OS X Firewall Stealth Mode & Ping
260 views
Skip to first unread message
Adam Wallace
Sep 5, 2012, 3:45:21 AM9/5/12
to prey-s...@googlegroups.com
Does anyone know if the stealth mode setting of the built in Firewall in
Mac OS X prevents Prey from working? The Stealth mode, if selected, says
"Don't respond to or acknowledge attempts to access this computer from
the network by test application using ICMP, such as Ping"
Does this in any way affect Prey's operation? Any ideas?
Mac OS X prevents Prey from working? The Stealth mode, if selected, says
"Don't respond to or acknowledge attempts to access this computer from
the network by test application using ICMP, such as Ping"
Does this in any way affect Prey's operation? Any ideas?
OnlineCop
Sep 5, 2012, 1:38:28 PM9/5/12
to prey-s...@googlegroups.com
The firewall will prevent incoming connections, when an application didn't initiate it on your end.
Prey will initiate contact with a website to check whether it's been marked as missing. The firewall on OS X sees that one of its local apps is requesting the connection, whether it's via ping, FTP, HTTP, or some other method. It will allow the outgoing connection, and then within an acceptable timeframe, allow the requested site to respond with pings, HTTP request fulfillment, and so forth.
Apps that you will need to watch out for are things like Hands Off and Little Snitch. These monitor your apps' outgoing connections (essentially, they look for applications that attempt to "phone home" and will let you intercept them and either block or allow the connection). It will indicate which program has initiated the outgoing request, what site it was attempting to connect to, and whether or not you want to allow both the connection AND read/write ability on your local machine. If you (or a thief who steals your machine) installs this and DOESN'T configure prey to allow outbound traffic, prey will not work: it will try to connect to its "am I stolen?" page and fail.
The OS X firewall does not do this: it is built do block incoming traffic only, when that traffic was not requested by one of your local apps. So if I attempted to SSH into my Mac from another computer, or even ping it from a different computer in my same network, the firewall is designed to intercept these and block any whose rules are not whitelisted. If you want to be able to ping your Mac from anywhere (inside or outside of your network), you have to set the Firewall to allow ping. However, if you can't conceive of any time that you'd want/need to ping your Mac, it's good to turn that on so outside hackers can't see that "ooh, there's a computer at this address!"
-OC
Reply all
Reply to author
Forward
0 new messages