TCP Dangerous File Transfer

Port 548 (AFP)

Learn about port 548 (AFP) - security risks, vulnerabilities, and common uses. Find devices with port 548 open.

Quick Info

Port Number

548

Protocol

TCP

Service

AFP

IANA Name

AFP

Service Description

Network port 548 (TCP) is primarily associated with the Apple Filing Protocol (AFP). AFP is a proprietary network protocol developed by Apple Inc. to enable file sharing between computers on a local area network (LAN), particularly within macOS environments. It provides a method for users to access, store, and manage files on a remote server as if they were located locally. AFP operates at the application layer of the OSI model, handling authentication, file access permissions, and data transfer. The protocol includes features such as file locking, resource forks, and AppleEvent support, which are specific to the macOS operating system. It historically replaced the older AppleTalk Filing Protocol (also AFP, but distinct) and was designed to be more robust and efficient over TCP/IP networks. Apple has since deprecated AFP in favor of Server Message Block (SMB) for file sharing between macOS and other platforms, including Windows and Linux. However, older macOS systems and some specialized applications may still rely on AFP for specific functionalities.

## Firewall Recommendations

Generally, it is advisable to block port 548 (TCP) on firewalls, especially at the network perimeter, unless there is a specific and well-justified need for AFP file sharing. If AFP is required, it should only be allowed between trusted internal networks and systems. It is crucial to ensure that the AFP server and client software are running the latest available versions with all security patches applied. Consider migrating to a more secure file sharing protocol like SMB. Implement strong passwords and robust access control lists to limit access to sensitive files. Monitor network traffic for suspicious activity on port 548. If possible, disable AFP entirely and use alternative methods for file sharing.

Security Information

While AFP itself isn't inherently insecure when properly configured, its reliance on older authentication methods and the complexities of managing file permissions can introduce vulnerabilities. A primary risk is the potential for unauthorized access to shared files if user accounts have weak passwords or if access control lists (ACLs) are not meticulously managed. Older versions of AFP suffered from vulnerabilities that could be exploited to gain unauthorized access or execute arbitrary code. Furthermore, man-in-the-middle attacks are possible if the communication between client and server is not encrypted, allowing an attacker to intercept credentials or sensitive data. Due to its historical nature and diminishing use, AFP may not be as actively patched against newly discovered vulnerabilities as more modern protocols like SMB, making systems running AFP more susceptible to exploitation. The protocol's complexity can also lead to misconfigurations that expose sensitive data.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2005-2022	Netatalk AFP Server Buffer Overflow	High	Netatalk AFP server содержит уязвимость переполнения буфера, которая может позволить удаленным злоумышленникам выполнять произвольный код путем отправки длинного имени файла.
CVE-2007-1322	Apple AFP Server Authentication Bypass	Critical	Apple AFP server имеет уязвимость обхода аутентификации, которая может позволить удаленным злоумышленникам получить несанкционированный доступ к общим файлам путем отправки специально созданных запросов.
CVE-2017-2385	Apple AFP Server Information Disclosure	Medium	Apple AFP server имеет уязвимость раскрытия информации, которая может позволить удаленным злоумышленникам получить конфиденциальную информацию о файловой системе путем отправки специально созданных запросов.