Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
What is down-side of "enable stealth mode"?
- Thread starter CopyOwner
- Start date
- Sort by reaction score
On your home network and if you use services/sharing, you might run into issues. Stealth mode is best used when you are on a public network (or really in any other place where you aren't behind your OWN router.
But you won't get into any real trouble, like you can if you start blocking ports and stuff.
But you won't get into any real trouble, like you can if you start blocking ports and stuff.
For reference, what "stealth mode" does is very specific--it means that if something requests a connection on a closed port, rather than responding "Sorry, that port is closed." the computer won't say anything at all.
Which, on the other end, appears as if there is nothing there. So far as I understand, it's basically a deterrent for some kinds of network attack, because an attacker that isn't persistent (or one that is, if you have no ports at all open) won't even be able to tell if they're prodding at a computer, or if there's nothing at that address.
As already said, if you're already behind a home router, it won't break anything, but it also doesn't really do anything useful--outside access is already blocked at the router apart from any ports you've forwarded. I'm not sure whether it interferes with auto-discovery or not--Bonjour might open a hole even with it on--but it's a mostly-unnecessary level of paranoia. By the time someone has gotten past your router, stealth mode isn't going to provide much extra protection from what they could try anyway.
Now, if you're getting a "raw" connection directly to the internet or other public network--for example, a university wireless network--it's probably a good idea, because you can never be too paranoid when exposed to a large, unfriendly network.
Which, on the other end, appears as if there is nothing there. So far as I understand, it's basically a deterrent for some kinds of network attack, because an attacker that isn't persistent (or one that is, if you have no ports at all open) won't even be able to tell if they're prodding at a computer, or if there's nothing at that address.
As already said, if you're already behind a home router, it won't break anything, but it also doesn't really do anything useful--outside access is already blocked at the router apart from any ports you've forwarded. I'm not sure whether it interferes with auto-discovery or not--Bonjour might open a hole even with it on--but it's a mostly-unnecessary level of paranoia. By the time someone has gotten past your router, stealth mode isn't going to provide much extra protection from what they could try anyway.
Now, if you're getting a "raw" connection directly to the internet or other public network--for example, a university wireless network--it's probably a good idea, because you can never be too paranoid when exposed to a large, unfriendly network.
I admittedly forget if this changed with 10.6, but given that it's expressly under the "Advanced" button, one would assume that the feature is, indeed, for advanced users who know what they're doing.
Likewise, the description included with it--"Don't respond to or acknowledge attempts to access this computer from the network by test applications using ICMP, such as Ping."--isn't going to mean much to a layman, but from an "advanced" perspective, that's pretty specific about what it does.
If you're on 10.5 (or earlier) and it's changed since then, never mind--Apple has already fixed the lack of clarity.
No downside in normal operation
Exactly. The description is very clear about what stealth mode does. The only real downside comes when you want to troubleshoot connectivity issues to that machine. If you forget that you have stealth mode enabled, you will go around in circles wondering why you cannot ping your computer even though you can get e-mail or browse the web, or do some other network related function.
Stealth mode does NOT cause connectivity issues. I run with it on and everything works just fine including Bonjour. It just makes it hard to troubleshoot if something else is causing issues with network access on that machine. Of course, the first step in troubleshooting network connectivity issues is to turn off the firewall, so I have not really had any problems due to stealth mode.
Exactly. The description is very clear about what stealth mode does. The only real downside comes when you want to troubleshoot connectivity issues to that machine. If you forget that you have stealth mode enabled, you will go around in circles wondering why you cannot ping your computer even though you can get e-mail or browse the web, or do some other network related function.
Stealth mode does NOT cause connectivity issues. I run with it on and everything works just fine including Bonjour. It just makes it hard to troubleshoot if something else is causing issues with network access on that machine. Of course, the first step in troubleshooting network connectivity issues is to turn off the firewall, so I have not really had any problems due to stealth mode.