SecureMac.com
About SecureMac Advertise Security Consulting Mac Security Store Send Feedback

Site Information
Site Background
Who runs the site
Advertising
Security Consulting
Employment/Jobs
Feedback Form

SecureMac Software
PrivacyScan

 

Mac OS X Security
sudo buffer overflow exploit + fix
Disable Single User Boot Mode
Malevolence - Dumping Passwords
nidump security
Startup Security - Open Firmware Password Protection

Mac OS X Network Security
SAINT
Secure FTP Wrapper
Ettercap - sniffer interceptor logger
Snort - Network Intrusion Detection System
SSH Admin
SSH Helper
xnu - enable MAC Address spoofing


Mac OS X Virus

Mac OS X Firewalls
Firewalk Firewall Utility
NetBarrier X

Mac OS X App Sec.

Mac OS X Encryption
LittleSecrets
GPGMail - PGP Functionality

Mac OS X DoS

SecureMac Library
Mac Cable Modem Security
Mac Security Auditing
Mac OS X Security Understanding
Mac OS X Security Second Lessons
Mac OS X Security Third Lesson
Mac OS X Single User Mode Root Access
Mac OS X Shareware Firewalls
Mac OS X Secure Installation
Cable & DSL Connections - Security Measures
Better Safe than Sorry
Apple.com Security Resources
Marketing Macintosh Security Programs

GrouchySmurf 1.0b Review
(spoofed icmp broadcast)



GrouchySmurf is the first public release of an ICMP broadcast attack for the MacOS. Last night the application was released by Freaks Macintosh Archives a hacker related website for the macintosh community. They wrote a review/press release on the application to hype it. Now it is online and avialable for download. The ICMP broadcast attack will be explained in details further in this document.

Were not going to try to hide the bad uses of this program. This review is to inform you of the new software released and what damages it might cause. This is not a new attack or exploit, just the first time ported to the MacOS. This software can be used for good uses (personal testing of your own servers vulnerabilities, etc) or bad uses (flooding someone off the net, causing bsod's (blue screen of death), crashing the machine, slowing down servers, etc).
*

What's a broadcast / Quick ICMP broadcast attack
First of all, lets put something clear: a broadcast is _not_ a machine, it is in fact the address of a whole subnet of machines. Machines over the internet have IP addresses in the form x.x.x.x where each x is a number between 0 and 255 (of course alot of those addresses are special addresses and not all of them are used as standard IP addresses, but you already knew all that..) So here is what interests us, lets say we have a LAN (Local Area Network) which IP addresses belong to the subnet 205.151.222.x. The default gateway address would be 205.151.222.1, and the subnet's actual address would be 205.151.222.0. The broadcast address would be 205.151.222.255.

Here's what interests us, the broadcasts and subnet addresses, which do pretty much the same thing in that case. Now lets say a machine on our LAN wants to send a packet that everyone will read, this is called a broadcasted packet, the machine will send it to 205.151.222.255 or 205.151.222.0 (255 is the most commonly used though.). The machine actually sent one packet which was read by ALL the machines on this subnet. Now lets say that machine sends a PING to the broadcast address, what will happend? well all the machines on the subnet will reply to this machine with an ICMP echo reply.

Now this should _only_ work with local area networks, this means the gateways should only broadcast packets coming from the INSIDE of the network. The reason I say should though is that there is obviously an exception, and a big one. Alot of gateways over the internet are misconfigured and allow broadcast packets to come from the outside. This means if I send a PING to the subnet's broacast, each machine will reply with one ping, amplifying my PING by the number of machines on this subnet.

The ICMP broadcast attack uses a list of those vulnerable broadcast servers and send PING to those broadcast servers, those packet's source address is spoofed to the victim's IP address, so all the ICMP echo replies are sent back to the victim, and not to you, the real source.



Download:
Freaks Macintosh Archives Download



Fix:
This vulnerability is very easy to fix, it fact it resides in telling your router not to broadcast packets coming from the exterior (the internet in this case), therefore only broadcasting local packets. You can import directly a list of your own servers which might be vulnerable or enter them manually (and save it to test them again, if you wish, when measures are taken.). The best way to know which servers responds would be to use an ICMP logger and attack your own machine. The built-in ping utility allows you to test lag on a remote machine and has various uses, such as making sure you do not blow off the net the machine you are using for monitoring purposes.

Please if you have any questions regarding this application or feedback, fill out the form below.


FEEDBACK TIME!


Enter Email Address:

Enter your message:


Select Either of These Two Buttons



*some of the data on this page was taken directly from the readme.


Security + OS
DiskLock
PowerBook Security Control Panel
Empower Pro
FileGuard
FreeGuard
FoolProof
Deus Lock Master
OnGuard
Keys Off
LockOut
MacOS Algorithm
Modem Security
Password Key
PGPuam
PPF
Shift Key Suite
Stealth Signal
SuperLock Lite
SuperLock Pro
Web-Confidential


Macintosh Viruses
Disinfectant
Sophos Anti-Virus
Norton AntiVirus
Nav 7 Nav 6 Nav X
Virex - Oct
VirusBarrier - Netupdate
vScan - Discontinued.

Mac Physical Security


Macintosh Firewalls
DoorStop Firewall
Firewall Q & A
IPNetSentry
NetBarrier
Norton Personal Firewall

Mac Spyware & Privacy
Monitorer
NetShred - Delete Files Safely

Network Security
MacAnalysis
Oyabun Tools
WDTech RAE
ToolDaemon

Application Security Issues
AIM - AOL Instant Messenger
Back Orifice
Eudora E-Mail Client
Internet Configure
IE 5.1, OE 5.1, Powerpoint, Excel Vulnerability
MS Personal webServer
NetBus
Outlook Express 4.5 Password Flaw
SubSeven
Sub7ME Server

Resource Info
AppleShare Server Info

Mac OS Encryption
EnScript
FGP
FileTwister
ForgotIt?
GenPass
MacLockSmith
My-Privacy
My Secret
PGPi
PGPhone
PGP Personal
PGP Freeware
PowerCrypt-dev
Private File
Quick Encrypt
SubRosa Utilities
Tresor

Deleting Files
Eraser Pro
ShredIt

Backups

Apple Hardware

MacOS DoS
Mac Attack


All material (c) 2014 SecureMac.com and respected owners