About SecureMac Advertise Security Consulting Mac Security Store Send Feedback

Site Information
Site Background
Who runs the site
Security Consulting
Feedback Form

SecureMac Software


Mac OS X Security
sudo buffer overflow exploit + fix
Disable Single User Boot Mode
Malevolence - Dumping Passwords
nidump security
Startup Security - Open Firmware Password Protection

Mac OS X Network Security
Secure FTP Wrapper
Ettercap - sniffer interceptor logger
Snort - Network Intrusion Detection System
SSH Admin
SSH Helper
xnu - enable MAC Address spoofing

Mac OS X Virus

Mac OS X Firewalls
Firewalk Firewall Utility
NetBarrier X

Mac OS X App Sec.

Mac OS X Encryption
GPGMail - PGP Functionality

Mac OS X DoS

SecureMac Library
Mac Cable Modem Security
Mac Security Auditing
Mac OS X Security Understanding
Mac OS X Security Second Lessons
Mac OS X Security Third Lesson
Mac OS X Single User Mode Root Access
Mac OS X Shareware Firewalls
Mac OS X Secure Installation
Cable & DSL Connections - Security Measures
Better Safe than Sorry Security Resources
Marketing Macintosh Security Programs

GrouchySmurf 1.0b Review
(spoofed icmp broadcast)

GrouchySmurf is the first public release of an ICMP broadcast attack for the MacOS. Last night the application was released by Freaks Macintosh Archives a hacker related website for the macintosh community. They wrote a review/press release on the application to hype it. Now it is online and avialable for download. The ICMP broadcast attack will be explained in details further in this document.

Were not going to try to hide the bad uses of this program. This review is to inform you of the new software released and what damages it might cause. This is not a new attack or exploit, just the first time ported to the MacOS. This software can be used for good uses (personal testing of your own servers vulnerabilities, etc) or bad uses (flooding someone off the net, causing bsod's (blue screen of death), crashing the machine, slowing down servers, etc).

What's a broadcast / Quick ICMP broadcast attack
First of all, lets put something clear: a broadcast is _not_ a machine, it is in fact the address of a whole subnet of machines. Machines over the internet have IP addresses in the form x.x.x.x where each x is a number between 0 and 255 (of course alot of those addresses are special addresses and not all of them are used as standard IP addresses, but you already knew all that..) So here is what interests us, lets say we have a LAN (Local Area Network) which IP addresses belong to the subnet 205.151.222.x. The default gateway address would be, and the subnet's actual address would be The broadcast address would be

Here's what interests us, the broadcasts and subnet addresses, which do pretty much the same thing in that case. Now lets say a machine on our LAN wants to send a packet that everyone will read, this is called a broadcasted packet, the machine will send it to or (255 is the most commonly used though.). The machine actually sent one packet which was read by ALL the machines on this subnet. Now lets say that machine sends a PING to the broadcast address, what will happend? well all the machines on the subnet will reply to this machine with an ICMP echo reply.

Now this should _only_ work with local area networks, this means the gateways should only broadcast packets coming from the INSIDE of the network. The reason I say should though is that there is obviously an exception, and a big one. Alot of gateways over the internet are misconfigured and allow broadcast packets to come from the outside. This means if I send a PING to the subnet's broacast, each machine will reply with one ping, amplifying my PING by the number of machines on this subnet.

The ICMP broadcast attack uses a list of those vulnerable broadcast servers and send PING to those broadcast servers, those packet's source address is spoofed to the victim's IP address, so all the ICMP echo replies are sent back to the victim, and not to you, the real source.

Freaks Macintosh Archives Download

This vulnerability is very easy to fix, it fact it resides in telling your router not to broadcast packets coming from the exterior (the internet in this case), therefore only broadcasting local packets. You can import directly a list of your own servers which might be vulnerable or enter them manually (and save it to test them again, if you wish, when measures are taken.). The best way to know which servers responds would be to use an ICMP logger and attack your own machine. The built-in ping utility allows you to test lag on a remote machine and has various uses, such as making sure you do not blow off the net the machine you are using for monitoring purposes.

Please if you have any questions regarding this application or feedback, fill out the form below.


Enter Email Address:

Enter your message:

Select Either of These Two Buttons

*some of the data on this page was taken directly from the readme.

Security + OS
PowerBook Security Control Panel
Empower Pro
Deus Lock Master
Keys Off
MacOS Algorithm
Modem Security
Password Key
Shift Key Suite
Stealth Signal
SuperLock Lite
SuperLock Pro

Macintosh Viruses
Sophos Anti-Virus
Norton AntiVirus
Nav 7 Nav 6 Nav X
Virex - Oct
VirusBarrier - Netupdate
vScan - Discontinued.

Mac Physical Security

Macintosh Firewalls
DoorStop Firewall
Firewall Q & A
Norton Personal Firewall

Mac Spyware & Privacy
NetShred - Delete Files Safely

Network Security
Oyabun Tools

Application Security Issues
AIM - AOL Instant Messenger
Back Orifice
Eudora E-Mail Client
Internet Configure
IE 5.1, OE 5.1, Powerpoint, Excel Vulnerability
MS Personal webServer
Outlook Express 4.5 Password Flaw
Sub7ME Server

Resource Info
AppleShare Server Info

Mac OS Encryption
My Secret
PGP Personal
PGP Freeware
Private File
Quick Encrypt
SubRosa Utilities

Deleting Files
Eraser Pro


Apple Hardware

Mac Attack

All material (c) 2014 and respected owners