[29] in Security FYI
Important Macintosh security notice
daemon@ATHENA.MIT.EDU (Bob Mahoney)
Thu Dec 30 12:31:20 1999
Mime-Version: 1.0
Message-Id: <v04220801b49145648288@[18.177.0.98]>
Date: Thu, 30 Dec 1999 12:30:38 -0500
To: macpartners@mit.edu, itpartners@mit.edu, security-fyi@mit.edu,
mitvirus@mitvma.mit.edu
From: Bob Mahoney <net-security@MIT.EDU>
Cc: Security Team <security-internal@mit.edu>, helpsuper@mit.edu, hd@mit.edu
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
-----BEGIN PGP SIGNED MESSAGE-----
Information Systems recommends users of Mac OS 9 and certain machines
with Mac OS 8.6 who are connected via Ethernet on MITnet, install the
recently released "OT Tuner 1.0" from Apple. This extension prevents
a Mac OS 9 computer from being used as an vehicle for launching type
of Internet attack called Denial of Service. However, users of
certain recent Macintosh computers can be effected by a bug in this
extension and are cautioned to read their options described further
below before installing.
It was just recently discovered that certain Mac OS based computers
can be used as a middleman in a type of Internet attack where other
computers are flooded with information. This is called a Denial of
Service (DoS) attack. As the attack leverages off of behaviour in the
Mac OS's networking code that is automatic in response, the attacker
need only know that a particular Macintosh is running the correct
system software. If your particular Macintosh is being utilized in
such a DoS attack, it does _not_ mean that the attacker has access to
the data on your computer. The attacker can use this exploit without
breaking into your Macintosh or having physical access to your
Macintosh.
The following Macintoshes are susceptible to being used as a
middleman in this DoS attack:
- - Any Macintosh running Mac OS 9
- - Any Power Macintosh G4, iBook or iMac (with slot-loading CD or DVD
drive) running Mac OS 8.6
However, users of the following computers will be affected by a bug
in the OT Tuner extension:
- - Any Power Macintosh G4 (AGP), iBook or iMac (with slot-loading CD
or DVD drive)
This bug will cause the Macintosh to lose Internet access after
waking up from deep sleep mode. The only way to restore Internet
access after this has happened is to restart the computer. You can
prevent one of these effected Macintoshes from going into deep sleep
mode by going to the "Energy Sleep" control panel and changing the
"Sleep when inactive for..." slider to "Never."
After discovering the bug, the Macintosh Development group at IS was
able to contact Apple about the problem and have confirmed that Apple
is working on a fix to be released later.
As there may be other undiscovered bugs in the "OT Tuner 1.0"
extension, Mac OS 9 users connecting via Tether or other modem based
ISPs should wait for the next fix from Apple. Modem connections are
generally too slow to be useful for staging such DoS attacks.
MIT users who have susceptible Macintoshes at home connected via
cable modems or DSL may want to install the OT Tuner extension. If
you have one of the Macintoshes described above which is connected
directly to a cable modem or DSL and is often on, then you should
install this extension. If you Macintosh is behind a NAT or part of a
home network and not connected directly then you should wait for the
next version of the fix from Apple.
The "OT Tuner 1.0" extension is available from Apple at:
<http://asu.info.apple.com/swupdates.nsf/artnum/n11559>
The Computer Emergency Response Team (CERT) Advisory on the DoS
attack is at:
<http://www.cert.org/advisories/CA-99-17-denial-of-service-tools.html>
Further details about how this attack works is available at:
<http://people.atl.mediaone.net/jacopeland/macattack.html>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQCVAwUBOGuUiCbWm6ZidLmFAQEznQQAsWP9HP+CbJugPYReQAcOzOwH6zuyp8fN
4Xl5UsNvT44oTFQ4SNNzIlQbVEw+EtnstBatX/40wrDgyBUohPKUs/CtEuzmluaL
1Kml+sVpk2C5kR0h4albS71plbkU2DKhbqXD1/4NAsZergB1I1fd0U/JLZ/4SZk4
YiXkcLDShoA=
=kVlT
-----END PGP SIGNATURE-----
