Default LaunchDaemons and open ports?
I recently have written a port scanner for a project at my university and after running it, I discovered that a large portion of my Macbooks' well known ports was open.
These were 21 (ftp), 22 (ssh), 23 (telnet), 53 (domain), 79 (finger)!!, 88 (kerberos), 512 (exec)!!, 513 (login), and a bunch of others (see picture below for open ports - afterwards entered @ grc.com).
I checked, if they are reachable from the internet (see picture below). They were not, but that does not say a lot(?), because if someone wanted to make a bot out of my Mac or collect data from it, this person could contact a C&C server from my machine and start communicating without opening any port of the NAT router, as the router allows bidirectional communication if started by the client(?).
I checked, if these ports are reachable from within a local network, by requesting the services behind them from another computer running Linux. And they are! Everyone within the Non-VPN networks of my university was and is able to fetch personal information from me over fingerd! To prevent further leakage, I will block any incoming connections from now on.
> finger user@{Macbook's IP}
same output as when running locally
> finger user@localhost
[localhost]
Trying ::1...
Login: MyUserName Name: MyNameReplaced
Directory: /Users/MyUserName Shell: /usr/local/bin/fish
On since Sun Oct 26 13:02 (CET) on console, idle 7:52 (messages off)
On since Sun Oct 26 17:15 (CET) on ttys000
On since Sun Oct 26 20:25 (CET) on ttys001, idle 0:05
No Mail.
No Plan.
I am able to login to the Mac via telnet over the LAN, etc.
I checked the configuration of my firewall. It is/was activated. Signed software is allowed to accept incoming connections. Cloaking is not activated and I am not blocking every incoming connection. There are five services in the list below, they are all from Apple. I can not remove them. The minus button is grayed out.
When I ticked 'Block all incoming connections', the services behind the ports were no longer detectable/reachable from the LAN, but the daemons are still running on the Mac!
So my question is, why are these daemons running?! Why on earth is the fingerd running or exec?! This seems not normal. Who has started them (software or person)? I strongly limit access to my computer. I always lock it, when leaving it unattended. I use NoScript in Firefox. Never do I open attachments from mails.
I checked the Mac of a friend with my PortScanner (in his LAN and on his Mac) and his has none of the ports open mine has.
I have not checked my ports/firewall for a long time, so I can't remember if those ports were closed at any time before.
Meanwhile I will read something about launchd, to gather more information.
I'm not an expert on this, but I'm not certain what you are concerned about. All messaging in unix systems is done through ports, and so a variety of ports need to be open for normal system operations. OS X out-of-the-box probably strikes a balance between convenience and paranoia - ports that might be more secure closed left open by default so that novice users aren't driven out of their wits - but I can't imagine that it leaves open anything that constitutes a true vulnerability. Or if it does, you should file a bug report.
I'm told every med student suffers from hypochondria at one point or another, and I know that every comp sci student will sooner or later have a short freak-out over security. So take a deep breath...
Similar Messages
-
Hi all!
This is my first post on this forum I've been tinkering around with honey pots and set one up on my home network. A tutorial I was following mentioned about putting it in the DMZ. So I did. When I was at work I conducted a nmap scan of my home router. SO MANY OPEN PORTS! Of course setting up a DMZ this is to be expected. HH being HH only the honeypot is in it but I'm a little worried that even though I have only put the honey pot in the DMZ, are all the opened ports open to the rest of my network? As I understad it I am wrong but I am concerned just want to double check! Also when I turned of the DMZ and did another scan I found port 4567 to be open. I quick search flagged up a few results. Many people seem to say ignore it but others have said its possible for to be a back door. If I type in my public ip:4567 I get faced with a login page! I have heard that BT install a backdoor on their routers for the NSA and GCHQ normally I'd fob such things off but would be interested to know what is going on with that open port!
