Investigating the Leopard firewall

Our friend [Rich Mogull] has been flipping the switches on Leopard’s new firewall and scanning it to see what’s actually going on. There is some good and some bad. The new application signing is a mixed bag. It breaks Skype and a commenter pointed out that automatically trusting Apple installed apps like NetCat isn’t a good idea either. You can roll your own firewall using user friendly tools like WaterRoof since ipfw is still included.

5 thoughts on “Investigating the Leopard firewall

  1. @cde: you are so completely right, but I have had software firewalls crash and not realize it. I don’t even know if this is possible with a hardware firewall. I just feel safer.

  2. @techpagan

    Trust me, it is QUITE possible for a H/W firewall to crash. Be it on it’s own or via a DoS attack. I don’t think you hear about it because of different user bases (the home user vs. corporate sys admin).

  3. Looks like he just tested the front end.

    I’d like to see someone do black box testing on it using a flexible fuzzer framework. Or rootkit research.

    The native UDP services that are unblocked would be cool to mess with.

    The Mac droids will have to wash there abrecrombie and fitch, and clean there black framed designer glasses after the anger sweats.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s