Securing your mac Most people, well the ones with half a brain, know that a macintosh is a hard computer to kill. There are fuck all remote exploits against mac's and also there are hardly any denial of service sploits against the good ol' mac. However despite the great internet security of a macintosh, there are still a few bugs and some smart people who have found a sploit or two against the mac. I have decided to help you people by going through some of the spliots/attacks towards the mac, so you can secure your mac. I think we'll start with the open ports (tcp). Open tcp ports make the attackie jump up and down in excitment, because they know that gives them more of a choice of sploit to use aginst you. Usualy a mac doesn't have any open tcp ports, but if you are running a service or are connected to a service that opens a tcp port there isn't much you can do about. However, there are a couple of things you can do: 1.) Use a prog like Port Fake, Port Fake (made by WeeDo) is an application (fat) for the macOS. Port Fake makes bad open ports (tcp) on your mac which close as soon as data is sent to them, therefore making it purdy hard too flood, it can also remove open ports when you are being scanned (a bit like nukenabber for winblows. Nukenabber ofcourse can be exploited by connecting to an open TCP port it is listening to, since the previous version (not the current/latest one) took up 99% cpu, it lags the comp to hell and 'crashes'? (i think)). 2.) If you are running the service, you should be able to change the open tcp port. I recommened changing it to a number above 9000 (at least). This way if someone scans you for open ports they would have to scan a long way, and if they are scanning for specific services, it shouldn't pick your open tcp port up, because that tcp port is not a usual service port ie. 23 = telnet, if you change the telnet port to 32753 it would not be recognised as telnet and therefore not picked up (usualy). 3.) You can also be a whore and send the logs to their ISP. Ofcourse since you are a smart person and use a logger like IPnetmonitor, you can see who is attacking you (if they don't spoof the IP/s ofcourse, but that's a different story all together ;) ) and if you are on IRC you maybe be able to find out who that person is by matching up their nick with their IP. Usualy if you tell the lamer that you are logging his attack (send him some of the logs) and you are going to send an e-mail to his ISP, they will stop or just act like it isn't affecting you and laugh at them ;) . As we leave tcp behind us, we'll look at the +++ath0 exploit. If you are using a modem (hayes compatable), your modem can be reset when someone send you a ping (icmp echo request) with the data +++ath0 string attached to it. +++ is the default command for your modem to go into command mode, then the ath0 (or as some people say just ath) is the command that tells your modem to go offline. Yes, I know, your jumping up and down shouting "WHAT AM I GOING TO DO!!!!!!?????". You have a couple of choices: 1.) Don't change it and get owned 2.) Change it by doing the following: a.) Find out that S register the +++ command prefix is, you can do this by reading the manual (stupid readme's). b.) Once you know what the S register is, go into terminal window and type: AT (checking if your computer is talking to your modem) ATSx? (where x is the register number ie. 55, the ? will tell you what the ascii number is and therefore the character ie.+) ATSx=y (where x is the register number and y is the ascii value of what character you want ie.&=38 so it would be ATSx=38) ATSx? (find out if it worked) AT&W (save it to your modem) You can change the ath0 if you wish, this is just one way. You can even configure your computer to send DTR instead, it's up to you. The ath0 exploit can be used against all OS, it has to do with the modem, not the computer, you can check if you are vulnerable by typing +++ath0 and sending it outwards from your modem .ie irc msg. If you get disconnected, you are vulnerable. UDP floods are a bit anoying if you can't handle it. People can send you packets that make you recieve data and send it outwards, this totaly lags your modem/cable/ISDN/framerelay/T1/T3/oc-3/oc-12/oc-256 (if the person has enough power they can lag you even if you have cable or an oc-256, if they also have an oc-256 :x) and may disconnect you. What you can do about this is put up a firewall, the firewall will not send the data back when it has been recieved, it will also close tcp ports, stop most attacks and is a pain in the arse because you can't do shit from it. It is possible to get attacked even when you have your firewall up, this is done by using fragmented packets, but damn, i don't want to go into that right now, if i went through everything this file would be too large ;). One more thing i'll go into is smurfing. When someone smurfs you, they are sending information to other computers which may or may not duplacate the command depending on how many dups it has, this can be checked by pinging the IP to see how many responses you get in return. Now, if you are being smurfed, i think you should chuck up that logger and soak those IP's up, because you can add them to your list :) Take those IP's untill you can't take it anymore, or it is repeating, then you can do a few things: 1.) Disconnect 2.) Pray 3.) Look at Happle #9 which explains more about it i think... umm *shrugs* 4.) Look at happle's unix archive (hotline) that shows how too lessen the attack of a smurf Like that helps :P I may go into more detail in another file, but for now that should hold your mac together for a bit ;) Ferrocyanide. "Thank God I'm an atheist."