On Friday, July 09, 2004, at 12:39PM, Tim Collier <[EMAIL PROTECTED]> wrote:
>Well, this is a dual 1 gig G4 running 10.3.4. Since I started using >Macs back in 2001, we've never had a virus or worm or phage or >eosinophil. And your unlikely to as they are all Windows viruses (currently). That is not what you have to worry about. it's people sitting on the other side of the world throwing stuff at your Mac until they find a way in. Admittedly it's hard as OS X is UNIX based and thus hard to hack, buit it is still possible and if they 'root' you they can cause havoc, I've seen it happen on Linux boxen before now and it's a re-install job at the very least most of the time, and can also expose your personal data oir destroy your drives. Statistically it's unlikely but in reality I'd rather not be the '1' in the '1-in-however-many' statistic... To be perfectly honest, I've never worried about that sort >of thing since switching. AND, we do have the OS X firewalls running >on our Macs, except on hers, I had to open ports 7648-7652 and 24032 (I >did fail to mention that in my previous post). You should be able to do this on your router, rather than running DMZ'd, though you will have to establish if these are TCP or UDP ports. You may also have to forward those ports to the machine in question's IP address, tho this is not always necessary for chat protocols. >But even still, I refuse to adopt the PC-users paranoia regarding internet attacks. It's not paranoia. There is a genuine threat. The fact you are using OS X's firewall means you are pretty much safe. However having the firewall on the machine that is 'vulnerable' increases the risk slightly. >And, since you seem to have a bit more knowledge on the subject, can >you offer a better solution? My advice in this situation for anyone is errect the firewall as far away from your 'vulnerable' computer(s) as possible. If you can keep it working on your router then do so (there should be no reason why you can't if it's a decent NAT-based router), otherwise buy an old PowerMac that will run Jaguar and stuff a second NIC in, run software to bridge the gap and firwall there instead (Brickwall is a very good package that uses all OS X's UNIX tools to best effect). I will admit I am used to securing networks so they are safe for Windows machines so I am slightly over-bearing when it comes to bolting stuff down, but better safe than sorry, as they say. My systems has a 9600/G3/300 with OS X 10.3 on it doing the routing job and the router (crappy old PAT-based ISDN Router) points to that as a DMZ. It keeps the nasties off my Windows machine fine and also doubles as a nice place to stuff all my downloaded files and non-misson-critical stuff to keep it out of the way :) -- Mark Benson http://homepage.mac.com/markbenson -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
