From: Morgan Aldridge (makkintosshu_at_mac.com)
Date: Tue Oct 18 2005 - 05:59:51 PDT
Basically, with Stealth Mode, your Mac OS X box will be a black hole to
packets which are coming from the outside to a port which is blocked by
the firewall. It will not respond to port scans, it will not respond to
pings. For all intensive purposes it'll be non-existent. I keep Network
Intrusion Detection systems running on my LANs and I can SSH into them,
but only because I know what IP address to use and that they will, in
fact, respond when I make the right request.
I don't know whether Tiger disables Rendezvous/Bonjour when Stealth
Mode is on. If it does not, then your Bonjour traffic will give you
away. In fact, any traffic (if someone is on your network and packet
sniffing) will give you away, but it'll still be harder to discover
open services for them to attack.
Regarding your second note: Remember that many Cable/DSL modems are
picky as to power up order when used with routers, so that may not work
for someone. Also, if someone is attempting to gain access to your
network from the outside and are trying to go through your Cable/DSL
modem, they are probably going to record the hardware MAC address of it
and will not need to know your IP address to find it. If somebody wants
to get in badly enough, they will find a way. The problem really lies
in the fact that if it's too hard to get in, someone's either going to
physically break into the location and steal the computer (damn, they
wanted it REAL bad!) or they're so enticed by the challenge that
they'll find a way in, no matter how long it takes.
There's another reason why I use a Newton: if I were to ever lose a
backup card, I can be pretty safe in assuming that (atleast in my
location) somebody's going to try it in the PC Card slot on their
laptop, find that there's nothing on it, and try reformatting it before
they realize they could put it into a Newton. Plus I use The Fish for
anything sensitive.
Morgan Aldridge
-- morgant_at_makkintosshu.com http://www.makkintosshu.com/ On Oct 18, 2005, at 8:04 AM, John Hay wrote: > I have read that if you use an always-on Internet connection*** to > check > out Tiger's new hacker-fighting tools. in the Sharing preference pane > and click on the Firewall tab to see advanced items. Click on it to > access options such as Stealth Mode. Enabled, uninvited (not sure > exactly what "uninvited" means) queries to your computer will receive > no > acknowledgment, making it nearly impossible for someone to > surreptitiously discover and hack into your mac. > > My question is, what criteria, if any, does using Stealth Mode use to > "filter" out inquires. For example, if I had an approved workstation on > my LAN that I wanted to gain access through to my primary workstation > that had the Stealth Mode enabled could I make contact and if so would > the only way be to know, for example perhaps, the "name" of the hard > drive on the primary workstation? I have not tested this all out > systematically as it would require 10-15 minutes work. > > > Note: always-on Internet connection*** > .....just as a side note, talk about the quintessence of simple design, > besides all the careful systematic strategies, tactics, firewalls, > filters in the world try this. Connect a simple 25 hour lamp timer to > your cable or DLS modem. Set the timer to shut "off" at say 3am when no > one is using your computer and it's not doing auto nightly backups or > anything, then set it to come back on at 3:15 or so. This will force > your Internet modem to reboot every 24 hours without interrupting your > workflow, thus loosing your assigned DHCP IP address and renewing the > connection with a NEW one. Now, after all the hacker crawlers have > culled all the IP addresses using their utility software to scan for > zero to 255 and all the octets between, when they come back the next > day > to hack into your computer it won't be there any more because your IP > address has changed. "Disregard that man behind the curtain." -The > Wizard of Oz (1939), <http://www.imdb.com/title/tt0032138/goofs> > Cinematic Goofs on celluloid. > > > > > http://www.1234zzzz.com/pub/BlindCourtesyCopies.html > > The information in this email is confidential and may be legally > privileged. It is intended solely for the addressee. Access to this > email by anyone else is unauthorized. If you are not the intended > recipient, any disclosure, copying, distribution or any action taken in > reliance on it, is prohibited and may be unlawful. Unless otherwise > noted, all information contained herein is copyright > NewMediaGroupUSA(TM) and Ycorp(TM) All rights reserved. ? > > -- > This is the NewtonTalk list - http://www.newtontalk.net/ for all > inquiries > Official Newton FAQ: http://www.chuma.org/newton/faq/ > WikiWikiNewt for all kinds of articles: > http://tools.unna.org/wikiwikinewt/ > -- This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries Official Newton FAQ: http://www.chuma.org/newton/faq/ WikiWikiNewt for all kinds of articles: http://tools.unna.org/wikiwikinewt/
This archive was generated by hypermail 2.1.5 : Tue Oct 18 2005 - 08:00:06 PDT