Sa 520 stealth mode

Similar Messages

• Stealth mode connection attempts?  Reason for Open DNS in router settings?

  Console is giving me repeated messages (many times per minute) that read
  "Stealth Mode connection attempt to UDP xxxx  from 208.67.222.222:53"
  That's a little scary to the uninitiated!   I've done some rummaging here and across the net on this.  I understand little of what I found or how to stop this.  I understand that the 208.67.222.222 is Open DNS related.  I was glad to discover that as I originally thought some malicious computer somewhere was trying to gain access to my MacBook Pro.  I thought I'd delete the DNS servers to see if that would help, but they are greyed out in the Preferences--Network--DNS panel and cannot be removed. 
  From what I've investigated, those Open DNS servers are set in the router.  I know how to change or delete those, but maybe I shouldn't.  In fact, maybe someone can remind me why I put them in there in the first place (years ago).  I vaguely recall some advantage to using Open DNS (faster?), although I'll confess that, of late, too often mistyped web addresses go to an Open DNS page, which is a nuisance.
  In any event, I'd like to do something that would stop the stealth mode "attacks".  While I'm sure I could ignore it, maybe it's eating up some browser or network time.  It also seems odd that it would go on and on! 

  Thanks for some info on this.  Should I only see it then, when I'm in a browser?  Or, when wi-fi is on?  I'm assuming that the Mac may be checking what time it is, although it seems a little too frequent for that!  (3 times a minute?  Well, maybe that's about right, but then Apple and Open DNS should coordinate so that this message doesn't show up.)
  I did find this:  http://forums.opendns.com/comments.php?DiscussionID=1785
  Does that make sense?  It's completely benign?  And doesn't waste CPU cycles?
  One problem with all this stealth mode logging is that it fills up the Console message window!  It thus means that there is gobs of stuff I have to wade through to see if there really is something going on from the outside!
  I did find two oddballs in there (I don't think they were open DNS as they weren't 208s), so the firewall is doing something.

• Is there any way to set a stealth  mode on the ports in Panther

  The built-in firewall in Tiger provides a 'Stealth Mode' setting that makes the ports nonresponsive to external attempts to connect. The Panther firewall doesn't have this capability. Does anyone know of a way to enable this on a Panther machine (specifically 10.3.5 & 10.3.6) - even if it involves installing a utility application is ok.

  Ok, question for Karl.
  When I go to https://www.grc.com/x/ne.dll?bh0bkyd2
  and do the ShieldsUP Stealth test from outside my hardware firewall connected directly to the internet (SSH turned off for the test) why do I get this result?:
  GRC Port Authority Report created on UTC: 2006-09-25 at 06:03:43
  Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
  119, 135, 139, 143, 389, 443, 445,
  1002, 1024-1030, 1720, 5000
  0 Ports Open
  0 Ports Closed
  26 Ports Stealth
  26 Ports Tested
  ALL PORTS tested were found to be: STEALTH
  Specifically ftp reports this:
  21
  FTP
  Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
  The only thing that fails is the PING test. Because they can ping my address. I don't have firewall turned on and I am running 10.3.9 not 10.4.
  Any ideas? Is this test just not thourough enough?
  Run the test for yourself and see. You will need to click Proceed at the bottom of the page to start the test.

• Contact center desktop Agent stealth mode issue (8.0.2)

  So here is the deal.
  We're running windows XP and the verstion of desktop agent that i've noted above.
  When the agents put the desktop software in "stealth" mode it goes into the systray. However when they receive a call, it takes over priority (only way I can describe it) and does not stay in "stealth".
  Has anyone come accross this? Any docs on a solution would be great.
  Thanks,
  BR

  Are you saying that it regains focus (i.e. reopens)? I'm not sure how to interrupt "takes over priority".
  Stealth mode should only regain focus if a team message or email is received. If it is doing this for a call it's a bug. From the CAD user guide:
  The window appears as an icon in the system tray (lowerright-hand corner of your desktop, next to the systemclock) and doesn’t appear unless double-clicked or if youreceive a team message or an e-mail.
  Speaking of bugs, I strongly recommend that you place a PUT order for 8.5 and apply 8.5(1)SU1. The 8.0(x) release is a train wreck and has caused multiple CAP cases.

• 10.6.2 - Firewall stealth mode

  After upgrading to 10.6.2 the System Profiler tells me that the firewall stealth mode is turned off but in System Preferences it is activated. Is this a System Profiler bug or is the firewall not working correctly?

