Possible Leopard firewall problem?
Earlier today we were reading about a possible Leopard firewall issue:
You can read the full story here. What do you guys think? Should we worry about it?
Quote:
In the course of functional testing, heise Security has discovered a series of problems and peculiarities in the way the firewall in Apple's new operating system behaves. These may have an effect on system security. As with previous versions, by default the firewall in Mac OS X Leopard is deactivated. But even if the user activates it manually, the system is far from sealed off.
The major purpose of a firewall is to refuse access to uninvited guests. In particular, this means sealing off local services to prevent access from potentially hostile networks, such as the internet or wireless networks. However, the Leopard firewall fails miserably in this respect. In tests carried out by heise Security it was possible to communicate with the time server from remote even with the firewall set to "Block all incoming connections" - even when the Mac was directly connected to the internet via a DSL connection. The time server is started automatically by the system. In wired LANs, the NetBIOS name server from the Samba package is also active and, despite the firewall, accessible.
With the configuration set to the more flexible "Set access for specific services and applications," the firewall even allows access to arbitrary services started by the user -- regardless of whether or not they are in the list of shared services. Therefor a trojan horse could open a backdoor, that is accessible over the internet despite the firewall being activated.
In the course of functional testing, heise Security has discovered a series of problems and peculiarities in the way the firewall in Apple's new operating system behaves. These may have an effect on system security. As with previous versions, by default the firewall in Mac OS X Leopard is deactivated. But even if the user activates it manually, the system is far from sealed off.
The major purpose of a firewall is to refuse access to uninvited guests. In particular, this means sealing off local services to prevent access from potentially hostile networks, such as the internet or wireless networks. However, the Leopard firewall fails miserably in this respect. In tests carried out by heise Security it was possible to communicate with the time server from remote even with the firewall set to "Block all incoming connections" - even when the Mac was directly connected to the internet via a DSL connection. The time server is started automatically by the system. In wired LANs, the NetBIOS name server from the Samba package is also active and, despite the firewall, accessible.
With the configuration set to the more flexible "Set access for specific services and applications," the firewall even allows access to arbitrary services started by the user -- regardless of whether or not they are in the list of shared services. Therefor a trojan horse could open a backdoor, that is accessible over the internet despite the firewall being activated.
You can read the full story here. What do you guys think? Should we worry about it?
Comments
Earlier today we were reading about a possible Leopard firewall issue:
You can read the full story here. What do you guys think? Should we worry about it?
I am.
But I wonder if I should be. I'm connected wirelessly to a wireless router. I think it acts as a firewall, right?
Like a lot of other things that Apple decides to trow away overnight with new OSs I can't understand why that can't leave the Tiger advanced options of adding and closing ports.
Is this true. Leopard does allow the user to open and close additional port?
I have multiple instances of iTunes running on an iMac that are connected to an AppleTV. For this I had to manually open additional port in the firewall. Are you saying that I can't do this in Leopard?
Is this true. Leopard does allow the user to open and close additional port?
I have multiple instances of iTunes running on an iMac that are connected to an AppleTV. For this I had to manually open additional port in the firewall. Are you saying that I can't do this in Leopard?
For the time being, I can't figure out how to open up several ports on my computer. This is unbelievable!! I run secruityspy at work and I can't upgrade to Leopard because on my home machine, I haven't been able to open up ports like 5900-5902, 8000, 22, etc. You don't have the "Firewall" tab under "Sharing" in the System Preferences.
----
I take some of that back. They moved the Firewall tab under the Security preference, probably where it should have been in Tiger but thanks for the notice Apple!
I still can't say, open port 8000 on my computer. Anyone know how to do this in Leopard??
Earlier today we were reading about a possible Leopard firewall issue:
You can read the full story here. What do you guys think? Should we worry about it?
I can't replicate the findings!
OSX 10.5 with SMB filesharing enabled and firewall disabled
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-31 13:18 West-Europa (stan
daardtijd)
Interesting ports on 192.168.1.4:
Not shown: 1483 closed ports
PORT STATE SERVICE
123/udp open|filtered ntp
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
631/udp open|filtered unknown
5353/udp open|filtered zeroconf
MAC Address: 00:0D:93:4A:71:A4 (Apple Computer)
Nmap finished: 1 IP address (1 host up) scanned in 75.828 seconds
Identical to the result shown in the article.
When I repeat the scan with SMB filesharing still enabled and the firewall set to "Block All Incoming Connections" I get the following:
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-31 13:21 West-Europa (stan
daardtijd)
All 1488 scanned ports on 192.168.1.4 are closed (1200) or open|filtered (288)
MAC Address: 00:0D:93:4A:71:A4 (Apple Computer)
Nmap finished: 1 IP address (1 host up) scanned in 10.625 seconds
Why change something that was working great?
I haven't messed enough with Leopard's firewall to offer an opinion on it.
However, the Tiger firewall, and firewalls in general, are universally despised by the vast majority of users. The firewall is something that only ever causes problems in their opinion. Have a particular app that doesn't work online? Chances are it is a firewall misconfiguration.
Discussion of the new interface asside, it should at least be obvious that the old interface was beyond the capabilities of most users.
BTW, ipfw is still around so for those that want a custom setup, and are likely to know enough to use ipfw, then just open the Apple firewall and configure ipfw.