Re: Entries in Firewall Log
On Jan 22, 2012, at 6:12 PM, Bruce Johnson wrote: > (something other than 0.n.n.n, 192.168.n.n or 172.16.n.n-172.31.n.n) That would be 10.n.n.n for the first range. -- Bruce Johnson "Wherever you go, there you are" B. Banzai, PhD -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Entries in Firewall Log
On Jan 22, 2012, at 3:19 PM, Edward Treen wrote: > Hi All, > > I'm hoping that there is a lister with good knowledge of the technicalities > of the internet. > > In my logs, there are many entries along the lines of:- > > Jan 22 22:01:16 tedsnewmacpro Firewall[99]: Stealth Mode connection attempt > to TCP 192.168.1.67:56039 from 76.74.254.118:80 > Stealth mode means that the system is not responding to the HTTP connection from that host. possibly because either the connection's been dropped or it's something on the other end trying to poke you. Here's a quick checklist to see if your mac is vulnerable to outside attack: 1) Do you have any sharing services turned on in the sharing panel, or any services installed and available through other means (like bitorrent clients, database servers like mysql and the like)? if No, you're not vulnerable. If yes, continue. 2a) Does your Mac have an externally accessible IP address? (something other than 0.n.n.n, 192.168.n.n or 172.16.n.n-172.31.n.n) If Yes, you're possibly vulnerable for running services. Make sure that you keep OS X up-to-date, and limit the sharing options in the various advanced sections of the shared services (like remote login, etc) If NO see 2b. 2b) Do you have the ports used by these services forwarded by NAT on your router? If Yes, you're possibly vulnerable for running services. Make sure that you keep OS X up-to-date, and limit the sharing options in the various advanced sections of the shared services (like remote login, etc) for the forwarded services. (ie: if you're forwarding port 80, http access, to run a web server, but not port 22 for ssh, remote login will not work at all from outside your router, because it doesn't know where to send packets destined for port 22.) If No, then you're safe. The firewall log lets you know every time a firewall rule denies a connection; you'll see a lot of them (a LOT of them if your IP address is an externally accessible one) None of this will affect connections YOU make outside of your LAN, but if you answered no to all three questions, you're essentially invisible to the outside world. -- Bruce Johnson "Wherever you go, there you are" B. Banzai, PhD -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Entries in Firewall Log
the ip address 76.74.254.118 belongs to wordpress.com, which looks like a blog hosting site. do you have a blog there, or were you reading a blog from there? On Jan 22, 5:19 pm, Edward Treen wrote: > Hi All, > > I'm hoping that there is a lister with good knowledge of the technicalities > of the internet. > > In my logs, there are many entries along the lines of:- > > Jan 22 22:01:16 tedsnewmacpro Firewall[99]: Stealth Mode connection attempt > to TCP 192.168.1.67:56039 from 76.74.254.118:80 > > and > > Jan 22 19:28:49 tedsnewmacpro Firewall[99]: Deny netbiosd data in from > 172.16.162.1:137 to port 137 proto=17 > > The second is, I presume, some internal matter between the Mac system and the > ADSL router, but the first worries me a little. > > I've checked many of the IP addresses on whois.domaintools.com, and > discovered Amazon, eBay & Adobe (amongst others). > > Amazon I know offers server services to other organisations, but why should > ebay, Adobe or in fact anyone try a Stealth Mode connection to my router? > > Do I have cause for concern? > > Thanks > > Ted > (Probably getting paranoid) -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Entries in Firewall Log
Hi All, I'm hoping that there is a lister with good knowledge of the technicalities of the internet. In my logs, there are many entries along the lines of:- Jan 22 22:01:16 tedsnewmacpro Firewall[99]: Stealth Mode connection attempt to TCP 192.168.1.67:56039 from 76.74.254.118:80 and Jan 22 19:28:49 tedsnewmacpro Firewall[99]: Deny netbiosd data in from 172.16.162.1:137 to port 137 proto=17 The second is, I presume, some internal matter between the Mac system and the ADSL router, but the first worries me a little. I've checked many of the IP addresses on whois.domaintools.com, and discovered Amazon, eBay & Adobe (amongst others). Amazon I know offers server services to other organisations, but why should ebay, Adobe or in fact anyone try a Stealth Mode connection to my router? Do I have cause for concern? Thanks Ted (Probably getting paranoid) -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
