2007-05-10, 21:20 | Link #21 |
AS Oji-kun
Join Date: Nov 2006
Age: 74
|
I'm not sure I understand what your qualms are here, Vexx.
Are you saying that to do outbound nmap scanning would violate the scanner's TOS, or that it would violate the target's TOS? Either way, I'm not sure I understand why. I can't imagine Comcast (in my case) caring an iota about what packets I send to some random machine. Are you saying that they'd consider my actions a TOS violation because it looks like I'm trying to break into that machine? I can imagine them blocking certain outbound traffic, say connections to remote ports 25, 137-139, or perhaps the MS RPC ports like 1025-1030. But why should they care if I'm trying to connect to port 55555 on some random remote machine? I also can't really imagine them complaining about inbound traffic either. We all get scanned all the time by machines out on the net. They don't seem to be blocking that stuff coming in here either. Maybe Comcast is really permissive, but what kind of Internet service do you have if random ports are blocked in either direction? I actually run an SMTP server on my port 25 (my clients' backup MX) and have done so for years. Comcast has either not noticed or not cared. Now I suppose if I had a web server on port 80 they might care or at least might discover it. I know that some people would like to claim that port scanning constitutes an intrusion, but I think that's pushing things pretty far. Sometimes I get phishing scams from some remote machine, or the scam points to some other random IP address. I have no qualms about scanning those addresses to see what's they've got there. I also don't have any qualms about telnetting to some random open port on those machines if they exist, either. I've found all sorts of "bad stuff" this way like proxies to phishing web sites. I guess I'm still in the old, pre-9/11, Internet tradition that says that machines out there are fair game for portscanning. I don't make connections with the intent of exploiting what I see, and I don't portscan machines in .mil. Oh, and if AT&T complained about my portscanning over the business service I have with them, it'd be time for a new provider. I expect bidrectional access from ports 1-65535 if I'm paying business rates.
__________________
|
2007-05-10, 21:27 | Link #22 | |
Geek
|
Quote:
Most of the preference files in OS X are plist files. Double clicking on them should bring up the property list editor. This allows you to, unsurprisingly, change properties within the file. Plist files come in two varieties. An XML based variety and a binary variety. You can convert from one to the other using the plutil command. A plist file in the xml format can be edited using any text editor. Speaking of text editors, the notepad equivalent (which is actually nicer than notepad) is textedit.app. Theres also the old favorites vim and emacs. If you crave more graphical editors and textedit doesn't do it for you, try smultron, jedit, or if you feel like ploping down some cash, textmate (what I use). |
|
2007-05-11, 00:43 | Link #23 | |
Love Yourself
Join Date: Mar 2003
Location: Northeast USA
Age: 38
|
Quote:
Thanks for the recommendations and advice.
__________________
|
|
2007-05-12, 09:38 | Link #24 | |
Geek
|
Quote:
|
|
2007-05-12, 15:25 | Link #25 |
Love Yourself
Join Date: Mar 2003
Location: Northeast USA
Age: 38
|
Yep, it does. Not hard to work with at all, actually. Opera scatters its directories around on the Mac OS (and probably Linux) so tracking down the proper files could be a bit more difficult compared with Windows. Otherwise, it's a wonderful browser/mail solution - I just copied over select folders straight from my Windows system and I have everything here on the Mac end.
I played with the built-in Mac firewall a bit more, and now I'm happy with it. Turned on logging, and enabled "Stealth mode" (for some reason, it is disabled by default). I also see how to create custom rules... it's still not as interactive as my Windows third-party firewall, but perhaps this is what a better computing experience is like.
__________________
|
2007-05-20, 07:46 | Link #26 |
Yummy, sweet and unyuu!!!
Join Date: Dec 2004
|
If you want to strengthen you nix security in regards to your firewall, you might want to check out a package called psad. Basically once you have it set up, it parses your logs and then if something (network traffic) matches a pattern it will send you a warning. You can set it to drop packets from that address for a set period too.
The pattern matches are more clever then just x packets dropped from y source, as they also utilise the snort signature set. Checking your logs is a good thing, but log checking is a absolute nightmare, so many weird message what to they all mean? So grab a utility to parse your logs into a more useful format. I use logwatch (used to use logcheck until they got brought by Cisco), but be ready to search the web for any weird messages. I have heard they are plenty of x based parsers, but I like to mail my logs off to my external mail account, so even if my poor box gets compromised, at least the logs from the reports are untouched. Good luck with it. Its a wonderful world is security, but remember you ain't paranoid if they are out to get you... Edit @ledgem - Stealth mode is actually counted as being a bit rude, network wise. The reason why is when a packet is sent to you, and you are online, the packet will reach your router which knows you are up and send it to you. Then if that is a unauthorised packet, your PC in stealth mode will drop it instead of sending back a response. So then everything has to time out! Now you can see from that transaction is it actually possible for a dedicated naughty person to discern if a node actually is on the end of an address. Because if the packet reaches the router for an address which really does not have a PC on the end of it, it will immediately send back a destination unreachable (or something like that, been a while since I read up on it). Basically if you scan an address and your packets get timed out, that means they are getting dropped and then the next question is why! @SeijiSensei - Hee hee nmap is very nice and Trinity may use it, but real pen testers use Nessus (and then rip out all the logo's for nessus and put in theirs for the report :P)
__________________
Last edited by grey_moon; 2007-05-20 at 08:14. |
2007-05-20, 13:06 | Link #27 | |
Love Yourself
Join Date: Mar 2003
Location: Northeast USA
Age: 38
|
Quote:
__________________
|
|
2007-05-20, 21:34 | Link #28 | |
AS Oji-kun
Join Date: Nov 2006
Age: 74
|
Quote:
Oh, and my reference to Trinity was more a joke than anything else. On the other hand, Fyodor seems like a pretty smart guy, and he deserves a lot of credit for giving the world the excellent tool, nmap.
__________________
|
|
2007-05-20, 23:00 | Link #29 | |
Yummy, sweet and unyuu!!!
Join Date: Dec 2004
|
Quote:
Oh I should clarify my earlier post about psad... That works in addition to the nix firewall (iptables etc) and it provides the verbose reporting and active blocking that people might miss from the windows counterparts.
__________________
|
|
|
|