Leopard Firewall: More discussion, and revelations.
I spent quite a bit of time tonight testing the Leopard firewall from my local host as well as from a Linux host on my local LAN while running various configurations of Nmap and tweaking the various Leopard firewall configuration options.
As I started to write it up, I found that I’ve been beaten to the punch. I did quite a few of the same tests that Rich Mogull did, but based on comments posted by Jurgen Schmidt, the author of the original Heise article, I have done some further testing this evening.
Jurgen is absolutely right. Despite having the Leopard firewall configured for “Block all incoming connections” and having ’stealth mode’ enabled in the Advanced Configuration options – I was able to run other servers locally on the Mac (I used netcat as he suggested) and they showed up locally in both netstat and Nmap scans, and they also showed up as open ports when attempting to contact the Mac from a remote system. The remote side (Linux) Nmap showed the ports as open, not even filtered.I understand that there is some confusion / concern about how the ‘Application Specific’ access control works — but I would expect that when you say “Block all incoming connections” and “Enable Stealth Mode” that at the very least it wouldn’t leave some ports wide open.
PORT STATE SERVICE VERSION
1000/tcp open cadlock?
Ouch!
Loading...