Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple's Response to "Denial of Service"

Posted by Hemos on from the keeping-up-with-joneses dept.

carbondave writes "Apple has made an update for Open Transport and it is currently available for download at Apple's website. Here is the contents of the read me that comes along with it. OT Tuner 1.0 switches off an option in Open Transport that would cause a Macintosh to respond to certain small network packets with a large Internet Control Message Protocol (ICMP) packet. This update prevents Macintosh computers from being the cause of certain types of Denial of Service (DOS) issues. " This is a follow-up to yesterday's coverage of OS9 machines being used in DoS attacks.

5 of 70 comments (clear)

  1. Quick response. by _GNU_ · · Score: 4

    Apple got it out about an hour after the slashdot post, very good compared to "other" software companies..

  2. Some ideas for Apple... by jd · · Score: 3
    • Run a global "Apple Network Stack Upgrade Compliance Test", to see which users have upgraded, on December 31st, at 23:59:59
    • Modify the super-huge ICMP packet to only affect Winsock 2.0 systems
    • Turn it into a promotion gimic ("Our Packets Are Bigger!")
    • Sell Apples as Network Stress-Testing Tools
    • Point out the cost-savings ("Crackers costing you millions? Buy Apple and DoS your own network for free!")

    Seriously, it's great to see a commercial company actually respond to a serious software fault, rather than blame the user, the competitors, the media, or the small furry creatures from Alpha Centauri who have been helping with the debugging.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  3. Re:no, that was our opinion *yesterday* by Zigg · · Score: 3

    I would wager by the fact that it's been confirmed by Apple labs and is detailed in a PGP-signed CERT advisory that you can stop calling it a hoax now.

    Normally people do things like prove that vulnerabilities do not exist (by testing or by intimate knowledge of the way a system is designed) before calling them hoaxes. Since I had no access to MacOS 9, and no verifiable sources were saying that it was a hoax, I was definitely not going to propagate that rumor.

    Security problems are real. Let's help them get solved instead of shooting off our mouths.

  4. Anybody open the patch yet? by imac.usr · · Score: 3

    I did, with ResEdit...this is a very odd extension. The 'INIT' resource appears to contain just raw data instead of typical INIT code. There are also ASCII names of several Open Transport routines (presumably, the ones being patched). But why put this into an INIT which can be disabled via Extensions Manager? Why not do what they did with the Font Manager Update for 8.6; patch the Extensions Manager prefs so that this obviously important piece of software can't be disabled easily? The code should be similar to the FMU code, so it souldn't be that hard to implement. Either that, or set it up as a 'scri' file, so it can't even be seen by EM (although it would then load before OT does, so maybe that's not such a good idea).

    Also, as of this morning, this was still not available via Mac OS 9's built-in Software Update. I hope we aren't expected to all know to go to Apple's site and download the patch ourselves....


    --
    I use Macs for work, Linux for education, and Windows for cardplaying.
  5. Most consistent DOS perpetrator: Slashdot by DonFreenut · · Score: 4


    I find any Slashdot coverage of DOS issues vaguely ironic, as the Slashdot effect is probably responsible for more DOS attacks on web servers than any other person/group/effect. It's especially funny because the targets of these attacks are supposedly sites of interest to the attackers. It's kind of like one of the web-defacement groups DOS-ing attrition.org, or something.

    That's not to say that I'm going to stop participating in the daily massive distributed DOS attempts. No one ever said the Internet was a republic.