request Assumes a valid file handle means client access authorized Attacker with forged or captured file handle can access the filesystem just as easily as a legitimate client can Trust in the client is established when the client mounts FS Trust does not change after that Client asks permission to mount, gets file handle if granted Client specifies file op and supplies handle for authorization Handle has structure only small part is random attacker Can attack that part, knowing the rest of the structure

10 Network File System (NFS) Handles are difficult to get rid of A server is required to be stateless A server can only look at a file handle and determine whether or not it is valid

11 Network File System (NFS) Handles are difficult to get rid of A server is required to be stateless A server can only look at a file handle and determine whether or not it is valid On most implementations, once a client has a file handle, the only way to keep the client from using it is to change the method for generating file handles so that all previous file handles are invalid, requiring every client to remount their filesystem A hostile client can save a file handle and reuse it

12 Network Information System (NIS) Maintains common configuration and authentication files Synchronizes user IDs and group IDs to prevent incorrect Access permissions All systems within an NIS domain can share: passwords, aliases, groups Many default installations of NIS allow any user with an NIS account access to any system in its NIS domain

13 Network Information System (NIS) Maintains common configuration and authentication files Synchronizes user IDs and group IDs to prevent incorrect Access permissions All systems within an NIS domain can share: passwords, aliases, groups Many default installations of NIS allow any user with an NIS account access to any system in its NIS domain Access can be restricted based on netgroup membership but enforcement of netgroups depends on configuration which is Operating System dependent

14 Network Information System (NIS) Maintains common configuration and authentication files Synchronizes user IDs and group IDs to prevent incorrect Access permissions All systems within an NIS domain can share: passwords, aliases, groups Many default installations of NIS allow any user with an NIS account access to any system in its NIS domain Access can be restricted based on netgroup membership but enforcement of netgroups depends on configuration which is Operating System dependent Clients do not authenticate the server A system can establish itself as an NIS server by simply specifying the NIS domain name and performing the other necessary configuration steps. So a user can create a false NIS master server and put the real server OoB

15 Network Information System (NIS) Weakness Many default installations of NIS allow any user with an NIS account access to any system in NIS Access can be restricted based on netgroup memberships, But enforcement of netgroups requires a configuration step Configuration varies across Operating Systems, but typically involves modifying /etc/nsswitch.conf, /etc/groups, /etc/passwd, and /etc/shadow

16 Network Information System (NIS) Weakness NIS typically operates in broadcast mode Clients locate an NIS server by broadcasting to the broadcast address of their subnet An eavesdropper can discover sensitive information just by watching communications from NIS clients to NIS servers

17 Network Information System (NIS) Weakness NIS does not require periodic password changes NIS also does not require complex passwords (a mix of numeric, alphabetic, upper/lower case, other symbols

18 Network Information System (NIS) Weakness NIS clients do not authenticate the server they connect to but they check that the server is in the correct domain Any system can establish itself as an NIS server by specifying the NIS domain name and performing other necessary configuration steps. A user could create a false NIS server, and apply DoS to the real server to take over the domain and respond to NIS client requests In some NIS implementations, the false system would not even need to assume the real NIS server's IP address An NIS server on a local network segment can attract client bindings if the NIS master is on a separate network