Thanks in advance guys!When you have anchor/foreign, the web auth traffic always go to the anchor, so with CWA, the traffic from the anchor to the ISE will need to be permitted . go through the following link this may of help
https://supportforums.cisco.com/docs/DOC-26442 -
NIO and open ports not showing up during portscan
Hi
I have an application that binds port 4444 and 4445 default. I can establish an conection to both ports with telnet for example and when I just portscan those ports they are detected:
$ nmap -p 4444-4445 localhost
Interesting ports on localhost.localdomain (127.0.0.1):
PORT STATE SERVICE
4444/tcp open krb524
4445/tcp open unknown
but when I try to scan the whole range 4445 disappears. Here is the output:
$ nmap localhost
Interesting ports on localhost.localdomain (127.0.0.1):
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
113/tcp open auth
1024/tcp open kdm
4444/tcp open krb524
5432/tcp open postgres
I reccon that this means that I will lose some connections during high load.
Does this have anything to do with the timeouts I specify for select() or is it a problem deaper down in nio?.All this means is that there is something seriously wrong with nmap.
-
Need some direction on FW Redundancy and opening ports
I would appreciate any advice on the current ways of connecting 2 Firewalls directly for redundancy and also the best practice for allowing data through the firewall. Do firewalls have a stacking technology similar to StackWise or FlexStack? I need to allow specific ports through my network into another private network. Although this won't be connected to the internet the same type of security as if it were, is important. Sorry if this is a generic question but what methods would be best for allowing data to and from through my network firewall? I would grealty appreciate any sample configurations (I don't plan on configuring zones) or documentation on the current way of allowing these functions. Thanks for your help!
Hi,
There are 2 different options to my knowledge to have firewall redundancy with Cisco firewalls.
The most common one is Active/Standby Failover which you have 2 identical (hardware & software) Cisco firewalls connected by a Failover link. One of the the firewalls is the Active unit and handles traffic while the other unit is Standby monitoring the state of the Active device (and vice versa). When the Active unit fails the Standby unit will take the Active role.
Another option is Active/Active which basically means that you would be running multiple virtual Firewalls inside the actual hardware firewall. Some virtual firewalls would be Active on hardware unit 1 and some virtual firewalls would be Active unit would be Active on hardware unit 2. Hence the term Active/Active, both firewalls would be handling traffic.
ASA 9.0 Configuration Guide section on Failover
http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ha_overview.html
The second and new option is Cluster setup where you essentially combine multiple identical firewalls together. This is a subject though that I have not gotten to test myself so my knowledge is very limited. Though to my understanding this is available only with high end ASA5585-X units so it might not be an option for most.
ASA 9.0 Configuration Guide section on Cluster
http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ha_cluster.html
So most likely you will be using Active/Standby Failover with 2 identical Cisco firewalls.
Their configuration format compared to a standalone firewall doesnt differ much.
You will configure a "standby" IP address also on the ASA that will be the IP address that the Standby unit uses
You will configure the actual Failover interface
You will configure general Failover related settings
You can tune the Failover settings and define which interfaces are monitored (and can effect the Failover) and set some other additional parameters
So there is not that much to configure compared to the standalone Cisco firewall setup.
Your post seems to indicate that this firewall or firewall pair would be used for Internal network usage. I mean a firewall between 2 LAN/DMZ networks. This would in turn mean that unless you specifically need NAT between these network segments, you could actually leave the NAT configuration of the firewall completely blank and only configure the Routing&Firewalling related settings.
How you would configure access between the 2 different network segments would naturally depend on your own setup.
From what I understood from your above post it would seem to me that you should configure ACLs on both interfaces connected to their own network segments. These ACLs would be configured in Inbound direction (which would control traffic heading towards the firewall from that segment and into the other segment). You could then configure both ACLs in the manner that ONLY the required source/destination IP addresses/networks/ports are allowed and all other traffic is blocked.
I am not really sure what kind of example configuration we could give you as we dont really know what the whole setup is going to be.
Hope this helps
- Jouni -
Need help with ASA 5512 and SQL port between DMZ and inside
Hello everyone,
Inside is on gigabitEthernet0/1 ip 192.9.200.254
I have a dmz on gigabitEthernet2 ip 192.168.100.254
I need to pass port 443 from outside to dmz ip 192.168.100.80 and open port 1433 from 192.168.100.80 to the inside network.
I believe this will work for port 443:
object network dmz
subnet 192.168.100.0 255.255.255.0
object network webserver
host 192.168.100.80
object network webserver
nat (dmz,outside) static interface service tcp 443 443
access-list Outside_access_in extended permit tcp any object webserver eq 443
access-group Outside_access_in in interface Outside
However...How would I open only port 1433 from dmz to inside?
