A recent Netscape browser ran into this problem. Netscape depends on SSL and permits up to a 128-bit session key to be used for encryption. The session key is generated by the client, in this case a Netscape browser running on an MS Windows PC, and sent to the server, in this case a Unix httpd. The PC offers limited facilities for generating a random number: the clock offers marginal granularity, and other variables provide little additional randomization. The result was that the randomness of the seed provided perhaps 16 to 32 bits of variability for the generation of the session key. Such a limited key space could be quickly searched, resulting in key disclosures in minutes rather than years, as had been assumed.

RFC 1750 addresses the security considerations of randomization and provides recommendations to the producers of cryptographic algorithms.

Binary Integrity

It is important to verify the integrity of any binary program that you run on your system. The binary program could be corrupted on the remote system with some sort of virus, or the binary could be modified during the file transfer to your system.

Source Integrity

Many FTP archives provide precompiled binary versions of application programs. Running these programs can open your system to attack if trojan code is embedded in the binary.

Even those programs that provide source code might embed some difficult-to-understand sections of code that effectively constitute a virus. Users should closely examine code before compiling and running software of undetermined origin.

If the program is shipped on CD-ROMs or tapes, it is unlikely to have such problems. However, if the source comes from a university FTP archive and no PGP signature is available, the potential exists. Even md5 checksums that are distributed with the program are suspect: the hacker could have modified these checksums and inserted them into the README file. A PGP signature of each source file, or of a file containing md5 checksums, can be a better way to verify source integrity. However, blindly trusting PGP signatures without verifying that the signer is indeed the author is a recipe for disaster. Hackers and/or naive users are perfectly capable of creating an elaborate PGP web of trust with no factual basis for any of the trust relationships.

Transfer Modifications

A recent attack on programs distributed using FTP used the approach of modifying portions of the files as they were transferred over the Internet. A fake TCP packet containing the modified data was inserted into the connection by hackers who monitored the connection using packet sniffers. The attack in question was used to modify the Netscape Navigator, a program that is frequently downloaded using FTP. The modifications decreased the strength of the encryption, permitting users to erroneously assume greater security for the transmission of secret information, such as credit card numbers.

Denial of Service Attacks

SATAN reveals the presence of active network services such as ftpd, sendmail, or httpd. These services are nearly always accessible to users “cruising” the Internet. As a result, these services are open to “denial of service” attacks. It is quite difficult to avoid denial of service attacks. The primary goal of such attacks is to slow down the target machine, fill up all available disk space, and spam the mail recipients with vast amounts of useless mail or something similarly annoying. A denial of service attack is also used to wedge a host while taking over its network identity in a spoofing attack. Nothing prevents a user from sending millions of useless e-mail messages, each one small enough to be accepted. Nothing prevents a remote user from initiating thousands of network connections to the remote system. Ftpd can limit the amount of disk space available to transfers, and sendmail can limit the size of an individual e-mail message, but this won’t stop a determined attacker. By partitioning the disk to limit the space available to each vulnerable Internet service, the system’s exposure to such attacks is limited.

The best remedy is to use a firewall to limit the exposure of the majority of systems to random Internet attacks. There is no way to avoid the e-mail attacks, because firewalls still need to permit access from any remote user.

PostScript Files

It is possible to embed command sequences in PostScript files. When viewing the file, depending on your viewer, the command sequences could be executed. The safest way to view unknown .ps files is to print them out on a printer. That is the default action indicated in most .mailcap files for MIME interpretation of .ps files. It would be possible to construct a filter to prevent dangerous actions, or to modify the viewer to prevent dangerous actions, but such tools and modifications are not widely available.

Rendezvous with SATAN

“‘Before we start to struggle out of here, O master,’ I said when I was on my feet, ‘I wish you would explain some things to me.’”

—Dante Alighieri, Inferno, Canto XXXIV, lines 100–102

This section describes the SATAN program in great detail, with information on obtaining SATAN, the files that make up SATAN, running SATAN, and extending SATAN to cover new security holes.