10.6 Stealth mode on, system profiler disagrees

Discussion in 'macOS' started by KyleAwesome, Sep 4, 2009.

  1. KyleAwesome macrumors member

    Joined:
    Jun 1, 2009
    #1
    So just out of curiosity I was messing around in system profiler tonight and happened on the firewall tab. Never really took a look to see what it said until tonight. I have stealth mode enabled, and have ever since I installed SL but the profiler seems to think otherwise?



    Any ideas as to why?
     

    Attached Files:

  2. Morod macrumors 68000

    Morod

    Joined:
    Jan 1, 2008
    Location:
    On The Nickel, over there....
    #2
    No idea, but mine is the same as yours. I have stealth enabled, but System Profiler says not.
    It may be time to check it out at grc.com.
     
  3. KyleAwesome thread starter macrumors member

    Joined:
    Jun 1, 2009
  4. PeteB macrumors 6502a

    PeteB

    Joined:
    Jan 14, 2008
  5. Keeval macrumors member

    Keeval

    Joined:
    Jul 9, 2008
    Location:
    U.K.
    #5
    It is showing the same for me - Firewall Stealthed, but not in System Profiler.
    I just did a Shields Up check on www.grc.com and got a perfect Stealth score so it looks like it's system profiler that is wrong.
     
  6. PeteB macrumors 6502a

    PeteB

    Joined:
    Jan 14, 2008
    #6
    That's odd. GCR correctly says that my ports are in stealth mode, however, it's reporting that my computer is responding to pings. Surely if my firewall is in "stealth" mode, it shouldn't be responding to any ICMP ping requests?
     
  7. Keeval macrumors member

    Keeval

    Joined:
    Jul 9, 2008
    Location:
    U.K.
    #7
    I shouldn't think so... as you say odd.
    Do you have any equipment between your machine and the internet that might be responding?

    I have a router/firewall/wifi/DSL base that the iMac is plugged into and that might be screening out the ICMP packets for me though. Not really sure how to confirm it though as if I bypass it I can't get on the internet!
     
  8. PeteB macrumors 6502a

    PeteB

    Joined:
    Jan 14, 2008
    #8
    It might be my router that's responding. I have no other wireless devices on at the moment apart from my MacBook.
     
  9. RandomKamikaze macrumors 6502a

    RandomKamikaze

    Joined:
    Jan 8, 2009
    Location:
    UK
    #9
    Note the following from GRC when using a NAT router to test ShieldsUP!

    Checking a NAT Router's WAN Security

    Residential broadband "NAT" routers which allow many computers to share a single Internet connection are becoming quite popular. We love them for the security they provide to the machines placed behind them since any NAT router functions as a natural and excellent hardware firewall.

    However, the Internet or "WAN" (Wide Area Network) side connection of many NAT routers and DSL gateways is not as secure as it should be. Many routers ship with web, ftp, or Telnet management ports wide open! And many are still configured with their well-known default administrative passwords. Although the router may be protecting the machines behind it, it might not be protecting itself without your deliberate closing of remote "WAN" administration ports.

    ShieldsUP! automatically tests your NAT router's WAN-side security because the router's WAN IP is the single public IP that connects your internal private network to the public Internet. When a test is initiated by any system behind a NAT router, we are testing the public-side security of the router itself and not the security of the individual machines which are located behind and protected by the router.


    So you aren't really testing your computer, but rather your NAT router. If you wanna test your computer, you're going to need to put it directly on to the Internet.

    And staying on topic, I have the same as well, but my laptop is indeed hidden on networks and no-one can connect to it
     
  10. PeteB macrumors 6502a

    PeteB

    Joined:
    Jan 14, 2008
    #10
    As far as I understand it, GCR is testing a combination of router and computer. Both have the capability of enabling firewalls.

    What I don't understand as yet is whether the 10.6 firewall is functioning in full stealth mode, or whether other people simply have their router set up to deny ping requests.

    Regardless, my system appears to be perfectly safe (according to GCR).
     
  11. Keeval macrumors member

    Keeval

    Joined:
    Jul 9, 2008
    Location:
    U.K.
    #11
    I just attempted to ping my iMac from my MacBook Pro which is on the same internal network - and nothing.. no response from it. I also tried to telnet to it -nothing either.

    Looks like it's fine. Can you try something similar?

    Edit: If you can connect to your router - you might be able to ping your machine from it.
     
  12. RandomKamikaze macrumors 6502a

    RandomKamikaze

    Joined:
    Jan 8, 2009
    Location:
    UK
    #12
    I think the only one that tests your computer is the File Sharing test which checks for the local Internet Service running. The other seem to be either blind or router based checks. The full port scan would appear to terminate on the router. The only reason it would get to your computer is if you have port forwarding enabled, or a crappy firewall.

    The easiest way is to stick it on a network, such as your own, and then get another computer, and then try and hack your own computer.
     
  13. PeteB macrumors 6502a

    PeteB

    Joined:
    Jan 14, 2008
    #13
    Looks like the firewall is working fine then. Since my router was supplied and configured by my TV/Internet provider, I won't mess with it. Overt much doubt that it's a serious security risk if my Internet devices themselves are locked down.
     
  14. netnothing macrumors 68040

    netnothing

    Joined:
    Mar 13, 2007
    Location:
    NH
    #14
    Same thing here.....System Profiler shows it off, but it's on.

    Don't know about anyone else, but with Stealth mode on, I'm getting all kinds of Notice messages in Console like this:

    Any stealth mode attempts should be logged in the appfirewall.log.

    BTW.....that address is my Comcast DNS server for some reason sending UDP requests....no idea why!

    -Kevin
     
  15. broken-chaos macrumors regular

    broken-chaos

    Joined:
    Sep 2, 2009
    Location:
    Toronto, Ontario
    #15
    Stealth mode is working properly. It seems to be only a System Profiler bug.

    Ping attempt:
    Code:
    Lightning:~ broken_chaos$ ping localhost
    PING localhost (127.0.0.1): 56 data bytes
    Request timeout for icmp_seq 0
    Request timeout for icmp_seq 1
    Request timeout for icmp_seq 2
    ^C
    --- localhost ping statistics ---
    4 packets transmitted, 0 packets received, 100.0% packet loss
    Console log:
    Code:
    2009-09-05 03:55:00	Firewall[57]	 33300 Deny ICMP:8.0 127.0.0.1 127.0.0.1 in via lo0
    2009-09-05 03:55:01	Firewall[57]	 33300 Deny ICMP:8.0 127.0.0.1 127.0.0.1 in via lo0
    2009-09-05 03:55:02	Firewall[57]	 33300 Deny ICMP:8.0 127.0.0.1 127.0.0.1 in via lo0
    2009-09-05 03:55:03	Firewall[57]	 33300 Deny ICMP:8.0 127.0.0.1 127.0.0.1 in via lo0
     
  16. KyleAwesome thread starter macrumors member

    Joined:
    Jun 1, 2009
    #16
    I've also confirmed this after trying some pen testing and running GFI languard, that in fact system profiler is misreporting the firewall state... :rolleyes:
     

Share This Page