Ports, Internet security and firewalls

Discussion in 'General Mac Discussion' started by annk, Mar 20, 2005.

  1. annk Administrator

    annk

    Staff Member

    Joined:
    Apr 18, 2004
    Location:
    Somewhere over the rainbow
    #1
    I recently tried Sheilds Up! at https://www.grc.com/x/ne.dll?bh0bkyd2 . I ran three tests - File Sharing, Common Ports and All Service Ports.

    The File Sharing report showed that port 139 does not appear to exist, and that it was not possible to connect with NetBIOS to my computer. As far as I can see, I passed here with flying colors.

    The Common Ports report said that I passed on solicited and unsolicited TCP packets. I failed the Ping Reply (ICMP echo) test.


    The All Service Ports report showed only green ports - status "stealth". Including ports 20 and 21, which is interesting because of what I discovered afterwards.

    Since the File Sharing report showed that I didn´t pass the ping test, and that firewalls often could be configured to take care of this, I checked out the firewall on OS X, to see what I could do. What I found was that everything appeared to be off - including FTP - when I viewed the Service panel. But when I go to FTP in the Firewall panel, it says that ports 20 and 21 are open. But according to the All Service Ports report, both ports 20 and 21 passed as “Stealth”/green. (I could identify specific ports by hovering the mouse above each block in the report, and confirmed that these ports were “stealth”.)

    When I go over to the Firewall panel and highlight FTP Access, it says: "Ports 20 and 21 are open. If others connect to your computer from Ports 20 and 21, then ports 1024 through 65535 are open. When you turn on FTP access in the Services pane, you also allow the service access through the firewall on the indicated ports. To stop access through the firewall, you must turn off this service using the service pane." - despite that fact that the Service Pane states FTP access IS off.

    I don´t see anything that clearly has to do with pinging in the firewall preferences, but that´s most likely just because I don´t know what to look for. All of this is new for me. Could it be that those two open ports are what´re responding to pings? And if I shut them down (if I can figure out how, since the Service panel says they ARE off), will I still be able to upload using my FTP program (Cyberduck)?

    I also have a router that has a built-in firewall (D-Link wireless, Dl-514). I never bothered with the software for this, because it more or less worked when I plugged it in. I didn´t want to start messing with something that worked. I´m an interested mac user, but don´t have the technical savvy of a lot of you who post here.

    What should I do?

    I tried to post a few screen shots I took of the various things I describe here, but couldn´t for the life of me get them to show up in the previewed post. Hope my descriptions are adequate.
     

    Attached Files:

  2. BillHarrison macrumors 6502

    Joined:
    Jul 25, 2003
    #2
    Well, here are a few tips for you. You mention that you are behind a router. I assume that you just plugged in the router, but you don't mention what type of internet access you have.

    Look at it this way. Your IP address is basically mapped to the router. Any pings / etc are going to hit the router. You will need to set up "port forwarding" in order for any outside traffic to be able to hit your mac. Note, by default, most stuff just works with the stock setup, as they do what they can to make plug and play easy for the average user.

    I am at a bit of a loss as to what you are trying to do here:

    Are you concerned about the security of your computer? Basically, as of right now, what ports are open on the COMPUTER is less important than how the router is set up. If you are safe on the internal network, IE, no worries of someone in the room next to you hacking your mac, then internal settings are less important to security than the router settings.

    The default settings are pretty safe, and will keep just about anyone and anything out of your box. Even if you leave the default pass word and log in name, by default remote admin is turned off, so noone can get in. The only concerns you would have is someone IN your house / office gaining access to your computer.

    If its not broke, don't fix it. The computer should have those ports open in order for FTP access. The router will not allow unsoliceted traffic to hit those ports unless you forward the traffic to the computer in the router's settings.
     
  3. annk thread starter Administrator

    annk

    Staff Member

    Joined:
    Apr 18, 2004
    Location:
    Somewhere over the rainbow
    #3
    Thanks for your fast reply.

    Sorry, forgot to mention a few basics: I have DSL Internet, and this is an issue at home, where the three computers in the house (my PB, my husband´s Windows XP and my son´s Suse Linux) are NOT set up to have any sort of sharing going on. I have no worries about people in my home having access to my computer. My computer has wireless Internet access, and the two others are directly plugged into the router.

    If the pinging is hitting my router only, then I can see that I´m ok. I have never knowingly set up port forwarding.

    As for what I´m trying to do - - I´m just trying to understand the info the report is giving me. The link to Shields Up! was sent to me by someone I know, and I got curious and tried it. I had no real security worries (but again - I didn´t know enough to know if I should have worries...). I was unsure of how great an issue the pinging was (which you´ve now cleared up for me), and I was unsure how great an issue those two open ports were. I´m still confused about why the Service Pane and Firewall panes in OS X give me conflicting info.
     
  4. BillHarrison macrumors 6502

    Joined:
    Jul 25, 2003
    #4
    No problem. I can't really help you on the conflicting info, but my guess is that if os x says the ports are open, then they are. I would leave it at that. I trust apple over a third party app. But, i guess you never know.

    Basically, by running a mac, you are protecting yourself from outside attacks. Plus having a hardware firewall in your router, you should be fairly safe.

    There is no such thing as 100% security, but I think you have done all you n eed. I have similair setup, and have NEVER (been on the net since before there "was" a real net, dialing up bbs's ;)) had a virus or attack.
     
  5. annk thread starter Administrator

    annk

    Staff Member

    Joined:
    Apr 18, 2004
    Location:
    Somewhere over the rainbow
  6. Applespider macrumors G4

    Applespider

    Joined:
    Jan 20, 2004
    Location:
    looking through rose-tinted spectacles...
    #6
    I think that it's saying that ports 20 and 21 are open so that you can use FTP access from your machine. But they appear closed (stealthed) to outside parties since you don't have FTP sharing turned on.

    I suspect that if you turned on FTP sharing and then tried Shields Up, those ports would appear open.

    But since you're behind a router and aren't forwarding those ports back to any computer in any case, there likely isn't too much to worry about.
     

Share This Page