On Jan 22, 2012, at 3:19 PM, Edward Treen wrote: > Hi All, > > I'm hoping that there is a lister with good knowledge of the technicalities > of the internet. > > In my logs, there are many entries along the lines of:- > > Jan 22 22:01:16 tedsnewmacpro Firewall[99]: Stealth Mode connection attempt > to TCP 192.168.1.67:56039 from 76.74.254.118:80 >
Stealth mode means that the system is not responding to the HTTP connection from that host. possibly because either the connection's been dropped or it's something on the other end trying to poke you. Here's a quick checklist to see if your mac is vulnerable to outside attack: 1) Do you have any sharing services turned on in the sharing panel, or any services installed and available through other means (like bitorrent clients, database servers like mysql and the like)? if No, you're not vulnerable. If yes, continue. 2a) Does your Mac have an externally accessible IP address? (something other than 0.n.n.n, 192.168.n.n or 172.16.n.n-172.31.n.n) If Yes, you're possibly vulnerable for running services. Make sure that you keep OS X up-to-date, and limit the sharing options in the various advanced sections of the shared services (like remote login, etc) If NO see 2b. 2b) Do you have the ports used by these services forwarded by NAT on your router? If Yes, you're possibly vulnerable for running services. Make sure that you keep OS X up-to-date, and limit the sharing options in the various advanced sections of the shared services (like remote login, etc) for the forwarded services. (ie: if you're forwarding port 80, http access, to run a web server, but not port 22 for ssh, remote login will not work at all from outside your router, because it doesn't know where to send packets destined for port 22.) If No, then you're safe. The firewall log lets you know every time a firewall rule denies a connection; you'll see a lot of them (a LOT of them if your IP address is an externally accessible one) None of this will affect connections YOU make outside of your LAN, but if you answered no to all three questions, you're essentially invisible to the outside world. -- Bruce Johnson "Wherever you go, there you are" B. Banzai, PhD -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
