The Mac Observer

Skip navigational links

Choose text size: Select small text. Select medium text. Select large text.

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Blocking Outbound Connections with Little Snitch

TMO Quick Tip - Blocking Outbound Connections with Little Snitch

by , 7:30 AM EST, December 5th, 2007

The firewall in Mac OS X is designed to stop incoming connections. When you're connected to the Internet directly, and your IP address is visible, hackers can generally see your Mac and construct a variety of attacks. These include port scans and then probes of specific ports that look for weaknesses in applications or OS daemons that use those ports. A firewall, with Stealth Mode turned on, stops that cold.

A previous TMO Quick Tip discussed how to customize the Mac OS firewall in those cases where controlled, authorized external access is required. For example, SFTP or HTTP access from the outside.

However, the firewall only blocks incoming connections. One of the features of the TCP/IP protocol is that outgoing packets from, say, a Web browser, are tagged with both the origin and destination IP addresses. That's how the packets of data sent out trigger a response that knows how to come back to your Mac. As a result, a connection to a Website can in principle bring back with it, embedded in the packets, a payload that will naturally bypass the firewall. If that didn't happen, you'd never be able to browse with the firewall enabled.

Sometimes, cleverly constructed, malicious code, coming back to a port handled by a specific application, for example QuickTime, can exploit poor code, cause a buffer to overflow, and external code brought in can be caused to execute. That's bad news.

In turn, that code could, for example, trigger the transmittal of private data on the hard disk back to the malicious Website, and that's something that's not controlled by the firewall. As a result, for complete security, a vigilant Mac OS X user should also monitor outgoing connections.

In turns out that there is an excellent piece of software that can do that: Little Snitch 2. Don't let the fact that the developer is in Austria concern you; they're the good guys.

Once Little Snitch is installed, it will monitor all outgoing connections. You can set rules for trusted sites and block outgoing connections by application and by port. It sounds technical, but it's really easy. In the example below, the Address Book is not allowed to connect to homepage.mac.com. Mail is not allowed to connect on port 80 -- as some graphics attachments in spam try to do. However, outgoing connections with iChat are allowed.


Sample Little Snitch Configuration

As you build up confidence in each Mac OS X application and system daemon and what it connects to, and grant your permission, Little Snitch dynamically builds an outbound set of filter rules. If some new and unexpected outbound connection happens, you'll be offered the opportunity to block it. You can manually make changes to the rules as well.

You'll spend some early days training Little Snitch, but the payoff in the long run is that no data will leave your computer without your consent. That provides a lot of peace of mind. Little Snitch is modestly priced (US$24.95), well written and stable. The latest version is Leopard compatible.

Observer Comments

Show: Subjects Only | Full Comments
Close Name:Guest
Fri Dec 07, 2007 8:42 pm Subject: Little Snitch in the hands of novice users....

...equals tech support nightmare. We are getting more and more problems reported because people don't know what they are doing with Little Snitch.


 Reply | Quote
Comment on this Article


Guest Posts Visible. Hide Them.
Back to top  Page 1 of 1    

You cannot edit your comments.   You cannot delete your comments.

Comments are currently closed. Please email the author instead.


Recent Headlines - Updated July 5th

Fri, 10:29 AM
News - Apple Warns of Learning Interchange Security Breach
7:30 AM
News - Happy Fourth of July!
Thu, 6:07 PM
TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
5:37 PM
News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
4:57 PM
News - Microsoft Sick Over Barf Ad
4:09 PM
Product News - KRK Ships R6 Passive Studio Monitor for Recording
3:45 PM
John Martellaro's Blog - Particle Debris (week ending 7/2)  Juiced, Joost and Goosed
3:12 PM
Product News - ExactScan 2 Pro Released
1:56 PM
Deal Brothers - Apple TV with 160GB Hard Drive:  $324.00 Delivered
12:46 PM
TMO Appearances - TMO Appearances Jeff Gamet Shares iPhone Apps on MacJury
10:41 AM
Product News - Art Text 2.2 Adds New Templates, Layer Options [Updated]
10:04 AM
Hot Forum Topic - Deciphering Mac Sales

The Mac Observer Reader Specials

  • Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
  • OWC: Juice up your iPod w/NewerTech High Capacity Battery from $19.99. Free Installation. Videos for most models. Pro Installation Service w/FedEx Shipping From $57.95 (Battery Included).
  • Poker Mac If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
  • RamJet Memory: MacBook and MacBook Pro 4GB kits for $57.99! Mac Pro 4GB Kits $99.99! iMac and Mac mini 4GB Kits for $57.99! 1TB SATA Hard Drives for $109.99! Click here

  • For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.

  • Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!