Full Disclosure mailing list archives
Re: Holes in the firewall of Mac OS X Leopard
From: Juergen Schmidt <ju () heisec de>
Date: Tue, 30 Oct 2007 00:55:28 +0100 (CET)
On Mon, 29 Oct 2007, Brandon S. Allbery KF8NH wrote:
On Oct 29, 2007, at 17:49 , Juergen Schmidt wrote:- if you set it to "Block all incoming connections" it still allows access to certain system services. We could access the ntp daemon that is running per default over the internet. In a LAN based scenario, we were able to query the Netbios naming service even with full blocking enabled.The firewall in Tiger, and presumably Leopard, only affects TCP services by default (you can enable UDP filtering in the Advanced settings). So no change here from the status quo.
Nope -- the behaviour we observed did not depend on the protocol by any means. For example we were able to connect to a netcat server listening on a TCP port despite of "Set access to specific services and programs" and an empty list of allowed services. There is no way to "enable UDP filtering" in Leopard either -- at least I have not found any. In fact the firewall does not use ipfw rules at all. bye, ju -- Juergen Schmidt, editor-in-chief heise Security www.heise-security.co.uk GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Heap overflow in RealPlayer ID3 tag parser NGSSoftware Insight Security Research (Oct 30)
- Holes in the firewall of Mac OS X Leopard Juergen Schmidt (Oct 29)
- Re: Holes in the firewall of Mac OS X Leopard Brandon S. Allbery KF8NH (Oct 29)
- Re: Holes in the firewall of Mac OS X Leopard Juergen Schmidt (Oct 29)
- Re: Holes in the firewall of Mac OS X Leopard Brandon S. Allbery KF8NH (Oct 29)
- Holes in the firewall of Mac OS X Leopard Juergen Schmidt (Oct 29)