Hosting Provided By

Re: Holes in the firewall of Mac OS X Leopard

From: Juergen Schmidt <ju(at)heisec.de>
Date: Mon Oct 29 2007 - 19:55:28 EDT

On Mon, 29 Oct 2007, Brandon S. Allbery KF8NH wrote:

> On Oct 29, 2007, at 17:49 , Juergen Schmidt wrote:
>
> >- if you set it to "Block all incoming connections" it still allows access
> >to certain system services. We could access the ntp daemon that is running
> >per default over the internet. In a LAN based scenario, we were able to
> >query the Netbios naming service even with full blocking enabled.
>
> The firewall in Tiger, and presumably Leopard, only affects TCP services by
> default (you can enable UDP filtering in the Advanced settings). So no change
> here from the status quo.

Nope -- the behaviour we observed did not depend on the protocol by any means. For example we were able to connect to a netcat server listening on a TCP port despite of "Set access to specific services and programs" and an empty list of allowed services.

There is no way to "enable UDP filtering" in Leopard either -- at least I have not found any. In fact the firewall does not use ipfw rules at all.

bye, ju

-- 
Juergen Schmidt, editor-in-chief heise Security www.heise-security.co.uk
GPG-Key: 0x38EA4970,  5D7B 476D 84D5 94FF E7C5  67BE F895 0A18 38EA 4970

Received on Tue Oct 30 11:48:45 2007

This message: [ Message body ]
Next message: J. Carlos Nieto: "Django 0.96 (stable) Admin Panel CSRF"
Previous message: Secunia Research: "Secunia Research: IPSwitch IMail Server IMail Client Buffer Overflow"
In reply to: Brandon S. Allbery KF8NH: "Re: Holes in the firewall of Mac OS X Leopard"
Next in thread: Juergen Schmidt: "Leopard's firewall damages Skype and WoW"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Jul 16 2008 - 14:08:58 EDT