h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

Can anyone explain the implications of turning this option on (system prefs; sharing; firewall; advanced)?

What's it for and what does it do?

If a machine from outside your local network "challenges" your machine's IP address, the firewall will, by default, send a "Denied" response. This tells the machine that a computer exists at your address but is not accepting connections at this time.

While that is the technically correct response, often malicious systems will make a note of the address to come back and expend further resources on trying to "break in". So, you have "Stealth Mode"...

In Stealth Mode, any incoming messages are just dropped without sending a response so the machine at the other end will just "time out" in the same way as if no machine existed at your address. If you have the option, it's always best to be in Stealth Mode.

So it won't affect things like browsing or downloads?

Nope. It only affects things that are instigated by an outside computer; anything /you/ request is unaffected.

Thanks Peet

I just had a look at the Firewall log, and there are heaps of "ipfw: Stealth Mode connection attempt to TCP" with the IP number (I presume) of the attempter. Can I look up on the internet to see where they are coming from?

Yes, you can use "Network Utility" (you'll find it in your Utilities folder) to lookup the address, but it probably won't tell you much. And it might just be innocent random connection requests. Some network services send out messages to everything they can, just to let other other machines know that they are there or to find other machines - that's how the computers in Windows' "Network Neighborhood" show up automatically, or how Apple's "Bonjour" is able to find local printers and web servers. You can sometimes tell what it is by the "port" number - for instance if the firewall is rejecting something on port 25, you know someone is trying to use your computer as a mail server. Port 80 is web. Ports 137 - 139 could be your neighbors having Windows networking turned on, or it could be something trying to attack windows networks.

There's a full list here: http://www.iana.org/assignments/port-numbers

Where do I see the port numbers?


I looked up some of the IP numbers on http://www.ip-adress.com They seemed to be the bbc or google

If you're running Google Desktop or Google Web Accelerator then Google will occasionally communicate with your machine; that's not sinister.

I don't think I've got either of those. But, yeah, I'm not too worried about google (given they know so much about me anyway ).