What is down-side of "enable stealth mode"?

Discussion in 'Mac Basics and Help' started by CopyOwner, Oct 1, 2010.

  1. CopyOwner macrumors newbie

    Oct 1, 2010
    I'm hesitant to "enable stealth mode" because I wonder if there is any down-side. Is there any benefit I would be giving up by enabling stealth mode?
  2. mac2x macrumors 65816

    Sep 19, 2009
    On your home network and if you use services/sharing, you might run into issues. Stealth mode is best used when you are on a public network (or really in any other place where you aren't behind your OWN router.

    But you won't get into any real trouble, like you can if you start blocking ports and stuff.
  3. Makosuke macrumors 603

    Aug 15, 2001
    The Cool Part of CA, USA
    For reference, what "stealth mode" does is very specific--it means that if something requests a connection on a closed port, rather than responding "Sorry, that port is closed." the computer won't say anything at all.

    Which, on the other end, appears as if there is nothing there. So far as I understand, it's basically a deterrent for some kinds of network attack, because an attacker that isn't persistent (or one that is, if you have no ports at all open) won't even be able to tell if they're prodding at a computer, or if there's nothing at that address.

    As already said, if you're already behind a home router, it won't break anything, but it also doesn't really do anything useful--outside access is already blocked at the router apart from any ports you've forwarded. I'm not sure whether it interferes with auto-discovery or not--Bonjour might open a hole even with it on--but it's a mostly-unnecessary level of paranoia. By the time someone has gotten past your router, stealth mode isn't going to provide much extra protection from what they could try anyway.

    Now, if you're getting a "raw" connection directly to the internet or other public network--for example, a university wireless network--it's probably a good idea, because you can never be too paranoid when exposed to a large, unfriendly network.
  4. CopyOwner thread starter macrumors newbie

    Oct 1, 2010
    Thanks, mac2x also. This is very helpful. And it seems like it would be so simple for Apple to ad more than cryptic notes on those Preference screens!
  5. Makosuke macrumors 603

    Aug 15, 2001
    The Cool Part of CA, USA
    I admittedly forget if this changed with 10.6, but given that it's expressly under the "Advanced" button, one would assume that the feature is, indeed, for advanced users who know what they're doing.

    Likewise, the description included with it--"Don't respond to or acknowledge attempts to access this computer from the network by test applications using ICMP, such as Ping."--isn't going to mean much to a layman, but from an "advanced" perspective, that's pretty specific about what it does.

    If you're on 10.5 (or earlier) and it's changed since then, never mind--Apple has already fixed the lack of clarity.
  6. T1NY W macrumors newbie

    Nov 12, 2009
    Try running Shields up from Steve Gibson of GRC.com

    That will tell you what can be seen from the outside world.

    He also has a number of other security tools and tips that may interest you if your looking at things like stealth mode.

  7. jahala macrumors regular


    Feb 7, 2008
    No downside in normal operation

    Exactly. The description is very clear about what stealth mode does. The only real downside comes when you want to troubleshoot connectivity issues to that machine. If you forget that you have stealth mode enabled, you will go around in circles wondering why you cannot ping your computer even though you can get e-mail or browse the web, or do some other network related function.

    Stealth mode does NOT cause connectivity issues. I run with it on and everything works just fine including Bonjour. It just makes it hard to troubleshoot if something else is causing issues with network access on that machine. Of course, the first step in troubleshooting network connectivity issues is to turn off the firewall, so I have not really had any problems due to stealth mode.

Share This Page