  This has been reported before (not in 10.6.2) and has been acknowledged
  as a bug in System profiler... ignore what System profiler is saying.
  (A search of these forums should find you the other discussions.)
  Dave

• Setting AEBS for Stealth mode?  Is it possible??

  Hello,
  I have a Airport Extreme Base Station and I currently have all the default settings for it. I know that the AEBS has a firewall, but I don't really know how to configure it. When I test it's security level by going to a website and running port scans etc... (I go to www.grc.com) I'm getting responses that the ports are responding but are "closed". Is there a way to set the AEBS to have a stealth setting??
  I used to have a SMC Barricade router before I got my mac and the AEBS and when I ran these types of tests before they always came out as stealth on all my ports.
  Does anyone out there know how to set this base station to show up as stealth?
  Thanks in advance.

  Hi,
  I've asked this question before, too by going to an Apple Store to ask one of their Geniuses what to do about this problem. The response I got was basically that I didn't know what I was talking about and that I was stupid for asking. Usually the Apple folks are cheerful and happy to help; must have been a bad fruit in the lot.
  Past messages on this board (I searched for "stealth") mention a similar stance: don't worry about ping, just make sure your ports are closed and/or services disabled.
  The objective of stealth mode is to make sure hackers don't even know we exist so that they won't have reason to port scan our IP in the attempt to hack in. —When I ran a development web server for a while I monitored log files via Console seeing all kinds of external hack attempts!!
  What I'm looking for is `stateful packet inspection` with all ports `stealthed`. Better yet, the AEBS needs to provide a configuration wizard for customers both who just want to run it out of the box AND include expert options (i.e. LinkSys, NetGear, D-Link, ...) so that we can fine-tune the firewall to our needs!
  The main reason for my reply was to show that others have the same concerns and to solicit a meaningful response from Apple that satisfies this concern.
  ~Cheers
  PS: I've also used grc.com to test my vulnerability from the outside world as well as asking external SysAdmins to port-scan my system.

• Stealth mode causing sleep trouble?

  Hi,
  I have a Rev A. PB 12", and I recently decided to beef up my security, so I checked on all the options under the "Advanced" button of the Firewall pane - Blocking UDP, Firewall logging, and Stealth Mode. It seemed to have worked for a few days, but then yesterday I discovered that the computer would not go to sleep on its own, but only if I forced it to. This really freaked me out because I just recently solved this exact issue with my computer, and it took my a very long time to figure it out, so I was naturally worried again. This time it turns out that if I turn off Stealth Mode, the computer is fine. If I keep it on, it keeps the computer awake. I am not sure why this occurs, and I would rather not have Stealth Mode off, but I want the computer to sleep on its own. Does anyone have any suggestions.? Thanks.

  Erasing firewall prefes solved the problem

• I need some clarity on stealth mode

  I've enabled stealth mode on my laptop, but I can still see my "Mark Goodchild's Laptop" on another computer in a Finder window under "Shared." Is that right?

  So the ability for another computer to see mine on a network in the Finder is on a different level...
  Yes. Just have File Sharing on so people on the same network can connect to your Mac.

• Ipfw: Stealth Mode connection attempt to UDP...

  Hi all,
  I recently encountered internet slow down at home. I connect to internet using a wireless router, which has been used for almost a year without any problem. The router has WEP setup and MAC address filter enabled.
  When I open the firewall log, I found that my router is keep using different ports (from 6355 down to 2063), trying to connect the port 137 of my Mac Mini. I have checked that port 137 is related to NetBIOS. The following is extracted from the firewall log (with my host name masked).
  May 18 00:46:54 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2058
  May 18 00:47:03 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2059
  May 18 00:47:06 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2059
  May 18 00:47:18 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2059
  May 18 00:47:28 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2060
  May 18 00:47:30 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2060
  May 18 00:47:42 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2060
  The IP address of my router is 192.168.2.1 and my Mac Mini is 192.168.2.2. I have checked from the router administrative page and can't find any other machine in my wireless network. I have no idea what's wrong with my router. Any idea please? Thanks for any advice in advance.
  Best regards,
  TC
  Mac Mini 1.4G (PowerPC) | iPod Shuffle (2nd Gen)   Mac OS X (10.4.9)   1GB

