Security Basics mailing list archives

Re: Mac X-Server Security Questions...

From: Florian Rommel <frommel () gmail com>
Date: Sat, 09 Apr 2005 21:12:28 +0300

hmm... i on my X server (panther) everything closed except ssh and AFP,here is what nmap (from a linux host) gives me back:



nmap -sT -O -P0 10.0.0.221

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-04-09 20:59EESTWarning: OS detection will be MUCH less reliable because we did notfind at least 1 open and 1 closed TCP port

Interesting ports on 10.0.0.221:
(The 1660 ports scanned but not shown below are in state: filtered)
PORT    STATE SERVICE
22/tcp  open  ssh
427/tcp open  svrloc
548/tcp open  afpovertcp
MAC Address: 00:0A:95:AE:C2:D6 (Apple Computer)
Device type: general purpose
Running: Apple Mac OS X 10.3.X
OS details: Apple Mac OS X 10.3.0 - 10.3.3

Nmap run completed -- 1 IP address (1 host up) scanned in 35.271 seconds

and when i try to telnet into port 135, 139 or even 80 i get this inthe firewall logs:

Apr 9 21:06:30 Server ipfw: 12190 Deny TCP 10.0.0.30:3903110.0.0.221:139 in via en0Apr 9 21:06:35 Server ipfw: 12190 Deny TCP 10.0.0.30:3903210.0.0.221:135 in via en0Apr 9 21:06:42 Server ipfw: 12190 Deny TCP 10.0.0.30:3903310.0.0.221:880 in via en0Apr 9 21:06:45 Server ipfw: 12190 Deny TCP 10.0.0.30:3903310.0.0.221:880 in via en0Apr 9 21:06:48 Server ipfw: 12190 Deny TCP 10.0.0.30:3903410.0.0.221:80 in via en0Apr 9 21:06:51 Server ipfw: 12190 Deny TCP 10.0.0.30:3903410.0.0.221:80 in via en0


so ipfw does work and deny.

Could you please let me know what you needed to configure in the commandline by the way, that couldnt be configured via the GUI? Because I justspoke to an Apple Technician that I know and he asured me that ipfw isfully supported, ESPECIALLY when done with the GUI.

Anyway, I would like to help you as far as I can so I am wondering ifthe ipfw was even running fully or was tehre a problem in your setup?


cheers

//Florian
http://www.2blocksaway.com





---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE

Organizations worldwide are in need of highly qualified information securityprofessionals. Norwich University is fulfilling this demand with its MS inInformation Security offered online. Recognized by the NSA as anacademically excellent program, NU offers you the opportunity to earn yourdegree without disrupting your home or work life.


http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------

Current thread:

RE: Mac X-Server Security Questions..., (continued)
- RE: Mac X-Server Security Questions... Brad Berson (Apr 07)
  - Re: Mac X-Server Security Questions... Javier Blanque (Apr 07)
- RE: Mac X-Server Security Questions... Brad Berson (Apr 08)
- RE: Mac X-Server Security Questions... Brad Berson (Apr 08)
  - Re: Mac X-Server Security Questions... Florian Rommel (Apr 08)
  - Re: Mac X-Server Security Questions... Florian Rommel (Apr 08)
  - RE: Mac X-Server Security Questions... John Jasen (Apr 08)
- RE: Mac X-Server Security Questions... Brad Berson (Apr 08)
  - Re: Mac X-Server Security Questions... Robert Inder (Apr 09)
- RE: Mac X-Server Security Questions... Brad Berson (Apr 09)
  - Re: Mac X-Server Security Questions... Florian Rommel (Apr 11)
  - Re: Mac X-Server Security Questions... Javier Blanque (Apr 11)
  - RE: Mac X-Server Security Questions... M. Shirk (Apr 11)
- RE: Mac X-Server Security Questions... Brad Berson (Apr 11)
- RE: Mac X-Server Security Questions... Brad Berson (Apr 11)