lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: br00t at blueyonder.co.uk (B-r00t)
Subject: OSX 10.3 Personal Firewall.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1





Panther OSX 10.3 (Firewall Configuration App)

OSX Personal Firewall gives false sense of security
due to lack of ICMP and UDP protocol filtering.

maki:~ br00t$ sw_vers
ProductName:    Mac OS X
ProductVersion: 10.3
BuildVersion:   7B85

Quoting Apple: http://www.apple.com/macosx/features/security/

Personal Firewall
The Mac OS X personal firewall protects your computer from
unauthorized access by monitoring all incoming network traffic.
When you enable the personal firewall in Mac OS X, all inbound
connections are denied except for those that you explicitly permit.

Activating the OSX firewall via: -
System Preferences => Sharing => Firewall [START]

Performing an Nmap TCP port scan reveals: -

[root@...ktop]# nmap -sS -p 1-65535 -vv maki
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host maki (192.168.0.69) appears to be up ... good.
Initiating SYN Stealth Scan against maki (192.168.0.69)
The SYN Stealth Scan took 2779 seconds to scan 65535 ports.
All 65535 scanned ports on maki (192.168.0.69) are: filtered
Nmap run completed -- 1 IP address (1 host up) scanned in 2779 seconds

The output results are as expected with all ports being reported
as 'filtered'. However, ICMP and UDP protocols produce the following
results.

ICMP: -
[root@...ktop]# ping -c 1 maki
PING maki (192.168.0.69) 56(84) bytes of data.
64 bytes from maki (192.168.0.69): icmp_seq=1 ttl=64 time=2.71 ms
- --- maki ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.713/2.713/2.713/0.000 ms

UDP: -
[root@...ktop]# nmap -sU -p 1-65535 -v maki
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host maki (192.168.0.69) appears to be up ... good.
Initiating UDP Scan against maki (192.168.0.69)
The UDP Scan took 434 seconds to scan 65535 ports.
Interesting ports on maki (192.168.0.69):
(The 65531 ports scanned but not shown below are in state: closed)
Port       State       Service
68/udp     open        dhcpclient
123/udp    open        ntp
514/udp    open        syslog
5353/udp   open        unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 435 seconds

The important word being 'closed' and NOT 'filtered'!

I know that the underlying ipfw is capable of being configured
accordingly, but shouldnt the overlying firewall configuration
application at least activate appropriate UDP and ICMP filtering?

Especially since the majority of OSX users will employ the GUI
firewall configuration application as their primary form of
Internet protection.

Remember kidz, use either ICMP or UDP backdoor code!

Just my opinion.

B#.
- --

- ----------------------------------------------------
Email : B-r00t <br00t@...eyonder.co.uk>
Key fingerprint = 74F0 6A06 3E57 083A 4C9B
		  ED33 AD56 9E97 7101 5462

"There's no way a highschool punk can put a dime
into a telephone and break into our system."
- -----------------------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (OpenBSD)

iD8DBQE/ny21rVael3EBVGIRAs8zAJwOObJtmOKDPshVc5du4QXPQhFM0ACgmWhb
XLnokNmynZIOndoUqTeJ+n8=
=Vad8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