At the bottom of this message is my config if it helps.
Thanks,
John Clausen
Config:
: Saved
ASA Version 9.1(2)
hostname ciscoasa-gcs
domain-name router.local
enable password f4yhsdf.4sadf977 encrypted
passwd f4yhsdf.4sadf977 encrypted
names
ip local pool vpnpool 192.168.201.10-192.168.201.50
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 123.222.222.212 255.255.255.224
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.9.200.254 255.255.255.0
interface GigabitEthernet0/2
nameif dmz
security-level 100
ip address 192.168.100.254 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name router.local
object network inside-subnet
subnet 192.9.200.0 255.255.255.0
object network netmotion
host 192.9.200.6
object network inside-network
subnet 192.9.200.0 255.255.255.0
object network vpnpool
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.168.201.0_26
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.9.200.0_24
subnet 192.9.200.0 255.255.255.0
access-list outside_access_in extended permit icmp any4 any4 log disable
access-list Outside_access_in extended permit udp any object netmotion eq 5020
access-list split standard permit 192.9.200.0 255.255.255.0
access-list VPNT_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static inside-network inside-network destination static vpnpool vpnpool
nat (inside,outside) source static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24 destination static NETWORK_OBJ_192.168.201.0_26 NETWORK_OBJ_192.168.201.0_26 no-proxy-arp route-lookup
object network netmotion
nat (inside,outside) static interface service udp 5020 5020
nat (inside,outside) after-auto source dynamic any interface
access-group Outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 123.222.222.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.9.200.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.9.200.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption aes128-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 2 regex "Windows NT"
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3 regex "Intel Mac OS X"
anyconnect enable
tunnel-group-list enable
group-policy SSLVPN internal
group-policy SSLVPN attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
default-domain value router.local
group-policy VPNT internal
group-policy VPNT attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ikev1 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNT_splitTunnelAcl
default-domain value router.local
username grimesvpn password 7.wersfhyt encrypted
username grimesvpn attributes
service-type remote-access
tunnel-group SSLVPN type remote-access
tunnel-group SSLVPN general-attributes
address-pool vpnpool
default-group-policy SSLVPN
tunnel-group SSLVPN webvpn-attributes
group-alias SSLVPN enable
tunnel-group VPNT type remote-access
tunnel-group VPNT general-attributes
address-pool vpnpool
default-group-policy VPNT
tunnel-group VPNT ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:36271b5a1b9382621e14c3aa635e2fbb
: endHi Vibor. Apologies if my comment was misunderstood. What I meant to say was that the security level of the dmz interface should probably be less than 100.
And therefore traffic could be controlled between DMZ and inside networks.
As per thr security level on the DMZ interface. ....... that command is correct. :-) -
Lion server doesn't delete open port service once added in time capsule mgmt from server app.
I was trying to set a specific port to avoid file sharing conflict using time capsule as main router with lion server.
I added a new public service in Server.app in time capsule section where you can manage Airport setting and open ports for mail cal vpn etc. I assigned a port and given a name as requested. In my case a named "test" and gave port number 5678 to try.
Once I decided to delete this public service I noticed that anytime I make a changes in Server.app in Time capsule settings Server.app perform a refresh and the deleted servirce appear again and again with the same name and same setting in airport utility (ports management)
The only way to delet it is to go in airport utility and delete that from there. But in the chance you want to make another change in TC managemnet from Server.app you.ll see the service deleted from everywhere magically appearing again in your airport device in my case a TC.
Callled Apple and they said to investigate the forum.
Now if I maje a change in Server app. TC section to add or remouve public service I have 10 usefull open ports (not enabled) in Airport ( TC)
Any Help?
Thx
JoI have been having this same problem, except that I cannot open basic ports through either app. I've tried opening the standard web services port on 80, but neither app (Server or Airport Utility) will open it. Apple support has been worthless.
-
Mac OS X Leopard Firewall/default open ports rpcbind?
Hi,
I'm looking into hardening/securing mac os x leopard and noticed that port 111 rpcbind is open. Is rpcbind open by default? What are leopards default open ports on a fresh install?
Also is there any way to run openbsd/freebsd PF firewall?
Thanks!This is what nmap reports:
Starting Nmap 4.76 ( http://nmap.org ) at 2009-03-02 12:28 EST
Warning: Unable to open interface vmnet8 -- skipping it.
