Forums | MacLife

Ah, Gibson Research Corporation... Gibson has been around for ages, pointing out holes in firewalls and issues with the Windows NetBIOS.

He's considered a bit paranoid by some (almost one of the tin-foil hat brigade), but I've been checking systems with his online tools for years and it's interesting what you find.

I've seen a few companies with systems wide open to attack. When checking is trivial (as Gibson makes it), there's no excuse.

The other checks are quite interesting too...

Here's another set of security tests:

http://www.sygatetech.com/prequickscan.html

I passed on the first two (Quick Scan and Stealth Scan).

I didn't pass..

On port 80 and 113, I got "This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities." errors.

Protocol 8 gave me "ICMP" "Blocked" "An ICMP ping request is usually used to test Internet access. However, an attacker can use it to determine if your computer is available and what OS you are running. This gives him valuable information when he is determining what type of attack to use against you."

In other words, everything except those first two were "Blocked".

Failed 

Port 80 is open.
Anyone know why? I don't run a server, or do I?
I'm running  10.2.8 and installed with the defaults.
Firewall is ON.

I'm also running through a router. Is it possible that the NAT firewall is broken somehow?
I did reset the router...makes no difference.

Ehhh... the Symantec security test ran fine in Safari for me. Do you have the latest version of Safari or are you running another browser like Mozilla?

Oh and the results: passed the Symantec one but failed the first link one.

I wouldn't worry too much about this. It's just the fact that you're running OS X that helps decrease your chances of being hacked dramatically. Aside from ping bombing or doing something really useless/stupid, I doubt they can get serious access to any of your files or documents. That's not to say it's not impossible, it's just extremely hard to do.

Heh, funny story too... one of my roommates is a hardcore PeeCee (Linux and XP) programmer who is majoring in computer science, so we challenged him to break into each others computers through the local campus network (which has virtually no protection at all). He was being all cocky about how good he was and how it was so easy to break into every computer. Well, he easily got in through my other roommate's Dell Dimension desktop PC, but failed miserably to gain entry into my PowerBook. I helped him out by giving him my IP, to confirm that it was in fact my Mac, and he still couldn't get in. I just gave him the "told you so" smile and walked away. To this day we haven't argued about security vulnerability on Macs.

snip

So what you're basically saying is that, for a user like me, who only has one computer, Mac OS X's software firewall is all I really need, and that my hardware firewall is basically overkill right?

Port 80 is HTTP. If you have "Personal Ewb Sharing" on, it will be open. Check Sharing Prefs.

Personal Web Sharing is off. Firewall is on. Still reports port 80 open.

Is it normal for the open port to show through the router?

When I used to use the old Dell, with proxy cookie/ad blocking software, Gibson's site used to report that I was most likely behind a firewall, or something to that effect. Now it reports that I have a proxy set up and to disable it to test. That's why I think that the router might be having a problem. I have reset it to default with no difference in the results.

I am still trying to find my router manual... I know it is here somewhere.

Ehhh... the Symantec security test ran fine in Safari for me. Do you have the latest version of Safari or are you running another browser like Mozilla?

Oh and the results: passed the Symantec one but failed the first link one.

I wouldn't worry too much about this. It's just the fact that you're running OS X that helps decrease your chances of being hacked dramatically. Aside from ping bombing or doing something really useless/stupid, I doubt they can get serious access to any of your files or documents. That's not to say it's not impossible, it's just extremely hard to do.

<snip>

I'm using Mozilla. Don't think the browser would make a difference.

I went to the Symantec test and had the same results. Another test site also showed port 8080 open and something about ping.

I'm not overly concerned about anyone getting my important files... I keep those on another machine that doesn't have internet access. I do have a PC, that my son uses, to worry about. With broadband, things happen fast. Can't just unplug the old/slow modem. I just wonder why, with web sharing off, the port is open. Possibly a glitch in my OS. I have kept up to date on the security fixes, as well.

I do have my newer (to me) 333 iMac and Panther to install on it. Maybe I'll load that and see what happens there.

I was going to test this from work, but decided not to in case the admins found out and got all pissy.

I will try it when I get home, and compare my G5 to my wife's peecee....

