Vulnerability Development mailing list archives
Re: Apple Mac DoS
From: "Matteo,Marc A." <mmatteo () FUSIONSTORM COM>
Date: Fri, 15 Dec 2000 09:46:18 -0800
FWIW I just re-installed a Mac OS 9 system from an original iMac OS 9 CD and then ran Apple's Software Update to get the necessary updates (like OS 9.0.4). The Mac OS was updated to 9.0.4 but TCP/IP was NOT automatically updated to fix the smurf amp (or that high UDP port DoS - I can't remember the port). I found that interesting. I wondow how many Mac users have upgraded TCP/IP manually? Marc
-----Original Message----- From: Ian Stoba [mailto:ian () BABCOCKBROWN COM] Sent: Thursday, December 14, 2000 9:13 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: [VULN-DEV] Apple Mac DoS Mac OS 9.0 is subject to smurf amplification. Here's a link to the CERT advisory: http://www.cert.org/advisories/CA-98.01.smurf.html This is fixed in Mac OS 9.0.4. The update is freely available from Apple: http://asu.info.apple.com/swupdates.nsf/artnum/n11617 Also, I happened to buy a copy of Mac OS 9 off the shelf in a CompUSA store this week and noticed that the version on the install CD was 9.0.4. The Q wrote:I have noticed some unusual behaviour with Mac OS 9 I am not a Mac user so I apologize if this is a known bug I have checked the archives and generally on the Net andcan find nomention of this effect any way a bit of background... I was nmaping a mac (running os 9) to see if I coulddiagnose why a smbconnection couldn't be established. Not being familiar withmac os (at all)I telnetted to the open ports and didn't get a lot. erm... then decided to try a netcat to each port.... (don't ask why) well to cut a long story short it causes a MASSIVE DoS onthe mac if younet cat /dev/zero to port 548 tcp. The Machine needs areset before it willrespond. Surely this can't be right? the details - Ports open are testhost@testhost ]$ nmap 192.168.1.96 ## IP of a mac boxen Starting nmap V. 2.53 by fyodor () insecure org (
www.insecure.org/nmap/ )
Interesting ports on (192.168.1.96): (The 1521 ports scanned but not shown below are in state: closed) Port State Service 427/tcp open svrloc 548/tcp open afpovertcp Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds to cause the DoS testhost@testhost ]$./nc -v 192.168.1.96 548 < /dev/zero caused massive DoS - mouse nonfunctional (important on a mac :o) of course when you stop the netcat the mac returns to normal after
10-20
secs
________________________________________________________________________ _____________
Get more from the Web. FREE MSN Explorer download :
http://explorer.msn.com
Current thread:
- Apple Mac DoS The Q (Dec 15)
- Re: Apple Mac DoS Jurriaan Kamer (Dec 15)
- Re: Apple Mac DoS Ian Stoba (Dec 15)
- Re: Apple Mac DoS Daniel J. Luke (Dec 15)
- Re: Apple Mac DoS Daniel Harrison (Dec 15)
- Re: Apple Mac DoS Martin Sunnerdahl (Dec 15)
- Re: Apple Mac DoS Ian Stoba (Dec 15)
- Re: Apple Mac DoS Daniel J. Luke (Dec 15)
- Re: Apple Mac DoS 3APA3A (Dec 15)
- Re: Apple Mac DoS Ian Stoba (Dec 15)
- <Possible follow-ups>
- Re: Apple Mac DoS Matteo,Marc A. (Dec 17)
- Re: Apple Mac DoS Daniel J. Luke (Dec 18)
- Re: Apple Mac DoS Matteo,Marc A. (Dec 18)
- Re: Apple Mac DoS Daniel J. Luke (Dec 18)
- Re: Apple Mac DoS Jurriaan Kamer (Dec 15)