Re: MacOS 8 Web Sharing known problems?

[dan () VEGAS COM (dan)]

There is a program called Overdose that runs on Mac's, it claims to 
kill the personal web server that came with 8.5. I haven't really 
played with it so I don't know if it works. The original place I 
downloaded it has since closed down . I am not sure if there are any 
mirrors that have it but send an email my way if you want to test it 
out and I'll try to get it to you.

Dan

> Running MacOS9 I havent had any problems. I just hit my G3 300 mhz
> running MacOS9 with all of the DoS tools I could find: OOB, Land, blat,
> UDP floods, TCP blast, ICMP floods etc. (pretty long list) aside from
> bandwidth issues I didn't really even see a performance hit.  This is
> all against the personal web server, not the fancier, very expensive
> server product.
>
> Some earlier versions MacOS8 didn't handle certain floods very well, but
> Apple seems to have fixed this.
>
> Unpatched, MacOS can be used to amplify ICMP see:
>
> http://www.securiteam.com/securitynews/Macintosh_computers_can_be_use 
> d_to_cause_massive_DoS_attacks_on_the_network__Patch_available_.html
>
> As for security, there *might* be some dangers involved in access
> control -- apparently in order to enable user authentication for access
> to files in the "Personal Web Folder" you have to enable file sharing.
> (Not that I have any reason to believe the file sharing mechanisms are
> flawed, peer-to-peer file sharing is inherantly dangerous.)
>
> Something interesting though... when you enable web sharing, port 80
> isn't the only thing listening.  Also port 427 udp and tcp magically
> appears.  I don't know what these ports are, but does this mean that
> file sharing is implicitly enabled once you enable the web server?  I
> don't know what these ports represent.
>
> Since the personal web server doesnt support cgi, ssi, frontpage or any
> server-side dynamic content for that matter it does limit the type of
> attacks that can be done.
>
> There could be something within the PNF (personal net finder), I get
> inconsistent results when playing with it.  (personal netfinder
> automagically indexes all of the files in your web sharing directory,
> and lists them in a directory format == you can't hide files from public
> view.)  for example the string: http://192.168.1.70/PNF:/.. doesn't
> allow me to query the PNF again when I try it from communicator
> 4.7/Linux, but the PNF allows further queries when the same type of
> strings are done from the BeOS default browser, NetPositive.  Odd.
>
> Any ideas on port 427?
>
> My apologies for the length of this message, I got carried away.
>
> -Todd