As for not needing a firewall, while true that OS X is vastly more secure by default, I would just as soon surf as anonymously as possible so I typically advise to have one, preferably hardware based. If for any reason just so I don't so up on the script-kiddies random IP scans, I would just as soon not be in anyone's sites if possible. By example, I live in an apartment complex and the cable company assigns each building a small range on the same subnet, a few of us have turned on logging on the cable modem and it is pretty impressive how many external request for unauthorized access we get each day. Now in 99% of the cases the modem just passes these request and then the firewall drops them, but I would just as soon show up as

someip.sbcglobal.com

You don't "surf anonymously."  The webserver you connect with knows your IP and the routers along the route you use know your IP.  It's not some super secret information, since it is, after all, your address.

than something more specific. Tin foil hat or not, better safe than sorry in this case. Sure, you ISP and even your browser still identify you on some levels, but it keeps the amatures out.

Something more specific how?  As in, Host.domain.tld runs OS X?

It just doesn't make any sense that said information is somehow subject to priviledge.

I do log access requests, but instead of bragging about how my firewall repelled attacks that wouldn't have succeeded in the first place, I notice that every attempt at attack (not scans, because those are typically only done by my ISP) is the result of some kind of automated script (e.g. NIMDA, uPnP attacks, etc).  Woo.  Those are gonna hurt my non-win32 NAT machine.

As for not needing a firewall, while true that OS X is vastly more secure by default, I would just as soon surf as anonymously as possible so I typically advise to have one, preferably hardware based. If for any reason just so I don't so up on the script-kiddies random IP scans, I would just as soon not be in anyone's sites if possible. By example, I live in an apartment complex and the cable company assigns each building a small range on the same subnet, a few of us have turned on logging on the cable modem and it is pretty impressive how many external request for unauthorized access we get each day. Now in 99% of the cases the modem just passes these request and then the firewall drops them, but I would just as soon show up as

someip.sbcglobal.com

You don't "surf anonymously."  The webserver you connect with knows your IP and the routers along the route you use know your IP.  It's not some super secret information, since it is, after all, your address.

than something more specific. Tin foil hat or not, better safe than sorry in this case. Sure, you ISP and even your browser still identify you on some levels, but it keeps the amatures out.

Something more specific how?  As in, Host.domain.tld runs OS X?

It just doesn't make any sense that said information is somehow subject to priviledge.

I do log access requests, but instead of bragging about how my firewall repelled attacks that wouldn't have succeeded in the first place, I notice that every attempt at attack (not scans, because those are typically only done by my ISP) is the result of some kind of automated script (e.g. NIMDA, uPnP attacks, etc).  Woo.  Those are gonna hurt my non-win32 NAT machine.

First, I said "as anonymously as possible" and did acknowledge that it was not really possible to be compeletly under the radar.

Second, not everyone is just running Mac OS X on their network so I take those scans a little more seriously.

Third, individual users can be subjected to DDoS attacks so having most scan request "blackhole" at your IP can be useful.

Fourth, and I say this because I care, there are a lot of brands of decaf on the market now that taste just as good as regular coffee, maybe you should try one?

What about dynamic IP addresses?  Do the ISPs keep track of which machine is using which address at what time?

Also, what about anonymous proxy servers?

It doesn't matter whether you're static or dynamic.  Someone, somewhere, knows your IP address at all times you're using the connection.

Hell, I could probably dig through my apache logs (since I host my own images for this forum), and see just who belongs to what IP, even if I didn't have the little square "IP" button in the top corner of each post.

I'd be careful with proxies, especially anonymous ones on the net.  They tend to track a lot more information than just the random sites you hit.

Ok people, not everybody is as hardcore and knowledgeable about security, what can us normal folks do to be safe? I fail the shields up test every time with all ports stealthed, but it responds to the damned ping. Now somebody said that's normal, but then why doesn't the site pass you and explain that? Because the guy running it is crazy scared or because you should hide your system from pings too? If so, how does one do that on os x?

Ok people, not everybody is as hardcore and knowledgeable about security, what can us normal folks do to be safe? I fail the shields up test every time with all ports stealthed, but it responds to the damned ping. Now somebody said that's normal, but then why doesn't the site pass you and explain that? Because the guy running it is crazy scared or because you should hide your system from pings too? If so, how does one do that on os x?

You don't pass because Steve Gibson is a tin-foil pated lunatic.

A system that returns ICMP ECHO responses (pings) is perfectly reasonable and not insecure in the least.

What do regular people need to do to be safe?

Are you using OS X?

Ok you're done.

regular people need do nothing, unless that regular person is running windows, directly connected to the cable modem.