Focus on Apple
Apple releases Mac OS X v10.5.1 with Application Firewall security updates Nov 15 2007 07:11PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Application Firewall security updates Nov 15 2007 08:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (4 replies)
Re: Application Firewall security updates Nov 21 2007 03:00PM
Dave Piscitello (dave corecom com) (2 replies)
Re: Application Firewall security updates Nov 21 2007 09:27PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (3 replies)
Re: Application Firewall security updates Nov 22 2007 06:35PM
Derek Chesterfield (dez mac com)
Re: Application Firewall security updates Nov 22 2007 04:28PM
Bruce Carter (bcarter nd edu)
RE: Application Firewall security updates Nov 21 2007 10:43PM
Todd Woodward (todd_woodward symantec com)
Re: Application Firewall security updates Nov 21 2007 09:02PM
Chris Adams (chris improbable org)
Re: Application Firewall security updates Nov 16 2007 03:58AM
Mike Savory (mike_lists nzbox com)
RE: Application Firewall security updates Nov 15 2007 09:55PM
Todd Woodward (todd_woodward symantec com)
Re: Application Firewall security updates Nov 15 2007 09:51PM
Dave Schroeder (das doit wisc edu) (3 replies)
Re: Application Firewall security updates Nov 15 2007 11:36PM
Mark Senior (senatorfrog gmail com) (3 replies)
On Nov 15, 2007 2:51 PM, Dave Schroeder wrote:

>
> The 10.5.0 Application Firewall blocked all but:
>
> ? Processes that are running as UID 0
> ? mDNSResponder
>
> The 10.5.1 Application Firewall blocks all but:
>
> ? configd, which implements DHCP and other network configuration
> services
> ? mDNSResponder, which implements Bonjour
> ? racoon, which implements IPSec

All this is an improvement, but IMO it's still not actually good. The big
improvement one is configd - I gave up on writing a stateful ipfw filter for
DHCP, because the request goes out to the broadcast, but the response is
from a non-broadcast source. Application awareness is a nice one here

But, they've missed the big possibility for improvement here - they have an
application-aware firewall - why on earth would they not apply it
to outbound connections? No interesting malware requires inbound
connections anymore; it's already written to get past home routers that
allow all outbound and deny all inbound connections. Ah well.

Incidentally, can anyone with access to a 10.5 system tell me, is there a
CLI interface to the new application firewall? Is there a useful man page?

Cheers
Mark
<div class="gmail_quote">On Nov 15, 2007 2:51 PM, Dave Schroeder  wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>The 10.5.0 Application Firewall blocked all but:<br><br>       ? Processes that are running as UID 0<br>
       ? mDNSResponder<br><br>The 10.5.1 Application Firewall blocks all but:<br><br>       ? configd, which implements DHCP and other network configuration<br>services<br>       ? mDNSResponder, which implements Bonjour<br>
       ? racoon, which implements IPSec</blockquote>
<div> </div>
<div>All this is an improvement, but IMO it's still not actually good.  The big improvement one is configd - I gave up on writing a stateful ipfw filter for DHCP, because the request goes out to the broadcast, but the response is from a non-broadcast source.  Application awareness is a nice one here
</div>
<div> </div>
<div>But, they've missed the big possibility for improvement here - they have an application-aware firewall - why on earth would they not apply it to outbound connections?  No interesting malware requires inbound connections anymore; it's already written to get past home routers that allow all outbound and deny all inbound connections.  Ah well.
</div>
<div> </div>
<div>Incidentally, can anyone with access to a 10.5 system tell me, is there a CLI interface to the new application firewall?  Is there a useful man page?</div>
<div> </div>
<div>Cheers</div>
<div>Mark</div></div>

[ reply ]
Re: Application Firewall security updates Nov 17 2007 02:54PM
Chris Pepper (pepper reppep com) (1 replies)
Re: Application Firewall security updates Nov 19 2007 12:59PM
Sandor Szücs (sszuecs zedat fu-berlin de)
Re: Application Firewall security updates Nov 16 2007 11:03AM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (2 replies)
Re: Application Firewall security updates Nov 16 2007 05:30PM
Mark Senior (senatorfrog gmail com)
Re: Application Firewall security updates Nov 16 2007 04:34PM
Derek Chesterfield (dez mac com) (1 replies)
Re: Application Firewall security updates Nov 17 2007 12:30AM
Mark Senior (senatorfrog gmail com)
Re: Application Firewall security updates Nov 16 2007 04:47AM
Derek Chesterfield (dez mac com) (2 replies)
Re: Application Firewall security updates Nov 16 2007 04:08PM
Scott Russell (ScottRussell nd edu)
Fwd: Application Firewall security updates Nov 16 2007 04:55AM
Derek Chesterfield (dez mac com)
Re: Application Firewall security updates Nov 15 2007 10:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr)
Re: Application Firewall security updates Nov 15 2007 10:05PM
Dave Schroeder (das doit wisc edu)


 

Privacy Statement
Copyright 2010, SecurityFocus