> > You still haven't backed up your comments by comparing how "loose" > > OS X is compared to other OSes. > > I feel I have.
Since being back at work today, I tried to repeat the result I saw before ... unsuccessfully. I could not verify that any services were listening by default. All my port scans on a large uncontrolled flat network including many random people's macs ... came back negative. This does not necessarily mean there's nothing listening ... it could be UDP, or perhaps my cisco firewall recognized and suppressed the port scan ... I don't know. This defeats (or at least doesn't support) the first half of what I was saying. If there aren't listening ports by default, then things are not as bad as I thought. The second half of what I was saying, however, still stands: I still believe it is bad practice and a bad default setting, to have the system firewall disabled by default out of the box. As an IT professional, I will continue to enable the firewall as standard procedure before giving laptops to users. I also believe it is an unnecessary risk for bonjour to indiscriminately advertise services as broadcast traffic on any network the computer happens to visit. I did not try sniffing the bonjour traffic, or reading up on how bonjour works, or how bonjour data packets are formatted. Perhaps I may have had more success with my portscans, if I were able to actually capture bonjour packets saying "IP address W.X.Y.Z has service _blank_ open on port _blank_" ... but since I had already spent too much time at work investigating other stuff, and since I had nothing to gain except bragging rights here, if I happen to be correct ... Since I've already made up my mind that I will not change my practice of enabling the firewall ... I didn't attempt this test. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
