Firewall Connection

Sat May 9 08:20:26 EDT 2020

Thanks for the response everyone!

So, Normally I would not use Screen Sharing, except for while I’m home.  Apple’s "Screen Sharing” application uses ports (5900) and (88) combined.  Port 5900 is the one that gets “hammered” and slows the machine down while it’s open and it what VNC uses.  I was able to reroute port (5900) to another, while keeping 88 in place.  Just moving the target port stopped many of the bots from trying to break in constantly.  I get one request a night currently, when I allow “Screen Sharing” from the outside.  I’ve been testing that for about a week now.  

The application “Little Snitch” has three modes.  I’m using an “Alert Mode” where the app will requisition access to a port from the outside and simply blocks the port until I click “Allow.”  “Little Snitch” also shows a map of where the request for access originated.  Because of the frequency that attacks come from Europe and Asia, I’ve entered a table of those countries that seem to be the worst offenders and told “Little Snitch” to just block them.

It’s not that often that I need access to control the screen of the XTension Mac.  That always happens at home because there is not keyboard and mouse on the main machine.  I typically leave “Screen Sharing” checked because I use it frequently.  It’s the only sharing that I allow access to, from the outside.  But I WOULD like to turn the service on when I’m at a remote location and just need access for a small amount of time.  Like, at a restaurant for lunch or on vacation in another town or country.  I ping my phone now, to see if I’m home so the house behaves differently than when I’m absent.  I’d like to just turn on/off “Screen Sharing” via AppleScript “do shell script” if possible.  My concern is, adding my Admin Password in the script… Which I don’t want to do.

Jp

> On May 8, 2020, at 4:42 PM, Mike Andrews <mikea0 at gmail.com> wrote:
> 
> ???? Are you accessing the Screen from outside of home...where you had to open up ports on your router for the service?
> Otherwise your Internet router would have locked down all unnecessary inbound ports by default.
> 
> --Mike
> 
> 
> 
> On Thu, May 7, 2020 at 8:26 AM Jerry — MacSolutions <jerry at stlmacguy.com <mailto:jerry at stlmacguy.com>> wrote:
> Greetings Earthlings!
> 
> I have a different kind of question for you.  Since I’m working from home, I’ve had more time to futz with things that I normally wouldn’t and I’m hoping not to get myself in trouble.  I’m have two things that I’d like to tackle.
> 
> I’m using "Little Snitch” for my firewall and watching all of the incoming attacks.  For sure, it’s an "eye opener” to all the inbound traffic, trying to break in.  
> 
> I use “Screen Sharing” quite often as my XTension machine is kind of headless.  The machine is mounted in a wall, behind a touchscreen and I have no keyboard or mouse attached.   So editing/adding scripts is done from my laptop.
> 
> “WebRemote" is also active and I have a small phone sized, menu of items that we can change remotely.
> 
> My first question to all of you…. Will blocking the IP addresses of several Nations, cause an overload on the firewall?  I think that I currently have 1.4 billion addresses blocked.  Russia and China and most of the European Union are all blocked.  I know mostly nothing about Firewalls and how they actually work.  But I read a snippet about "blocking too many addresses might overload the Firewall"?
> 
> Secondly,  Is there a solution to turn on/off Screen Sharing without including the admin password in my script?  I know that I can a “do shell script” feature to do this but, I would have to include the admin password to my knowledge.
> 
> The reason that I ask this is that in September, we have a trip planned and will be going to an island in the Caribbean for our twentieth anniversary.  We’ll have a “House Sitter” for an entire week and while I have all external addresses currently blocked,  I would love to be able to activate “Screen Sharing" when needed but not, leave it on constantly.  By blocking a lot of countries who are known for this kind of activity, I’m hoping to minimize the threat.  If I could use “WebRemote” to initiate “Screen Sharing”, this would be optimal.
> 
> I know some of you are in security so I’m hoping to get a solution, even if it’s not what I’m currently working on.  :)
> 
> How do YOU accomplish this on your own network?
> 
> Thank You in advance!
> 
> Jp
> _______________________________________________
> XTensionList mailing list
> XTensionList at machomeautomation.com <mailto:XTensionList at machomeautomation.com>
> http://mail.machomeautomation.com/mailman/listinfo/xtensionlist <http://mail.machomeautomation.com/mailman/listinfo/xtensionlist>
> _______________________________________________
> XTensionList mailing list
> XTensionList at machomeautomation.com
> http://mail.machomeautomation.com/mailman/listinfo/xtensionlist

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.machomeautomation.com/pipermail/xtensionlist/attachments/20200509/cd018f28/attachment.html>