Comments on: Stateful OS X firewall http://scrutin.wordpress.com/2007/03/26/stateful-os-x-firewall/ Random Bits For Random People Tue, 21 Oct 2008 14:33:30 +0000 http://wordpress.com/ hourly 1 By: scrutin http://scrutin.wordpress.com/2007/03/26/stateful-os-x-firewall/#comment-30 scrutin Thu, 26 Apr 2007 01:53:50 +0000 http://scrutin.wordpress.com/2007/03/26/stateful-os-x-firewall/#comment-30 This page uses Java to determine your local IP and is more of a test of your browser's security than your firewall. Unfortunately, Java and Javascript open you up to vulnerabilities that are very difficult for a firewall or Intrusion Detection/Prevention system to block. Basically you are letting a site download code to your computer and execute it which is inherently insecure. This can open you up to cross site scripting attacks as well. If you don't have a need for it you should turn off Java under preferences --> Security in Safari or Preferences --> Web Features in Firefox. If you can live with it you can turn off Javascript as well, but unfortunately, many sites might not work when you do this. I doubt whether TOR or Netshade would prevent this from working since it is executing in your browser and passing your IP back to the server via a GET request. <code>GET /audit.asp?a=xxx.xxx.xxx.xxx HTTP/1.1</code> There are also some sites out there that claim to get your address via JavaScript, displaying your local address on the page and suggesting that you download their security application. In general your address is not leaving your network and the applications they are pitching are more spyware than security, but that is more of a problem for Windows users. This page uses Java to determine your local IP and is more of a test of your browser’s security than your firewall. Unfortunately, Java and Javascript open you up to vulnerabilities that are very difficult for a firewall or Intrusion Detection/Prevention system to block. Basically you are letting a site download code to your computer and execute it which is inherently insecure. This can open you up to cross site scripting attacks as well.

If you don’t have a need for it you should turn off Java under preferences –> Security in Safari or Preferences –> Web Features in Firefox. If you can live with it you can turn off Javascript as well, but unfortunately, many sites might not work when you do this.

I doubt whether TOR or Netshade would prevent this from working since it is executing in your browser and passing your IP back to the server via a GET request.

GET /audit.asp?a=xxx.xxx.xxx.xxx HTTP/1.1

There are also some sites out there that claim to get your address via JavaScript, displaying your local address
on the page and suggesting that you download their security application. In general your address is not leaving your network and the applications they are pitching are more spyware than security, but that is more of a problem for Windows users.

]]> By: Dan Kumper http://scrutin.wordpress.com/2007/03/26/stateful-os-x-firewall/#comment-29 Dan Kumper Wed, 25 Apr 2007 22:23:10 +0000 http://scrutin.wordpress.com/2007/03/26/stateful-os-x-firewall/#comment-29 But this ipfw set-up cannot avoid the message "Found your Private IP of xxx.xxx.xxx.xxx!" over at http://www.auditmypc.com/software_audit.asp (for my EXT_INT="en0") Any ipfw workaround available? (... or do we have to use Tor, Netshade, etc.) Anyway, thanks for sharing this! But this ipfw set-up cannot avoid the message “Found your Private IP of xxx.xxx.xxx.xxx!” over at http://www.auditmypc.com/software_audit.asp (for my EXT_INT=”en0″)

Any ipfw workaround available? (… or do we have to use Tor, Netshade, etc.)

Anyway, thanks for sharing this!

]]>