[9615] in bugtraq
Re: NetApp Filer software versions 5.x: potential hardware killer
daemon@ATHENA.MIT.EDU (James FitzGibbon)
Tue Feb 16 17:48:28 1999
Date: Sat, 13 Feb 1999 14:04:55 -0500
Reply-To: James FitzGibbon <james@ICAN.NET>
From: James FitzGibbon <james@ICAN.NET>
X-To: Kragen Sitaker <kragen@pobox.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.96.990212193744.3533t-100000@picard.dnaco.net>
On Fri, 12 Feb 1999, Kragen Sitaker wrote:
> Once you'd found infected machines, you could exert complete control
> over them. A particularly obnoxious possibility: you could insert
> "logic bombs" into the disk firmware that would activate only when
> certain (long and rather improbable, perhaps a few hundred bytes) were
> read from the disk. Then spam people with a .gif containing that
> sequence, along with steganographically-encoded machine code. They
> extract the .gif onto their disk, nicely aligned with the beginning of
> a sector, and load it up with Netscape.
I think it's important to keep this particular exploit in perspective; an
admin who didn't secure the network the filer was connected to is probably
going to get hit with a much more prevalent DoS or exploit before someone
goes to the trouble of rewriting their firmware. The amount of
information you'd need to do that is just slightly above writing root
shell exploits when you don't know the architecture you're trying to
attack.
The point on firmware does hold true though. I think that what we're
seeing here (and will likely continue to see as more appliances hit the
market) is easier administration at the cost of security. I'll grant that
that is a sweeping statement, but anytime you reduce the core
functionality of a machine to do "just one thing", you lose out on the
flexibiltiy side, and that often includes security.
What NetApp admin wouldn't like to compile up a copy of SSH for their
filer and turn off telnet ? If the NFS server was a full unix server,
that's a 10 minute task. With NetApp, the crypto-export laws make it a
two-year plus 10 minute task.
I guess it all comes down to the individual admin. Do you want a box that
you plug in, configure and leave alone even if it costs you on security,
or do you want a full *nix box that will be very secure, but that you'll
have to keep tabs on every day ?
--
j.
James FitzGibbon james@ican.net
System Engineer, ACC Global Net Voice/Fax (416)207-7171/7610
