On Dec 22, 2008, at 3:26 PM, Kris Tilford wrote:
> > My dual 2.3 GHz G5 w/10.5.6 froze strangely with the cursor & mouse > still moving with the spinning beachball icon, and no other > functionality. The clock was frozen also. I waited 5 minutes and > nothing changed. No commands for "Force Quit" worked, so I rebooted by > holding the power button on the case. > > Upon reboot something different happened. I have Little Snitch > installed. A process called "natd" wanted to connect to "local.host" > via many UDP ports (about 20 total) in the series between 49159 and > 49195. > > A Google search of "natd" and "OS X" seems to indicate there may be > some security issue, however this report says that ALL versions of OS > X are vulnerable EXCEPT version 10.5.6 that I'm using?: > > <http://www.securityfocus.com/bid/32874> > > I "allowed" these connections in Little Snitch, thinking they were > normal OS X things, but now I'm not sure? This was on initial boot, no > applications were running other than the login items. Here's the login > items list: > iTunesHelper, ATI Monitor, Airport Base Station Agent, > FontExplorerXAutoload, SMARTReporter, gtslauncherdaemon, EyeTV Helper. > > I've rebooted several times, and each time this entire string of natd > connections wants to connect. This is very different behavior than > before. The strange freeze with the mouse working but everything else > frozen seems to me that it might be a "buffer overflow" as minimally > described in the recent security bulletin above? No. Reading further in that bulleting they state: "Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vu...@securityfocus.com." And following up on the links there is this description from APple: "network_cmds CVE-ID: CVE-2008-4222 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5 Impact: A remote attacker may be able to cause a denial of service if Internet Sharing is enabled Description: An infinite loop may occur in the handling of TCP packets in natd. By sending a maliciously crafted TCP packet, a remote attacker may be able to cause a denial of service if Internet Sharing is enabled. This update addresses the issue by performing additional validation of TCP packets. Credit to Alex Rosenberg of Ohmantics, and Gary Teter of Paizo Publishing for reporting this issue." So, SPOD, yes, odd conncets from other system components, no. Also, note this is ONLY if you're using Internet sharing on your Mac (Not Web sharing, not File sharing, not Remote login) since this is the only reason ever to run natd. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed Low End Mac's G3-5 List, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com To unsubscribe from this group, send email to g3-5-list-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~----------~----~----~----~------~----~------~--~---