  Hi Rick,
  Thanks also for your response.
  Do you have a network printer? (make, model, please)
  Any other network devices on this LAN (Xbox, printer,
  PC :o
  I don't have a network printer. The little network only consists of the router and the Mac for the time being.
  Do you have uPNP enabled on your router?
  What make/model of router? (there may be something
  common to this mfr)
  No, the uPNP is never enabled. My router is Belkin Wireless G Router (F5D7230-4), which is supposed quite Mac-friendly in the market...
  You say you still get the logging, even when the DSL
  modem is disconnected. Weird.
  Yes, it is weird.
  StealthMode has been known to cause more paranoia in
  some users. This 137 port scanning might be coming
  from a printer or other network device on the inside
  of your little network...with stealth disabled,
  things would just work the way they're supposed to --
  quietly. Your mac is probably secure. Your router is
  probably secure (especially if you changed the admin
  password when you set it up. If you've been using the
  default admin password, then shame on you <wink>
  I have enabled Stealth mode in my Mac. Sorry to let you down (^^V) that I am not using the default password before the discovery of the port probing mentioned and have changed to another one after reset and firmware upgrade as advised by the other poster.
  Am I off-base here, fellows?
  Nope, you're appreciated for any idea trying to help.
  TC
  (P.S. I found that the "Helpful" is used up. Sorry that I can't give you one...)

• Stealth mode and firewall logging problems to be resolved please.

  I am running OS X v10.6.8 and am having difficulty setting stealth mode. System Preferences shows stealth mode to be switched on, but System Profiler shows it to be off, no matter how many times I set it and shut down/restart. System profiler also shows firewall logging to be switched off, but there is no facility within the Security/Firewall section of System Preferences to switch it on.

  I think the answer to this is if you have "Block all incoming connections" checked, then "Enable stealth mode" in Sys Prefs is checked but greyed out. Mine is set up that way and I'm seeing, like you, that Stealth Mode is off in System Profiler>Network>Firewall. If you have "Block all incoming" checked, then activating Stealth Mode becomes moot.
  I can only get it undimmed if I uncheck Block all incoming.

• Why doesn't Stealth mode stop a response to a ping?

  Even though I have set stealth mode on my firewall, my computer will still respond to a ping from another computer. How do I stop this? This happens when my broadband modem is hooked up through an Airport Extreme as well just plugged into my iMac

  If you would like to see that, then feedback to Apple goes HERE, and click on the appropriate link.

• What is stealth mode and is it good for your computer

  what is stealth mode can you please help me i just found it through my firewall and i am scared about it

  Stealth Mode just means that the computer will not respond to a "ping" or similar network enquiries. This means that anyone trying to communicate with your computer will not receive any reply.
  It will not harm your computer to turn it on, but it may adversely affect any networking programs which you use. I would turn the firewall on, but leave Stealth Mode off unless you really know you need it.
  Matt

• Have I been hacked??? "Stealth Mode connection attempt to UDP"

  My Mac Mini has been running very slowly lately. Sometimes it takes half a minute to switch between apps, and I mean simple apps like Mail and Safari and Appleworks, not Photoshop. Photoshop is a joke it runs so slow. So I've run Onyx SEVERAL times, restarted and cleared my PRam, and nothing is helping. I also noticed it seemed like my Mini was "running" a lot (the hard drive making a noise like it was up to something when I'm not doing anything). So I looked at the cable box and the Ethernet light was flashing softly, going along with the hard drive noise. Then I downloaded something called MenuMeters and it is showing that I'm receiving data constantly - it goes between about 300B/s to 1500B/s, and sometimes it shows I'm sending too. So I opened up the System Preferences and found out that "Network Time" was enabled in the Firewall preference pane. I unchecked that but my Mini is still receiving. (I'm not on any Ethernet network or anything either.) So I opened Advanced and found that the "Block UDP Traffic" box is not checked, though the other two "Enable Firewall Logging" and "Enable Stealth Mode" are checked. THEN I opened the log file and was shocked to see 1048 lines, mostly reading ""Stealth Mode connection attempt to UDP," although once in a while I saw a few that said "12190 Deny TCP." And that 1048 is just for yesterday and today. Is that normal??? Sometimes the "Stealth Mode connection" lines are single (I mean, not to a repeating number), but sometimes they repeat two, three, even five times to the same number.
  Have I been hacked? Is someone stealing our small business data? Sounds kind of ridiculous, but can't help and worry some. Or do I have a virus? I tried to google whether or not there are any Mac viruses out there, that might pertain to this, but couldn't figure out anything. What do I do? I'm not very computer savvy, other than running my apps, and don't anything about Terminal or things like that. Even as I type this MenuMeters is showing me I'm receiving SOMETHING. Yikes!
  Mini   Mac OS X (10.4.8)  

