Setting AEBS for Stealth mode?  Is it possible??

Hello,
I have a Airport Extreme Base Station and I currently have all the default settings for it. I know that the AEBS has a firewall, but I don't really know how to configure it. When I test it's security level by going to a website and running port scans etc... (I go to www.grc.com) I'm getting responses that the ports are responding but are "closed". Is there a way to set the AEBS to have a stealth setting??
I used to have a SMC Barricade router before I got my mac and the AEBS and when I ran these types of tests before they always came out as stealth on all my ports.
Does anyone out there know how to set this base station to show up as stealth?
Thanks in advance.

Hi,
I've asked this question before, too by going to an Apple Store to ask one of their Geniuses what to do about this problem. The response I got was basically that I didn't know what I was talking about and that I was stupid for asking. Usually the Apple folks are cheerful and happy to help; must have been a bad fruit in the lot.
Past messages on this board (I searched for "stealth") mention a similar stance: don't worry about ping, just make sure your ports are closed and/or services disabled.
The objective of stealth mode is to make sure hackers don't even know we exist so that they won't have reason to port scan our IP in the attempt to hack in. —When I ran a development web server for a while I monitored log files via Console seeing all kinds of external hack attempts!!
What I'm looking for is `stateful packet inspection` with all ports `stealthed`. Better yet, the AEBS needs to provide a configuration wizard for customers both who just want to run it out of the box AND include expert options (i.e. LinkSys, NetGear, D-Link, ...) so that we can fine-tune the firewall to our needs!
The main reason for my reply was to show that others have the same concerns and to solicit a meaningful response from Apple that satisfies this concern.
~Cheers
PS: I've also used grc.com to test my vulnerability from the outside world as well as asking external SysAdmins to port-scan my system.

Similar Messages

  • Setting chassis for scan mode

    Hi
    I am building project in project explorer and setting chassis NI cRIO 9103 for scan mode. I select scan mode from properties. In order to deploy new settings, I follow instructions ( right click chassis>>deploy settings), but when I right click chassis the only option I could choose from are New, Arrange by, expand all, collapse all, remove from project, rename, help and properties. I dont have deploy. Am I not following instructions or is there anything wrong?
    Thanks for help
    Best regards

    Definitely sounds like some necessary software isn't installed or had an installation problem.  Can you reply back with what you have installed?
    You should have installed at least
    LabVIEW
    LabVIEW RT
    NI-RIO
    and preferably, in that order.
    Thanks,
    Sebastian

  • Set location for offline-mode songs?

    In previous versions of Spotify, I had the option to choose where I wanted the offline-synced songs to bo, an option I can't find anymore. Is it possible to change it nowdays? 

    Hi Gribbled,
    Could you please change the SQL Server Service to run under 'LocalSystem' account and restart SQL Server? Then check if the error still occurs. When the SQL Server service account is configured to use the LocalSystem account, the server will automatically
    publish the SPN.
    Alternatively, to work around this issue, you can manually create the SPN for the SQL Server Service account  using the SETSPN tool. For more details, please review this
    blog.
    Thanks,
    Lydia Zhang

  • Acceptable uris for edit mode in portlets

    Hi,
    I have been experimenting with setting URIs for edit mode in portlets.
    It seems that the only two acceptable types of URI are those in the
    portal project and those that point to a file in the filesystem. It
    does not seem possible to forward on to a webapp in the same project, or
    to an external URL outside of the application.
    Is there a way to do this, or is this not possible?
    The use case I am trying to implement is for all portlets to use a
    generic edit page that is maximised. The page will be populated with
    the available values for personalization for the portlet that the
    request came from, and on submit, will return to the portlet and persist
    changes.
    Cheers
    Dennis

    Dennis said the following on 02/05/2004 08:21 AM:
    Hi,
    I have been experimenting with setting URIs for edit mode in portlets.
    It seems that the only two acceptable types of URI are those in the
    portal project and those that point to a file in the filesystem. It I guess you're using JSR168 portlets, with PortletRequestDispatcher to
    include some content for a given mode/state. PortletRequestDispatcher
    can only be used to include JSPs within the same webapp.
    does not seem possible to forward on to a webapp in the same project, or
    to an external URL outside of the application.
    Is there a way to do this, or is this not possible?This is possible, but you must roll out your own code to include
    external content.
    The use case I am trying to implement is for all portlets to use a
    generic edit page that is maximised. The page will be populated with
    the available values for personalization for the portlet that the
    request came from, and on submit, will return to the portlet and persist
    changes.Why not deploy that JSP in the same webapp so that it can be included?
    Subbu

  • Firewall stealth mode not working.