Warning: Unable to open interface vmnet1 -- skipping it.
Interesting ports on localhost (127.0.0.1):
Not shown: 993 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
631/tcp open ipp
1021/tcp open unknown
1022/tcp open unknown
1023/tcp open netvenuechat
2049/tcp open nfs
49152/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 10.55 seconds
nestat -a | grep LISTEN confirms:
tcp6 0 0 localhost.ipp . LISTEN
tcp4 0 0 *.49152 . LISTEN
tcp4 0 0 *.1021 . LISTEN
tcp4 0 0 *.1022 . LISTEN
tcp4 0 0 *.sunrpc . LISTEN
tcp4 0 0 *.nfsd . LISTEN
tcp4 0 0 *.1023 . LISTEN
tcp4 0 0 localhost.ipp . LISTEN
tcp6 0 0 localhost.ipp . LISTEN
Not too sure what netvenuechat is and I have no idea why NFS is open/running. I'm not connecting to any NFS shares. How do I lock everything down?
Any suggested IPFW rules?
Here is what 'ipfw show' returns:
3300 36 2160 deny icmp from any to me in icmptypes 8
65535 866558 351141790 allow ip from any to any
Thanks,
Juan -
I want to use the NAT firewall of AirPort Express.I scan APE ports when NO ports are forwarded and these ports are open by default:
Open TCP Port: 21 ftp
Open TCP Port: 53 domain
Open TCP Port: 139 netbios-ssn
Open TCP Port: 445 microsoft-ds
Open TCP Port: 548 afpovertcp
Open TCP Port: 554 rtsp
Open TCP Port: 5009 winfs
Open TCP Port: 7070 arcp
My question is why?
And there are some way to close some?
I don't use FTP and other services.By default, all inbound ports on the Apple routers are closed already, but they are not designed to be stealthy. As such, certain utilities can see them as open.
Please check out the following Chron article. It may be a bit outdated but I think it drives the point across why Apple decided not to make their base station ports stealthy. -
I have recently updated my CC programs to the latest version (CC2014) and now all of my files wont open by default into their respective programs, only if I open the program and go to file>open and open the file from there. How can I fix this?
I have tried 'Open with' and the version of the program now installed on my computer isn't even suggested as an option and when I browse for it, the file wont open with it anywayOn Windows (don't know about Mac), the latest version will always take over the file association, and become the default for indd files. It's impossible to change it.
But there is a plugin for ID that makes this possible. Never tried it myself.
https://www.rorohiko.com/wordpress/downloads/lightning-brain-soxy/ -
I have an airport extreme and I am trying to play a new game on my xbox one and it keeps kicking me I have comcast internet that is more than fast enough so I went to the games site and it says I need to either create a static ip or to open ports no idea how to do either of these or what that does any help would be appreciated.
There are heaps of posts here about how to open ports on apple routers specifically for xboxes.
AirPort Extreme and xbox 360 -
Hi! I'm trying to archive (for myself and others for easy access) about 50 fairly complex .ai files in a single Illustrator Default PDF and maintain editability and preserve layer and grouping integrity for every separate file, and, i'm probably going to have to do this hundreds of times (at least!) in the future. Once i save the initial first pdf file through Illustrator (wish didn't even have to do this, but seems no way to do in Bridge), then open the resulting pdf w Acrobat Pro, can i then just select an entire folder's worth of ai files in Bridge, drag and drop them into the pages panel and still have the dragged and dropped files also preserve all their AI info and layer/ group integrity? An if not, thinking if not based on 20 similar experiments, what's a fast way to do this. Doing this manually each time: opening each file in AI then saving as AI pdf, then combining and arranging them all after the fact, would be, well, fairly effed in terms of time, carpal tunnel, arthritis etc. Experimented w Bridge PDF Output batching (terrible rasterized lo-res results, but great for its intended purpose) and just dragging and dropping into Acrobat (lose complicated layer names and info, all flattened to single layer). Any help most appreciated, and as i do not have regular access to das interwebs (i live on a boat) would appreciate and heed gentle admonishment if i've misposted or broached any community etiquette here. I've researched this as well as i can but can't find anything efficient/ elegant not involving InDesign, and even then the details are skimpy. Thank You! Getting mentally exhausted and not a little loopy. Keep in mind had to teach myself both Illustrator, Acrobat etc with access to the very limited offline help menus (the boat), so a complex answer involving learning InDesign would be learning curve can't even imagine with everything else struggling to do. But if you're willing to babystep diagram it out for me or can find me a link that does i will not only be eternally grateful but will do my durndest to master it and pass it on....Thanks Again! lil mc szpf
PS If it helps I'm running the diligent dogged dusty beloved workhorse CS4 Design Premium on 27" monitor 2010 Mac (OS X 10.6.8), and took advantage of rare housesitting net access to install all most recent updates of everything, i'm barely competent w AI, PS, BR and been tackling Acrobat for past couple of months now....im glad that somebody is atleast trying. perhaps i need to be more clear.
