Welcome to the MacNN Forums.

Mac Write · Mar 21, 2005, 10:45 AM

I am trying to lock down my moms computer, and port 0 and 1 show up as closed. I did a new rule in the sharing panel unchecked it and that didn't work. Any idea's on how to put these 2 ports into stealth using the build in firewall, without disabling the ability to control it via sharing?

Mithras · Mar 21, 2005, 12:11 PM

I really wouldn't worry about it. 2 useless ports being closed vs stealth isn't going to matter in any real sense.

SMacTech · Mar 21, 2005, 12:15 PM

You had me really confused thinking you were trying to stealth your Firewire ports !

Mac Write · Mar 21, 2005, 01:28 PM

Originally posted by Mithras:
I really wouldn't worry about it. 2 useless ports being closed vs stealth isn't going to matter in any real sense.

It is important to my mom, and me. I want her computer completely blind to any port scan, and her ISP has a 5GB/month cap so every attack costs $$$. Her computer needs to be 100% stealth, and those ports show up on scans.

Chuckit · Mar 21, 2005, 01:39 PM

Are you sure they're visible to the wider world and not just people in your subnet or something along those lines?

CharlesS · Mar 21, 2005, 02:19 PM

Originally posted by Chuckit:
Are you sure they're visible to the wider world and not just people in your subnet or something along those lines?

If you go to grc.com and do a full port scan there, they always show ports 0 and 1 as being closed, so yeah.

Thinine · Mar 21, 2005, 03:27 PM

Panther's firewall isn't capable of stealthing anyway, so I don't know what you're talking about. And a port scan is a trivial amount of bandwidth. They'd have to be hitting you pretty damn hard for those pings to add up to much.

Millennium · Mar 21, 2005, 03:40 PM

Originally posted by Thinine:
Panther's firewall isn't capable of stealthing anyway, so I don't know what you're talking about. And a port scan is a trivial amount of bandwidth. They'd have to be hitting you pretty damn hard for those pings to add up to much.

Actually, Panther's firewall is capable of stealthing. Apple's firewall interface doesn't set it to do that by default, but third-party configurators like BrickHouse can do it with no trouble.

Thinine · Mar 21, 2005, 04:12 PM

Ah, good to know.

CharlesS · Mar 21, 2005, 05:32 PM

Originally posted by Millennium:
Actually, Panther's firewall is capable of stealthing. Apple's firewall interface doesn't set it to do that by default

Huh? Yes it does. Just not for ports 0 and 1.

jamil5454 · Mar 21, 2005, 05:37 PM

Wouldn't a cheap router put in front of the computer be better in saving bandwidth? You would configure the router not to respond to ping attempts and then close all inbound ports. You could easily find a router online for under $15.

Millennium · Mar 21, 2005, 06:27 PM

Originally posted by jamil5454:
Wouldn't a cheap router put in front of the computer be better in saving bandwidth?

No, because ISPs assess their charges when the data is sent to your computer, not when your computer actually gets it. The router would block the ping from getting to your machine, but it would still have been sent, and so you'd still be charged.

The only thing a stealth firewall can do is slow down a port scan, by making sure that the scanner has to wait for timeouts on every ping instead of just getting a "Connection refused" response. However, usually someone using scanner will simply give up after a couple of pings, and that is how bandwidth gets saved; only ten or so pings get through instead of some 36,000.

Mac Write · Mar 25, 2005, 03:07 AM

Does anyone have an answer? Maybe the problem will be fixed in Tiger?