    I just upgraded my 2008 Mac Pro to Mavericks from Snow Leopard, and amazingly had not problems whatsoever.
    However, I did a quick security audit using the ShieldsUp site, and was disturbed to see that only a few of the hundreds of ports scanned were stealthed, and one port (548) is wide open. The information I found suggests that port is associated with file sharing, which I have turned off, and also blocked in the software firewall. Under Snow Leopard, everything was stealthed whith the exception of a couple of closed ports.
    The software firewall is set to enable Stealth Mode, and the box that automatically allows signed software to connect is unclicked. When I temporarily told it to block all incoming connections, it had no effect on the ShieldsUp scan.
    I'm using an airport base station, and just confirmed that the NAT routing box is checked (this equivalent to enabling its rudimentary hardware firewall, yes?)
    Can anyone explain what's up? At the very least I'd like to do something about that open port (if it can be done without crippling something), and Ideally I'd like to disappear like in the good old days.
    And if my concerns are completely misplaced, I'd appreciate it if someone could explain.
    Thank you!

    Shields up is reporting ports open on your router, not you Mac.
    The Airport Base Station will only forward ports to your Mac if you have those set up in the router. Otherwise, nobody can see your Mac from outside the router.

  • 2 IPS 4270 SETUP FOR PROMISCOUS MODE

    hi guys,
    I have two ips 4270 and i want to set up for promiscous mode, Please help me on how to setup this two device. It is first time for me two set up this devices. Can somebody give me configuration guides on how to start it?
    thank you

    Here is configuration guide for IPS version 7.0:
    http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idmguide7.html
    Hope that helps.

  • Stealth mode connection attempts?  Reason for Open DNS in router settings?

    Console is giving me repeated messages (many times per minute) that read
    "Stealth Mode connection attempt to UDP xxxx  from 208.67.222.222:53"
    That's a little scary to the uninitiated!   I've done some rummaging here and across the net on this.  I understand little of what I found or how to stop this.  I understand that the 208.67.222.222 is Open DNS related.  I was glad to discover that as I originally thought some malicious computer somewhere was trying to gain access to my MacBook Pro.  I thought I'd delete the DNS servers to see if that would help, but they are greyed out in the Preferences--Network--DNS panel and cannot be removed. 
    From what I've investigated, those Open DNS servers are set in the router.  I know how to change or delete those, but maybe I shouldn't.  In fact, maybe someone can remind me why I put them in there in the first place (years ago).  I vaguely recall some advantage to using Open DNS (faster?), although I'll confess that, of late, too often mistyped web addresses go to an Open DNS page, which is a nuisance.
    In any event, I'd like to do something that would stop the stealth mode "attacks".  While I'm sure I could ignore it, maybe it's eating up some browser or network time.  It also seems odd that it would go on and on! 

    Thanks for some info on this.  Should I only see it then, when I'm in a browser?  Or, when wi-fi is on?  I'm assuming that the Mac may be checking what time it is, although it seems a little too frequent for that!  (3 times a minute?  Well, maybe that's about right, but then Apple and Open DNS should coordinate so that this message doesn't show up.)
    I did find this:  http://forums.opendns.com/comments.php?DiscussionID=1785
    Does that make sense?  It's completely benign?  And doesn't waste CPU cycles?
    One problem with all this stealth mode logging is that it fills up the Console message window!  It thus means that there is gobs of stuff I have to wade through to see if there really is something going on from the outside!
    I did find two oddballs in there (I don't think they were open DNS as they weren't 208s), so the firewall is doing something.

  • Is there any way to set a stealth  mode on the ports in Panther

    The built-in firewall in Tiger provides a 'Stealth Mode' setting that makes the ports nonresponsive to external attempts to connect. The Panther firewall doesn't have this capability. Does anyone know of a way to enable this on a Panther machine (specifically 10.3.5 & 10.3.6) - even if it involves installing a utility application is ok.

