Blocking Outbound Connections with Little Snitch
December 4th, 2007 at 2:00 PM - Tips by John Martellaro
The firewall in Mac OS X is designed to stop incoming connections. When youire connected to the Internet directly, and your IP address is visible, hackers can generally see your Mac and construct a variety of attacks. These include port scans and then probes of specific ports that look for weaknesses in applications or OS daemons that use those ports. A firewall, with Stealth Mode turned on, stops that cold.
A previous TMO Quick Tip discussed how to customize the Mac OS firewall in those cases where controlled, authorized external access is required. For example, SFTP or HTTP access from the outside.
However, the firewall only blocks incoming connections. One of the features of the TCP/IP protocol is that outgoing packets from, say, a Web browser, are tagged with both the origin and destination IP addresses. Thatis how the packets of data sent out trigger a response that knows how to come back to your Mac. As a result, a connection to a Website can in principle bring back with it, embedded in the packets, a payload that will naturally bypass the firewall. If that didnit happen, youid never be able to browse with the firewall enabled.
Sometimes, cleverly constructed, malicious code, coming back to a port handled by a specific application, for example QuickTime, can exploit poor code, cause a buffer to overflow, and external code brought in can be caused to execute. Thatis bad news.
In turn, that code could, for example, trigger the transmittal of private data on the hard disk back to the malicious Website, and thatis something thatis not controlled by the firewall. As a result, for complete security, a vigilant Mac OS X user should also monitor outgoing connections.
In turns out that there is an excellent piece of software that can do that: Little Snitch 2. Donit let the fact that the developer is in Austria concern you; theyire the good guys.
Once Little Snitch is installed, it will monitor all outgoing connections. You can set rules for trusted sites and block outgoing connections by application and by port. It sounds technical, but itis really easy. In the example below, the Address Book is not allowed to connect to homepage.mac.com. Mail is not allowed to connect on port 80 -- as some graphics attachments in spam try to do. However, outgoing connections with iChat are allowed.
 Sample Little Snitch Configuration |
|---|
As you build up confidence in each Mac OS X application and system daemon and what it connects to, and grant your permission, Little Snitch dynamically builds an outbound set of filter rules. If some new and unexpected outbound connection happens, youill be offered the opportunity to block it. You can manually make changes to the rules as well.
Youill spend some early days training Little Snitch, but the payoff in the long run is that no data will leave your computer without your consent. That provides a lot of peace of mind. Little Snitch is modestly priced (US$24.95), well written and stable. The latest version is Leopard compatible.
Recent Headlines - Updated November 10th
- Mon, 7:20 PM
- Rumor - Apple May Update iPod touch in December
- 6:45 PM
- Product News - MacUpdate Desktop Updated to 5.0.1 with New Features, Bug Fixes
- 5:16 PM
- Apple Releases Mac OS X 10.6.2 - Guest Account Bug Fixed, Much More
- 4:12 PM
- Games - New For iPhone: Star Rangers, Air Force Supremacy, Blood Beach, More
- 2:51 PM
- Apple Stock Watch - Radio Shack Jumps 14% on iPhone Deal, Apple Up 3%
- 2:25 PM
- Games - EA Scoops Up Social Games Publisher Playfish
- 1:51 PM
- Deal Brothers - Western Digital 1TB SATA Intellipower Hard Drive: $84.99
- 10:58 AM
- News - StarHub Signs Singapore iPhone Deal
- 10:36 AM
- Hot Forum Topic - Reader Speculation: What’s in Apple’s Tablet?
- 10:08 AM
- News - Apple Kicks Off New Credit Program
- 9:26 AM
- News - Apple Launches Reserve and Pick Up Program
- 8:49 AM
- News - ikee Worm Rickrolls Jailbroken iPhones
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Get the Right Memory for Your Mac Top Quality, Competitive Price, Lifetime Backed Free Expert Support + Installation Videos too! MacBook & mini 8GB, iMac 16GB, Mac Pro up to 32GB. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
J&R ComputerWorld’s Weekend Sale - Sitewide Unbelievable Deals
OWC’s Garage Sale - Lots of New Goodies
Refurbished 13” MacBook Air 1.86GHz Intel Core 2 Duo $1249.00 Delivered
Refurbished iMac 24-inch 3.06GHz Intel Core 2 Duo: $1149.00 Delivered
Apple Refurbished 24” LED Cinema Display: $599.00 Delivered
