Full Disclosure mailing list archives
OSX 10.3 Personal Firewall.
From: B-r00t <br00t () blueyonder co uk>
Date: Wed, 29 Oct 2003 03:02:06 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Panther OSX 10.3 (Firewall Configuration App) OSX Personal Firewall gives false sense of security due to lack of ICMP and UDP protocol filtering. maki:~ br00t$ sw_vers ProductName: Mac OS X ProductVersion: 10.3 BuildVersion: 7B85 Quoting Apple: http://www.apple.com/macosx/features/security/ Personal Firewall The Mac OS X personal firewall protects your computer from unauthorized access by monitoring all incoming network traffic. When you enable the personal firewall in Mac OS X, all inbound connections are denied except for those that you explicitly permit. Activating the OSX firewall via: - System Preferences => Sharing => Firewall [START] Performing an Nmap TCP port scan reveals: - [root@desktop]# nmap -sS -p 1-65535 -vv maki Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Host maki (192.168.0.69) appears to be up ... good. Initiating SYN Stealth Scan against maki (192.168.0.69) The SYN Stealth Scan took 2779 seconds to scan 65535 ports. All 65535 scanned ports on maki (192.168.0.69) are: filtered Nmap run completed -- 1 IP address (1 host up) scanned in 2779 seconds The output results are as expected with all ports being reported as 'filtered'. However, ICMP and UDP protocols produce the following results. ICMP: - [root@desktop]# ping -c 1 maki PING maki (192.168.0.69) 56(84) bytes of data. 64 bytes from maki (192.168.0.69): icmp_seq=1 ttl=64 time=2.71 ms - --- maki ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.713/2.713/2.713/0.000 ms UDP: - [root@desktop]# nmap -sU -p 1-65535 -v maki Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Host maki (192.168.0.69) appears to be up ... good. Initiating UDP Scan against maki (192.168.0.69) The UDP Scan took 434 seconds to scan 65535 ports. Interesting ports on maki (192.168.0.69): (The 65531 ports scanned but not shown below are in state: closed) Port State Service 68/udp open dhcpclient 123/udp open ntp 514/udp open syslog 5353/udp open unknown Nmap run completed -- 1 IP address (1 host up) scanned in 435 seconds The important word being 'closed' and NOT 'filtered'! I know that the underlying ipfw is capable of being configured accordingly, but shouldnt the overlying firewall configuration application at least activate appropriate UDP and ICMP filtering? Especially since the majority of OSX users will employ the GUI firewall configuration application as their primary form of Internet protection. Remember kidz, use either ICMP or UDP backdoor code! Just my opinion. B#. - -- - ---------------------------------------------------- Email : B-r00t <br00t () blueyonder co uk> Key fingerprint = 74F0 6A06 3E57 083A 4C9B ED33 AD56 9E97 7101 5462 "There's no way a highschool punk can put a dime into a telephone and break into our system." - ----------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (OpenBSD) iD8DBQE/ny21rVael3EBVGIRAs8zAJwOObJtmOKDPshVc5du4QXPQhFM0ACgmWhb XLnokNmynZIOndoUqTeJ+n8= =Vad8 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- OSX 10.3 Personal Firewall. B-r00t (Oct 28)
- Re: OSX 10.3 Personal Firewall. jamie (Oct 28)
- Re: OSX 10.3 Personal Firewall. S . f . Stover (Oct 30)
- Re: OSX 10.3 Personal Firewall. jamie (Oct 28)