i will step by step describe the issue in detail.
1) i open an email that contains an attachment .dxf or .pdf
2) i click on the attachment shown in the email and aprompt comes up asking if i want to open or save the attachment.
3) i select save. (by default it saves to a downloads folder. but i have also chosen to use other folders (when i did that it wouldnt save them)
4) i highlight the downloads arrow on the right top side of my browser and click it
5) it pulls down a list of the files that i USED to be able to click and drag onto my destop, or anyplace i chose
6) used to be when i clicked and held the left mouse button down on top of a file of my choosing it would highlight and as i began to drag, a ghost image would appear of the file i was dragging. showing a (/) symbol next to it showing i couldnt drop the file within the browser and a + simbol showing that i could drop the file when the file was hovering over a place where i could drop the file such as my desktop or other folder. now, when i click and hold on the file.... I DONT get anything. when i drag. nothing follows. while i am "dragging" in the area that is my browser, i get the pointy finger icon. as soon as i enter an area where i could have dropped the file as before, i get my standard cursor arrow.
its really as if the drag and drop feature just dosent work IN FIREFOX.
i can drag and drop files all day long everyplace else. -
Firewall in 10.5, how to open ports and how to manage?
I am pulling my hair out with the new firewall in 10.5. In 10.4 I could just set ports as I liked in the control panel, in 10.5 there is no such thing.
I need to for example open port 49999 to allow PageSender to function in my network.
I need to open port 5901 to work with JollyFast VNC, as port 5900 is used by Apple Remote Desktop and the conflict if they both use the same port.
Some of these ports I need permanent open like 59999 and others for one session and than close again, like 5901. Again in 10.4 I made the rule in the pref pane, ticked the box and Bob was your uncle. Now?
I would like to be able to see what ports are open and active on the machine. I have no idea as to where I could see this.
And at the same time I would like to keep the firewall as closed as possible as I am often on line in hotels etc.
So I need help, is there a manual somewhere someone is aware of? Or do you have any answers?The new Application Firewall does not work in the same way as IPFW (the main firewall in 10.4).
Instead of managing ports, it simply controls the access of applications to any port. Thus, if you want PageSender to receive connections, you simply need to switch the firewall to "Set access for specific services and applications", and then add PageSender to the list, with "Allow incoming connections". When you do this, PageSender will be able to receive connections on any port that it needs to.
If you don't like this method of controlling connections, you can still use IPFW. Apple has removed the GUI, but you can download a GUI application like [NoobProof|http://www.hanynet.com/noobproof> or [WaterRoof|http://www.hanynet.com/waterroof/index.html], and you can then set access for specific ports.
There are no problems with using both IPFW and Application Firewall.
Cheers,
Rodney -
I installed 10.6.8 from 10.6.6 OS on my MacBook Pro and have not been able to open secure sites on Safari. Think it has something to do with the Intego Anti-virus installed. Tried restoring Intego to default status and now my Mac barely boots up and does nothing else but spin. Ugh. Has anyone had similar issues and if so, were you able to resolve? How? Thanks,
1: Backup your user files folders of Documents, Music, Pictures etc., to a external powered drive (not TimeMachine) and disconnect.
2: Insert the 10.6 installer disk and reboot holding c
3: Simply reinstall OS X without erasing the drive, it will overwrite the installed version of OS X and the root level software, but leave your Applications folder contents (expect Apple bundled programs) and user files alone. (but backup anyway in case it fails)
4: Reboot and the Integro is gone out of your system, but there may still be something laying around in Applicaitons to delete. Use Software Update to get up to date.
