Sign In
Register
Help
I am thinking of installing Little Snitch on my system. I was wanting to know if I could find out what some of the safe connections are. I know that Little Snitch comes configured with some of the important connections already allowed. But what other commonl connections should be allowed?
Is there some website that I could get more information about safe outgoing connections? Because I know that if I install Little Snitch, I would deny internet access to anything unless it gives me the exact application name that is trying to access the internet.
Rob, I know you use this. Can you throw out any helpful information? Thanks.
I wish Little Snitch was a little more specific about what things might be safe and what might not be, like Zone Alarm. (I wish that was compatible with mac).
Page 1 of 1
Little Snitch questions
MultiQuote
#5
drmbb 
- Veteran
-
- Group: Members
- Posts: 2,353
- Joined: 14-June 01
Posted 14 July 2006 - 06:39 AM
Well, the problem is that there is no such thing as a safe outgoing port when it comes to true spyware, or even general adware. The designers of nefarious products will inevitably write their software to call out on some hijacked port.
There are lots of examples from the windows world - the MyDoom virus family uses open ports registered for legitimate services like squid proxy services and SOCKS client/server connections. The Dumaru family of trojans uses ports legitimately used for things like Lotus Notes services, and several network storage services. Yahoo games often uses port 11999, and I recall there being a trojan at one time that exploited that.
Another example is TCP and UDP port 7 - which doubleclick uses to serve up web ads. You can't block these, since you need their echo services for normal use. You could write your own ipfw firewall rule to block all communication by doubleclick (I suppose, although I haven't actually tried doing that).
The point of something like Little Snitch is to alert you when something tries to call out, and give you as much info as you can to figure out what it is, and whether you want to allow it or not. But there is no such thing as a secure outgoing port, if are worried about nefarious or unauthorized connections. The whole point of writing such code is to be sneaky about it, so hijacking common, legitimately used ports is the norm.
The only truly safe way to stop unauthorized outgoing access is to block all outgoing ports, for all traffic. Otherwise, you run something like little snitch and keep note of what it reports.
Wikipedia's list of TCP and UDP port numbers
Port search tool
--
There are lots of examples from the windows world - the MyDoom virus family uses open ports registered for legitimate services like squid proxy services and SOCKS client/server connections. The Dumaru family of trojans uses ports legitimately used for things like Lotus Notes services, and several network storage services. Yahoo games often uses port 11999, and I recall there being a trojan at one time that exploited that.
Another example is TCP and UDP port 7 - which doubleclick uses to serve up web ads. You can't block these, since you need their echo services for normal use. You could write your own ipfw firewall rule to block all communication by doubleclick (I suppose, although I haven't actually tried doing that).
The point of something like Little Snitch is to alert you when something tries to call out, and give you as much info as you can to figure out what it is, and whether you want to allow it or not. But there is no such thing as a secure outgoing port, if are worried about nefarious or unauthorized connections. The whole point of writing such code is to be sneaky about it, so hijacking common, legitimately used ports is the norm.
The only truly safe way to stop unauthorized outgoing access is to block all outgoing ports, for all traffic. Otherwise, you run something like little snitch and keep note of what it reports.
Wikipedia's list of TCP and UDP port numbers
Port search tool
--
Page 1 of 1