  You mention one of the applications you have been using is Appleworks - which is not supplied with Intel systems, only PPC Macs. This would tend to suggest that your mini is a G4 model. It would be helpful to know which model the system is, what software you have on it, how much free space you have on your hard drive, and what you typically use the system for.
  It's interesting that you note the system seems generally busy, which would go some way to explain why it may also seem rather slow, but you haven't mentioned whether you've run Activity Monitor to see what processes are active when the system seems to be active with some task that is not of your doing. If you haven't tried this yet, do so now - and let us know what processes the system shows as active when otherwise the system ought to be idle.
  To answer a few of your broad questions: When the system is connected to the internet, it's not unusual to see a certain amount of data through-putting the network connection, but in most instances this would be in the region of 100-200B/s, with occasional, brief, spikes upwards of that. In the absence of a local router that level of data is likely to be higher, since basically your Mac is managing your internet connection and maintaining a public IP address assigned by your service provider. In a system with a router, the router handles this traffic so the resultant volume of data the Mac sees would be less.
  The fact you see entries in the log of the sort you describe is not necessarily an indicator of a problem. It may suggest that the system is being probed, which as Boece has said is not at all uncommon for a system with a public IP number - and is indeed why it's most common to find systems being used 'behind' a router. The router takes the public IP number, and so systems behind it are given internal addresses by the router which are not visible to the outside world. The Router then performs something called Network Address Translation (NAT) which converts internal and public addresses as needed to ensure the computer can communicate with the internet while still staying 'invisible'.
  In your position, I would look to add a basic router between your Mac and your cable/DSL modem because a hardware firewall is generally more effective than a software firewall, and NAT will keep your system clear of most potential hacking risks.
  As for the potential for a virus - this is a bit of a thorny subject because most will (rightly) say that MacOS is not the target of any known virus that exists in the wild. Unfortunately, that doesn't mean that it will remain that way, or that it's impossible to create malware that can infect or impact Mac systems. A good line of defense can be obtained by downloading and installing ClamXav (http://www.clamxav.com/) and setting it to examine vulnerable spots such as the desktop where files are typically downloaded or your mail folders, and using it to scan the system. Generally speaking, unlike antivirus products for Windows, this software does not consume copious amounts of CPU time (it grabs between 1 and 5% on my 1.25 G4 mini while in the background) so it's worth having around.
  You also mention running OnyX several times - this is not a good thing. OnyX, like the other utilities of this type, is a useful tool in resolving performance issues, but if you find that it doesn't work when you use it once, it indicates the problem is not something that OnyX can resolve. Running it multiple times doesn't necessarily do any harm, but it does mean that macOS is continually having to build new cache files etc, which makes the system run very badly!
  So....
  (1) tell us about your system, the software on it and what you use it for.
  (2) how much free space is on your hard drive.
  (3) run Activity Monitor and tell us what it shows when the system seems to be busy doing it's own thing.
  (4) download ClamXav and run it as described.
  (5) get an inexpensive router and insert that into your system as described (we can help explain how to set everything up once you've got it if you need assistance).

• HT1810 I am thinking of using the firewall stealth-mode application. Please tell me what disadvantages, if any, it might create for me..

  I am thinking of using the firewall stealth-mode application. Please tell me what disadvantages, if any, I might experience. Thanks. John

  If you live behind your home router, then it will also do nothing as your router keeps the outside world from seeing your Mac anyway.

• ARD Cannot See Client with Stealth Mode Enabled

  Hello,
  I have a client with OS X v10.4.11, and security update 2007-009 is not installed. If I Enable Stealth Mode (firewall) on this client, it no longer appears in the ARD list, even though ARD is enabled on the client and the ARD users have been granted access. Has anyone seen this before? If so, is there a solution other than disabling stealth mode for the firewall?
  Thanks for reading!

  Depending on your network layout, it could indeed be blocked ports. ARD depends on ports 3283 for most functions and 5900 for observe and control. So if the lab is on a different subnet from your administrator workstation, have your network admin confirm that both of those ports are open in the router.
  Hope this helps.