5: You don't need anti-virus on a Mac, Apple provides it already for you sight unseen.
6: If you Software update, the bad certificate issues are pulled, thus are not a threat. -
I recently had a security system installed in my house. One of the features is an EPAD which enables me to have a virtual keypad on my iphone, and computer to operate the alarm system. The technician was not familiar with Mac's and Airports. How do I open port 80 to 80 in my airport and assign a fixed IP address for the EPAD? Apparently this is what is needed to make this work.
There are three ranges of "strictly local" IP addresses reserved for local Network use:
192.168.xxx.yyy
172.16.xxx.yyy
10.xxx.yyy.zzz
What your Router does for you is to act as your agent on the Internet.Your requests are packaged up and forwarded on your behalf, and only when a response is expected is the response returned to your local IP address.
Directing Network Traffic to a Specific Computer on Your
Network (Port Mapping)
AirPort Extreme uses Network Address Translation (NAT) to share a single IP address with the computers that join the AirPort Extreme network. To provide Internet access to several computers with one IP address, NAT assigns private IP addresses to each computer on the AirPort Extreme network, and then matches these addresses with port numbers. The wireless device creates a port-to-private IP address table entry when a computer on your AirPort (private) network sends a request for information to the Internet.
If you’re using a web, AppleShare, or FTP server on your AirPort Extreme network, other computers initiate communication with your server. Because the Apple wireless device has no table entries for these requests, it has no way of directing the information to the appropriate computer on your AirPort network.
To ensure that requests are properly routed to your web, AppleShare, or FTP server, you need to establish a permanent IP address for your server and provide inbound port mapping information to your Apple wireless device.
To set up inbound port mapping:
1) Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary.
2) Click the Advanced button, and then click Port Mapping.
3) Click the Add button and choose a service, such as Personal File Sharing, from the Service pop-up menu. -
I have a Lorex DVR that I want to monitor from my IPhone and IPad. I used to be able to do this when I had a Belkin router (easy to open ports) but I bought the AirPort Extreme router and no longer have that capability. When I use "canyouseeme" they can NOT see 80, 9000 or 1025. Lorex says I need them all available in order to access. Help! And all the help I see refers to a earlier version of the AirPort Utility so I cant use those to look at anything, I cant find the same screens, I have version 6.1 (610.31). I also don't really understand how ports work, so I need a pretty basic explanation.
Well...I went to the modem (Westell, WireSpeed), found the NAT settings, once again, I'm WAY over my head, I am assuming this is a TCP connection (as opposed to a UDP) and per Lorex my mobile devices will use port 1025. So I gave it a "global port range" of 1-10 and I indicated that the "base host port" was 80, 1025, & 9000 (ports 1,2,3). When I selected the 'enable' it asked for a "host devise" my choices are my IPhone, IMac and the IP address for the dvr, so I choose the dvr. I still cannot connect and canyouseeme still can NOT find these open ports. This is taking up my whole day! I don't know how people figure this stuff out.
Maybe you are looking for
-
How should I check to see if a member has a property?
What is the recommended Lingo is for safely testing members to see if they have a property, such as when additional properties are added to members in a new release of Shockwave? findPos() does not work on members, and trying to access the property
-
BPM - replacing Boundary Event
Hi there, I have a business process flow with human tasks, and one of these tasks has a boundary event with old name "Cancel". Because of changing the event trigger name (on side of Web Dynpro component controller), I have replaced the old name throu
-
Any facility in Cocoa for word completion?
I'm looking for some interface to the Mac OS dictionary, with the goal of being able to get a list of words which match a basic expression. For example: asking for words that are 5 characters long that match the form sh_. Feature useful for suggestin
-
Problem rendering a dynamically populated tree in a postback
I'll try and keep this as simple as possible... On page1 I have a table with a button column. When the user presses one of the buttons, the ID for that row is saved in a variable in the session bean, then navigates to page2. In the init() function of
-
How to set the hyperlink in the label setText Method
Plz help me on this .. I want to make a hyperlink on a label.as the 'about eclipse' window in eclipse Is it possible to create a string which carry's with the html tags and make use that string in setText method of a Label in java? Thx rob