Giter VIP home page Giter VIP logo

Comments (8)

pirate avatar pirate commented on May 27, 2024

To be fair, pulling the ethernet cable is actually the perfect response to an incoming portscan. There's nothing an attacker can do to get around that haha.

from security-growler.

JayBrown avatar JayBrown commented on May 27, 2024

Or have a script ready that'll force your router to reconnect to the internet, which will give you a new IP address (with dynamic IPv4 only, of course). Doesn't work, though, if you're away from home, unless they have the same router. ;)

from security-growler.

pirate avatar pirate commented on May 27, 2024

I think the most reasonable response would be to temporarily enable firewall stealth-mode on OS X, which will drop all packets that aren't in an app whitelist.

I don't really want Security Growler to be a full-fledged IDS though, I'd rather limit it to simply providing alerts and letting the user take actions if needed. If the user doesn't know how to respond to being portscanned, they aren't really the target audience for this app anyway. I am happy to provide documentation for suggested responses on the website though, and clicking on an alert can take you to the website with instructions.

from security-growler.

JayBrown avatar JayBrown commented on May 27, 2024

Good idea.

/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode <on|off>

from security-growler.

douglasmiranda avatar douglasmiranda commented on May 27, 2024

Hahaha you are probably right, disconnect from ethernet would be the better solution indeed xD

I agree with @pirate, a link to the documentation would be nice.

from security-growler.

pirate avatar pirate commented on May 27, 2024

I can easily add some basic docs and make the log menu items clickable, my target is to get it out with the next v2.3 release.

After that we can think about adding some more complex actions on click. For example, right now clicking on the VNC connection alerts takes you to Sharing prefs in System Preferences so you can disable VNC.

from security-growler.

JayBrown avatar JayBrown commented on May 27, 2024

Stealth on/off as mentioned above doesn't work on my system; only this one does:
sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool <true|false>

from security-growler.

pirate avatar pirate commented on May 27, 2024

Done, see the new README section How should you respond to alerts?.

from security-growler.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.