Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Holes in the firewall of Mac OS X Leopard

from [Juergen Schmidt] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Holes in the firewall of Mac OS X Leopard
Date: Tue, 30 Oct 2007 00:55:28 +0100 (CET) 
On Mon, 29 Oct 2007, Brandon S. Allbery KF8NH wrote:


On Oct 29, 2007, at 17:49 , Juergen Schmidt wrote:


- if you set it to "Block all incoming connections" it still allows access
to certain system services. We could access the ntp daemon that is running
per default over the internet. In a LAN based scenario, we were able to
query the Netbios naming service even with full blocking enabled.


The firewall in Tiger, and presumably Leopard, only affects TCP services by
default (you can enable UDP filtering in the Advanced settings).  So no change
here from the status quo.


Nope -- the behaviour we observed did not depend on the protocol by any 
means. For example we were able to connect to a netcat server listening on 
a TCP port despite of "Set access to specific services and programs" and 
an empty list of allowed services.

There is no way to "enable UDP filtering" in Leopard either -- at least I 
have not found any. In fact the firewall does not use ipfw rules at all. 

bye, ju



-- 
Juergen Schmidt, editor-in-chief heise Security www.heise-security.co.uk
GPG-Key: 0x38EA4970,  5D7B 476D 84D5 94FF E7C5  67BE F895 0A18 38EA 4970

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Holes in the firewall of Mac OS X Leopard, Brandon S. Allbery KF8NH
Next by Date:  [Full-disclosure] RFIDIOt release - version 0.1q, Adam Laurie
Previous by Thread:  Re: Holes in the firewall of Mac OS X Leopard, Brandon S. Allbery KF8NH
Next by Thread:  Untrusted Java applet can connect to localhost, NGSSoftware Insight Security Research
Indexes:  [Date] [Thread] [Top] [All Lists]