Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > Security Concerns

Security Concerns
Thread Tools
nonhuman
Posting Junkie
Join Date: Jun 2001
Location: Washington DC
Status: Offline
Reply With Quote
Apr 30, 2003, 03:45 PM
 
For some reason, the sharing pref pane is telling me that the Firewall settings are unavailable because there is other firewall software running on my computer. I did not install any other firewall software, and last time I tried changing the setting (admittedly a while ago) it worked fine. Ordinarily, this would not be a major concern, but the reason I was poking around at the firewall settings was that, according to gkrellm, I was pulling a lot of data down (steady around 50 K/sec) from one of my NICs, significantly more than I could account for based on my own usage. I closed all my open apps, but that didn't change anything. Checking top, I discovered that there was an active smbd process as well as a nmbd process. I don't know much about smb, but I'm asuming it works something like telnet, ssh, imap, &c, in that if there is a process running that means there is a connection open, and yet 'w' didn't report anyone but myself being logged in. Shutting down Windows File Sharing took care of that, and my computer is now as secure as I can get it without actually being able to access the Firewall.

Does anyone have an explanation for the massive data transmission other than someone accessing my computer, apparently through smb? Does anyone know how I can regain control of my firewall or at least what it is that's preventing me from getting at it now?

On the other hand
     
Rainy Day
Grizzled Veteran
Join Date: Nov 2001
Location: Oregon
Status: Offline
Reply With Quote
May 1, 2003, 12:27 PM
 
If someone did hack into your system, one of the first things they'd do (besides try to cover their tracks) is disable any software which might thwart their efforts (such as firewall software). If you're not running a Samba server, you'd have to ask yourself how those processes got going on your system? Someone started them. If you didn't, then someone else did.

If you've been hacked, anything less that a clean system install may not get the intruder out of your system. You can't trust anything on your box, if it's been hacked, because hackers often replace standard system software with their own trojan horse versions (which look and feel right, but return bogus results designed to protect the hacker from detection).

Anything short of a hardware firewall isn't, in my opinion, real security. Get yourself something like the BroadGuard router for industrial strength protection.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 07:55 AM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2