hi, using 10.7.2 , little snitch running. had uncheck "block incoming connections" in firewall , added omnifocus app bypass firewall can sync list iphone 4s.
unchecking "block incoming connections" still block connections exception of apps add?
checked "automatically allowed signed software receive incoming connections" , "enable stealth mode". safe? had blocked incoming connections on 10.7.2.
using linksys wrt54gl wireless broadband router.
want safe.
thanks.
this opinion, frankly find software firewalls running directly on host useless. let's face it, "attacked", need actual application listening on socket. software firewalls add layer of ip filtering above , beyond other mechanisms provided applications , system.
looking @ potential attack vector on system presently, can see following :
2 of these processes (first name in column) running unprivileged user (3rd column). skype , x11. less worries there, x11 contains filtering rules can give display information through xauth, skype security whole if unpatched (or if vendor isn't releasing patches security issues) harm system limited , software firewall "allow" traffic through anyhow since skype peer peer , can't filter traffic if want application work.code:$ sudo lsof -n -i | grep listen | grep -v 127.0.0.1 | grep -v ipv6 tcprelay 78 root 3u ipv4 0xffffff800ca9a500 0t0 tcp *:10022 (listen) tcprelay 78 root 4u ipv4 0xffffff800ca99de0 0t0 tcp *:italk (listen) tcprelay 78 root 5u ipv4 0xffffff800ca996c0 0t0 tcp *:12346 (listen) skype 222 user 56u ipv4 0xffffff800ece4de0 0t0 tcp *:30718 (listen) x11.bin 511 user 10u ipv4 0xffffff8011b946c0 0t0 tcp *:6000 (listen)
other application, tcprelay, not indicative of is. find out, need dig bit deeper. it's running root also, can mean more if attacker manages exploit run code on system (remote code execution). let's see if process can give few clues :
using pid (2nd column), can find out is. may not sound you, me says everything. part of nova, technology palm uses simulator webos. basically, daemon process listens connections novaterm shell simulator (which vm run under virtualbox).code:$ ps -fp 78 uid pid ppid c stime tty time cmd 0 78 1 0 7jan12 ?? 0:00.01 /opt/nova/bin/tcprelay
now, can browse secunia or securityfocus cves surrounding process, or really, stop , prevent run if we're paranoid (and not actively working on webos project). software firewalling ? why bother.
other mitigating factors system provides tcp wrappers. processes nowadays make use of them. can define process hosts allowed or denied, without filtering rest of incoming traffic.
lot of "blocked" traffic useful. people block icmp there's no tomorrow, thinking "icmp = bad!" they're quite wrong. icmp, aside old echo messages (ping if like) speed connection. yes, way internet responds hosts , tells of many problems can face instead of waiting timeouts trigger or sending out sloppy packets, system can adjust or fail gracefully right away. these include following quite useful messages :
- icmp unreachable (either network, host or port). if block incoming icmp unreachable messages, stack retry , retry send packets until reaches timeout. if stack receives unreachable message, can fail immediately, you're not sitting there looking @ spinning (depending on system).
- icmp fragmentation needed. upstream router telling mtu high , has fragment packets you. costing time , upping latency destination. if block this, system can't react , optimize frames size no fragmentation needed, lowering overall latency destination.
- icmp time exceeded. goes example number #1 different reason. ttl value set low number of hops you're going through. if system doesn't know this, it'll retry , retry again, , won't connection ever. doesn't mean remote host not responding though, means packets aren't getting there. if had time exceeded message, system adjust, raise ttl , connection.
frankly, network firewalled off nat box (a side effect of running nat/pat, if don't have translation rules outside inside, it's getting dropped anyhow) unless have no confidence in software listening on host (and if don't, why running , filtering rules have applied using existing mechanisms ?) there's no issue in leaving host "exposed" without software firewall. wireless network, again, trust issue. trust wireless security ? , if it's broken, can attacker on network segment attack host ? do @ cafe ? remember : software firewall you've allowed listening software not protecting anymore nothing @ (except if attacker daft enough forget -p0 switch on nmap command line, , we're not dealing genius here).
again, opinion.
Forums Macs macOS Older OS X Versions Mac OS X Lion (10.7)
- iPhone
- Mac OS & System Software
- iPad
- Apple Watch
- Notebooks
- iTunes
- Apple ID
- iCloud
- Desktop Computers
- Apple Music
- Professional Applications
- iPod
- iWork
- Apple TV
- iLife
- Wireless
No comments:
Post a Comment