Comments (8)
To be fair, pulling the ethernet cable is actually the perfect response to an incoming portscan. There's nothing an attacker can do to get around that haha.
from security-growler.
Or have a script ready that'll force your router to reconnect to the internet, which will give you a new IP address (with dynamic IPv4 only, of course). Doesn't work, though, if you're away from home, unless they have the same router. ;)
from security-growler.
I think the most reasonable response would be to temporarily enable firewall stealth-mode on OS X, which will drop all packets that aren't in an app whitelist.
I don't really want Security Growler to be a full-fledged IDS though, I'd rather limit it to simply providing alerts and letting the user take actions if needed. If the user doesn't know how to respond to being portscanned, they aren't really the target audience for this app anyway. I am happy to provide documentation for suggested responses on the website though, and clicking on an alert can take you to the website with instructions.
from security-growler.
Good idea.
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode <on|off>
from security-growler.
Hahaha you are probably right, disconnect from ethernet would be the better solution indeed xD
I agree with @pirate, a link to the documentation would be nice.
from security-growler.
I can easily add some basic docs and make the log menu items clickable, my target is to get it out with the next v2.3
release.
After that we can think about adding some more complex actions on click. For example, right now clicking on the VNC connection alerts takes you to Sharing prefs in System Preferences so you can disable VNC.
from security-growler.
Stealth on/off as mentioned above doesn't work on my system; only this one does:
sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool <true|false>
from security-growler.
Done, see the new README section How should you respond to alerts?.
from security-growler.
Related Issues (20)
- sed: /Users/ in menu HOT 4
- Detect Network Settings Changes / VPN / DNS HOT 17
- VPN triggers sudo lsof i:21 error HOT 1
- New menu layout? HOT 10
- New App icon HOT 10
- Detect ARP spoofing/poisoning HOT 1
- Ambiguous redirect HOT 4
- [Off-topic] What apps are there in your menu bar? HOT 9
- Can't get past "Starting" HOT 3
- Immediately Stopped Working After Launch HOT 7
- Add email notifications logger using mailuitils
- error: BSM audit: getaddrinfo failed for... HOT 1
- Auto-start on launch HOT 7
- Airport state change HOT 1
- macOS sierra logging system breaks sudo, nmap, and other system.log alerts HOT 6
- Alert on DNS resolver changes
- Alert on new public IP address with GeoIP and latency
- iTunes 3689 HOT 3
- Autostart or Persistence HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-growler.