Re: natd issue, perhaps security problem?
On Dec 22, 2008, at 3:26 PM, Kris Tilford wrote: My dual 2.3 GHz G5 w/10.5.6 froze strangely with the cursor mouse still moving with the spinning beachball icon, and no other functionality. The clock was frozen also. I waited 5 minutes and nothing changed. No commands for Force Quit worked, so I rebooted by holding the power button on the case. Upon reboot something different happened. I have Little Snitch installed. A process called natd wanted to connect to local.host via many UDP ports (about 20 total) in the series between 49159 and 49195. A Google search of natd and OS X seems to indicate there may be some security issue, however this report says that ALL versions of OS X are vulnerable EXCEPT version 10.5.6 that I'm using?: http://www.securityfocus.com/bid/32874 I allowed these connections in Little Snitch, thinking they were normal OS X things, but now I'm not sure? This was on initial boot, no applications were running other than the login items. Here's the login items list: iTunesHelper, ATI Monitor, Airport Base Station Agent, FontExplorerXAutoload, SMARTReporter, gtslauncherdaemon, EyeTV Helper. I've rebooted several times, and each time this entire string of natd connections wants to connect. This is very different behavior than before. The strange freeze with the mouse working but everything else frozen seems to me that it might be a buffer overflow as minimally described in the recent security bulletin above? No. Reading further in that bulleting they state: Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vu...@securityfocus.com. And following up on the links there is this description from APple: network_cmds CVE-ID: CVE-2008-4222 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5 Impact: A remote attacker may be able to cause a denial of service if Internet Sharing is enabled Description: An infinite loop may occur in the handling of TCP packets in natd. By sending a maliciously crafted TCP packet, a remote attacker may be able to cause a denial of service if Internet Sharing is enabled. This update addresses the issue by performing additional validation of TCP packets. Credit to Alex Rosenberg of Ohmantics, and Gary Teter of Paizo Publishing for reporting this issue. So, SPOD, yes, odd conncets from other system components, no. Also, note this is ONLY if you're using Internet sharing on your Mac (Not Web sharing, not File sharing, not Remote login) since this is the only reason ever to run natd. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs --~--~-~--~~~---~--~~ You received this message because you are subscribed Low End Mac's G3-5 List, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com To unsubscribe from this group, send email to g3-5-list-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~--~~~~--~~--~--~---
Re: natd issue, perhaps security problem?
On Dec 23, 2008, at 9:56 AM, Bruce Johnson wrote: Also, note this is ONLY if you're using Internet sharing on your Mac (Not Web sharing, not File sharing, not Remote login) since this is the only reason ever to run natd. Bruce to the rescue. It's an Internet Sharing thing. I'd totally forgotten that I'd tried to use Internet Sharing for a very hampered iBook. I'm glad it wasn't any security threat, but in all my years of using Macs the type of freeze where the clock and everything is frozen except the cursor is rare, and this coincidence combined with the Google result misled me. I was attempting to use Internet Sharing over Firewire. That day I had no luck with Firewire networking, the client computer's Firewire network port wasn't recognized in Network Preferences for some reason. I'll disable Internet Sharing for now since it sets off this monster flurry of natd connections at startup. Thanks again Bruce! --~--~-~--~~~---~--~~ You received this message because you are subscribed Low End Mac's G3-5 List, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com To unsubscribe from this group, send email to g3-5-list-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~--~~~~--~~--~--~---
natd issue, perhaps security problem?
My dual 2.3 GHz G5 w/10.5.6 froze strangely with the cursor mouse still moving with the spinning beachball icon, and no other functionality. The clock was frozen also. I waited 5 minutes and nothing changed. No commands for Force Quit worked, so I rebooted by holding the power button on the case. Upon reboot something different happened. I have Little Snitch installed. A process called natd wanted to connect to local.host via many UDP ports (about 20 total) in the series between 49159 and 49195. A Google search of natd and OS X seems to indicate there may be some security issue, however this report says that ALL versions of OS X are vulnerable EXCEPT version 10.5.6 that I'm using?: http://www.securityfocus.com/bid/32874 I allowed these connections in Little Snitch, thinking they were normal OS X things, but now I'm not sure? This was on initial boot, no applications were running other than the login items. Here's the login items list: iTunesHelper, ATI Monitor, Airport Base Station Agent, FontExplorerXAutoload, SMARTReporter, gtslauncherdaemon, EyeTV Helper. I've rebooted several times, and each time this entire string of natd connections wants to connect. This is very different behavior than before. The strange freeze with the mouse working but everything else frozen seems to me that it might be a buffer overflow as minimally described in the recent security bulletin above? Any ideas? --~--~-~--~~~---~--~~ You received this message because you are subscribed Low End Mac's G3-5 List, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com To unsubscribe from this group, send email to g3-5-list-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~--~~~~--~~--~--~---
Re: natd issue, perhaps security problem?
I can't help, but have to say that I've never seen a DoS on a mac before. Wow! This is nuts. I guess I'd be off line with my mac for a little while yet...checking for an updated fix. Sorry. Kris Tilford wrote: My dual 2.3 GHz G5 w/10.5.6 froze strangely with the cursor mouse still moving with the spinning beachball icon, and no other functionality. The clock was frozen also. I waited 5 minutes and nothing changed. No commands for Force Quit worked, so I rebooted by holding the power button on the case. Upon reboot something different happened. I have Little Snitch installed. A process called natd wanted to connect to local.host via many UDP ports (about 20 total) in the series between 49159 and 49195. A Google search of natd and OS X seems to indicate there may be some security issue, however this report says that ALL versions of OS X are vulnerable EXCEPT version 10.5.6 that I'm using?: http://www.securityfocus.com/bid/32874 I allowed these connections in Little Snitch, thinking they were normal OS X things, but now I'm not sure? This was on initial boot, no applications were running other than the login items. Here's the login items list: iTunesHelper, ATI Monitor, Airport Base Station Agent, FontExplorerXAutoload, SMARTReporter, gtslauncherdaemon, EyeTV Helper. I've rebooted several times, and each time this entire string of natd connections wants to connect. This is very different behavior than before. The strange freeze with the mouse working but everything else frozen seems to me that it might be a buffer overflow as minimally described in the recent security bulletin above? Any ideas? --~--~-~--~~~---~--~~ You received this message because you are subscribed Low End Mac's G3-5 List, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com To unsubscribe from this group, send email to g3-5-list-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~--~~~~--~~--~--~---