Wednesday, November 28, 2007

How to FLOSS

In my never ending quest to discover good up-to-date resources about Open Source Software I stumbled across the following.

"This guide (developed in the context of the FLOSSMETRICS and OpenTTT projects) present a set of guidelines and suggestions for the adoption of open source software within SMEs, using a ladder model that will guide companies from the initial selection and adoption of FLOSS within the IT infrastructure up to the creation of suitable business models based on open source software."
The guide seems to be pretty comprehensive and could serve as a valuable resource for persons wanting to familiarise themselves with FLOSS.

The guide can be found at

Tuesday, November 20, 2007

WEP?? Leopard Internet Sharing Woes

I anxiously awaited Leopard in the hope that Intenet Sharing would support WPA. I have a really hard time understanding why Leopard supports Internet Sharing through WEP. Aircrack-ng and other tools can crack WEP in uder a minute - it just does not make sense.

Perhaps the Lazyweb can recommend a solution whereby I can do WPA through third party support? From what I understand WPA has the same performance impact as WEP (when not using AES) - but it probably is a case of the Hardware only supporting the old standard...

My recommendation? If you truly need to do Internet Sharing do it through the Ethernet port (using a crossover cable) or enable WEP only for a short while and change the password every time you use it.

Friday, November 16, 2007

Leopard Firewall - OS X 10.5.1 relief

I'm glad to report that this morning after updating to Mac OS 10.5.1 the firewall seems to be working as advertised. They dropped the "Block all incoming" moniker and replaced it with "Allow only essential services", which I selected.

Also, I enabled "Stealth Mode" under Advanced.

I then ran some tests from another host to verify that the firewall was up and it seemed to be performing as advertised. I'm pretty interested to see what the "Essential" services are - perhaps I will do some digging soon.

Just for completeness run the following tests from another host on the network:
$ ping hostname
(Should return no replies if stealth is on)
$ nmap hostname
(Should also not return with any open ports)

I disabled my firewall temporarily to scan for some open ports and then tested connections to those ports using telnet after re-enabling the firewall. All results were also positive.

I'm very pleased that this issue has been resolved.

Thursday, November 08, 2007

Leopard Firewall Woes

I have been using Mac OS X Leopard for the last few weeks and the article on Heise Security caught my attention. I use a 3G connection to the internet quite often and have to assume that a NAT firewall wont always be available.

I did some of my own tests and as far as I could tell setting the firewall to "Block All Incoming Connections" just does not seem to work.

The output of "sudo ipfw list" does not seem to change when switching between "Allow All" and "Block All"...

Here is what I recommend for now:
- Download WaterRoof ipfw at: (its OSS).
- Run through the Wizard, just clicking next is the equivalent of "Block All"
- If you want "Stealth", go to "Static Rules" and add a rule to block all ICMP from "Any" to "Me".
- Make these changes permanent through: Tools -> Startup Script -> Install Startup Script.

To test if your setup is any good head over to Shields Up! Steve Gibson's excellent resource and run some tests to check that your firewall is actually working as planned. Shields Up! can be found at:

Please note that this test is most effective if you are directly connected to the internet. If you cannot connect directly rather Google for nmap and run some tests on your LAN. I used nmap to run some tests against the firewall to confirm the results - consider just trying to ping your machine from another host at least.

For reference here are my rules, running "sudo ipfw list" from the terminal should give you similar results.

$sudo ipfw list
00100 allow ip from any to any via lo*
00110 deny ip from to any in
00120 deny ip from any to in
00130 deny ip from to any in
00140 deny tcp from any to in
01000 allow tcp from any to any out
01000 allow tcp from any to any established
01100 deny icmp from any to me
65534 deny tcp from any to any
65535 allow ip from any to any

And remember: "Friends do not let friends get Owned" - Pauldotcom Security Weekly