    Ok, question for Karl.
    When I go to https://www.grc.com/x/ne.dll?bh0bkyd2
    and do the ShieldsUP Stealth test from outside my hardware firewall connected directly to the internet (SSH turned off for the test) why do I get this result?:
    GRC Port Authority Report created on UTC: 2006-09-25 at 06:03:43
    Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
    119, 135, 139, 143, 389, 443, 445,
    1002, 1024-1030, 1720, 5000
    0 Ports Open
    0 Ports Closed
    26 Ports Stealth
    26 Ports Tested
    ALL PORTS tested were found to be: STEALTH
    Specifically ftp reports this:
    21
    FTP
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
    The only thing that fails is the PING test. Because they can ping my address. I don't have firewall turned on and I am running 10.3.9 not 10.4.
    Any ideas? Is this test just not thourough enough?
    Run the test for yourself and see. You will need to click Proceed at the bottom of the page to start the test.

  • Firewall - stealth mode connection attempts from AEBS to computer

    Console log is packed with Info messages realted to connection attempts from AEBS router. Is that normal?
    also, system profiler states:  Firewall Logging:          No /  Stealth Mode:          No. Why the discrepancy?

    R C-R wrote:
    I suggest not taking Mr. Lambert's "bad design" commnets too seriously.
    AFAICT, the string "bad design" does not appear in the post I referred to. Please do not chastise Terry Lambert (whoever he or she may be) for someone else's sins. If anyone said 'bad design', it was I.
    he seems to have confused the IP addresses of two different network devices (his Mac & his Airport router) & suggested loopback
    No, he didn't; you misunderstood. What he is saying is that his network device (Airport, or, en1) is talking to itself through the router instead of through loopback.
    He also seems to have concluded that UDP's lack of a handshake protocol makes it a "connectionless" protocol, which makes no sense
    Terry Lambert was correct; you may have misunderstood the technical term in question. For instance, a quick look in Wikipedia reveals that,
    "In telecommunications, connectionless describes communication between two network end points in which a message can be sent from one end point to another without prior arrangement. […] Internet Protocol (IP) and User Datagram Protocol (UDP) are connectionless protocols." (The stress is mine.)
    But Wikipedia is not always to be trusted. We are not a bunch of techies here, so I'll turn to an easy, plain-language reference:
    "A connectionless protocol doesn’t go to the trouble of establishing a connection before sending a packet. Instead, it simply sends the packet. TCP is a connection-oriented Transport layer protocol. The connectionless protocol that works alongside TCP is called UDP." (The stress is mine.)
    Lowe, D. (2008). Networking all-in-one desk reference for dummies, 3rd edition. Indianapolis, IN: Wiley Publishing, Inc. ISBN 0470179155, p. 31.

  • I have a MacBook Air w/ 64 GB. I have hours and hours of music/vids/etc. Is it possible to have an external drive specifically set-up for my iTunes? If so, what do I need to do? Thanks!

    I have a MacBook Air w/ 64 GB. I have hours and hours of music/vids/etc. Is it possible to have an external drive specifically set-up for my iTunes? If so, what do I need to do? Thanks!

    Yes, many people do just that. Copy your iTunes folder to the external drive. Once done, open iTunes with Option held down and select the new location of the library file.

  • How can I set default values for Allocate Mode in AO config?

    Hi, How can I set default values for allocate mode in AO config. To be specific, in the attached vi, I need to set the Allocate Mode in AO Config to 'Use FIFO Memory (6)' if the value inside my case structure is false and to 'no change (0)' if the value inside the case strusture is true.
    Solved!
    Go to Solution.
    Attachments:
    generateWaveformFIFO.vi ‏15 KB

    Create two constants for the Allocate Mode input (right click > create > constant). Place one in the true case of the case structure, and place the other one in the false case. Wire them to the same tunnel (border of the case structure), then wire the tunnel to the Allocate Mode terminal of the AO Config. I don't have Traditional DAQ installed, but that should do it.
    Misha

  • Command for:  Access Mode for Result Set

    Hi
    Does anyone know if there is a command for "Access Mode for Result Set". 
    The default view for my characteristic in my query is "Characteristic Relationships".
    I would like to have a command button for the user to be able to change the access mode to "Posted Values"
    I have searched through all the commands but was unable to find this command.
    OR if it is not available does anyone know the XHTML that I could enter into the web template.
    Thanks in advance.
    Ian

    Hi
    Does anyone know if there is a command for "Access Mode for Result Set". 
    The default view for my characteristic in my query is "Characteristic Relationships".
    I would like to have a command button for the user to be able to change the access mode to "Posted Values"
    I have searched through all the commands but was unable to find this command.
    OR if it is not available does anyone know the XHTML that I could enter into the web template.
    Thanks in advance.
    Ian

  • How to set the Data Synchronisation mode for ADF BC component?

    Hi All,
    How to set the Data Synchronisation mode for ADF BC component
    Thanks
    Raghavendra

    Can you clarify what you mean by the data synchronization mode?
    If you mean the Sync Mode, then in 10.1.3 you set this property by:
    1. Selecting your DataBindings.cpx file
    2. Expanding the "Data Control Usages" section in the structure window
    3. Selecting the ADFBC-based data control
    4. Setting the "syncMode" property in the property inspector.

  • Flash Air III, how do I set it for 802.11N mode?

    To whom it may concern: My Flash Air III is a very fine device. However…. My wireless receiver is setup for Wireless Mode: 802.11g with a rate of 48Mbps.  Is there a way to set the Flash Air III to transmit in Wireless Mode: 802.11n? I would like to have a faster data rate.

    It's really easy because it's mostly already set up... The AF-On button on the back of the camera already starts and stops AF.
    To set up true BBF technique, you turn off the AF function at the shutter button. I believe it's Custom Function IV, 1:  Opertaion/Others.... where you make button assignments.  Navigate to the shutter button icon and press "set" to enter the options for that... change to the center one "metering start" and press "set" again. Done.
    Optionally you can swap the function of the AF-On and "*" (AE Lock) buttons, using the same button assignment tool.
    Alan Myers
    San Jose, Calif., USA
    "Walk softly and carry a big lens."
    GEAR: 5DII, 7D(x2), 50D(x3), some other cameras, various lenses & accessories
    FLICKR & PRINTROOM 

  • How do I set up Full Bridge Mode for port fowarding?

    How do i go about setting up Full bridge mode, for port forwarding on my Airport extreme's ? I Have two working to get coverage in my house, but I guess they need to be bridged together

    For most routers, including the AirPorts, bridge mode disables both the NAT & DHCP services. Since NAT is disabled, all of the firewall ports on the AirPort are open and thus port mapping/forwarding would not be reqiured. Therefore if you configure your AirPort as a bridge, the port mapping optios will not be available.
    Since you have two AirPort routers, you would only need to configure the AirPort that is NOT in bridge mode for port mapping to allow communicaton coming in from the Internet. This would typically be the AirPort attached directly to the Internet.

Maybe you are looking for

  • Printing to Acrobat

    As of two days ago, I lost the ability to print from Photoshop. I go to file, and the print option is grayed out. I can still print to Acrobat from other applications. Windows 7, CS5

  • "Untrusted Initial Connection Warnings"

    Hi, if i connect to SSGD the first time, i got a "Untrusted Initial Connection Warnings" warning: "The SSGD client connecting to the server ... for the first time. Do you with to connect to this server ?" As i found in the docu http://docs.sun.com/so

  • Create delay in end to end call

    i want to create a delay in conversation between two analog phones connected to FXS ports. This delay should be thorough out the call.  Please share commands to accomplish this task as we are running out of time. Regards

  • This prepaid code is not valid in this country

    I bought a Spotify gift card to me in Austria and wanted to immediately redeem it. When I entered the code came the Seitenhinweiß: "This prepaid code is not valid in this country" to add is that I'm from Germany and my Premium balances has just expir

  • Prelude will not work across spanned P2 cards

    Prelude will not grab the last frame from card 1 (or first frame from card 2) when a clip spans two P2 cards. Any work arounds besides using p2 viewer? Thanks!