Logging telnet connection attempt

Similar Messages

• Log connection attempts and source IP address for connections that fail/timeout on RADIUS

  How can I log the connection attempts and source IP address for connections that fail RADIUS authentication?  I'm using RD Gateway on 2012 R2 in conjunction with Azure Multi-Factor Authentication Server on another 2012 R2 server.  When a user fails
  multifactor authentication or the authentication times out, all I get is Security event 6273 on the RD Gateway that the radius server did not process the request, and only the radius server's IP is logged.  There's nothing logged in TerminalServices-Gateway\Operational
  because the TS Gateway hasn't yet processed the connection attempt (all auditing options for RD Gateway are enabled).  The MFA/Radius Server is only logging the connection from the TSGateway - it doesn't know the original client's IP address.
  I'm looking for the equivalent of an IIS log - somewhere the RD Gateway should log the initial HTTPS connection attempt and the source IP address of the client.  I need to be able to track down potentially fraudulent login attempts. 

  Hi,
  Thank you for your posting in Windows Server Forum.
  This error might be caused by one of the following conditions:
  •  The user does not have valid credentials
  •  The connection method is not allowed by network policy
  •  The network access server is under attack
  •  NPS does not have access to the user account database on the domain controller
  •  NPS log files or the SQL Server database are not available
  To perform these procedures, you must be a member of Domain Admins.
  Please check for more information:
  Event ID 6273 — NPS Authentication Status
  http://technet.microsoft.com/en-us/library/cc735399(v=ws.10).aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Can external connection attempts be logged?

  Once upon a time I had a Linksys BEFSR router. A very nice feature was that each
  connection attempt was logged and the router also broadcast the connection attempt
  info ie the evil IP.
  It was very interesting to see all of the attempts by hackers to get into my network...
  Does the dual band AEBS offer any way ( via SNMP trap?) to capture connection
  attempt information?
  Jerry

  Yes, just make sure SNMP is enabled in the Advanced pane. And use a SNMP client to monitor the > base station. Any SNMP client that knows the Apple base station MIB should do. If not, you can
  download it from here.
  I use a utility called AirportMonitor
  Hi, thanks for the reply...
  I do have SNMP enabled and when I do a walk of the AEBS I don't see any signs of a foreign
  (external) connection attempts.
  I do something like:
  snmpwalk -c public -v 2c router
  I just tried increasing the syslog level, to information but nothing new has appeared.
  I looked the the screens for airport monitor on the app site but did not see connection
  attempts....
  Jerry

• Log ssh and telnet connections

  Hi guys,
  if you want to log all ssh and telnet connections to your system, what entry do you put in /etc/syslog.conf file?
  Thank you

  Google is your friend:
  http://www.unix.com/solaris/128310-logging-incoming-connections-solaris-10-a.html

• Stealth mode connection attempts?  Reason for Open DNS in router settings?

  Console is giving me repeated messages (many times per minute) that read
  "Stealth Mode connection attempt to UDP xxxx  from 208.67.222.222:53"
  That's a little scary to the uninitiated!   I've done some rummaging here and across the net on this.  I understand little of what I found or how to stop this.  I understand that the 208.67.222.222 is Open DNS related.  I was glad to discover that as I originally thought some malicious computer somewhere was trying to gain access to my MacBook Pro.  I thought I'd delete the DNS servers to see if that would help, but they are greyed out in the Preferences--Network--DNS panel and cannot be removed. 
  From what I've investigated, those Open DNS servers are set in the router.  I know how to change or delete those, but maybe I shouldn't.  In fact, maybe someone can remind me why I put them in there in the first place (years ago).  I vaguely recall some advantage to using Open DNS (faster?), although I'll confess that, of late, too often mistyped web addresses go to an Open DNS page, which is a nuisance.
  In any event, I'd like to do something that would stop the stealth mode "attacks".  While I'm sure I could ignore it, maybe it's eating up some browser or network time.  It also seems odd that it would go on and on! 

  Thanks for some info on this.  Should I only see it then, when I'm in a browser?  Or, when wi-fi is on?  I'm assuming that the Mac may be checking what time it is, although it seems a little too frequent for that!  (3 times a minute?  Well, maybe that's about right, but then Apple and Open DNS should coordinate so that this message doesn't show up.)
  I did find this:  http://forums.opendns.com/comments.php?DiscussionID=1785
  Does that make sense?  It's completely benign?  And doesn't waste CPU cycles?
  One problem with all this stealth mode logging is that it fills up the Console message window!  It thus means that there is gobs of stuff I have to wade through to see if there really is something going on from the outside!
  I did find two oddballs in there (I don't think they were open DNS as they weren't 208s), so the firewall is doing something.

• Holding telnet connection id or ref.

  Hi.
  I am using builtin telnet connection from labview. Created 3 .net dll's open, readWrite and close. Using these dll's in teststand.  The problem is , how to pass the telent ref/id from 'open' step to 'readWrite'(next step in teststand). 
  When i use VI's directly the telnet Ref/id is just an Number(datatype) . I can store and pass it to next step by using a (number type) variable.
  But when i create .net dll it is a container. I have created a custom data type and using variable of this custom data type. The readWrite step throws an error not valid Ref/id.
  The id seems to be a pointer. I think it is invalid after the 'open' step  is executed.
  Please let me know how to handle?
  Thanks in advance.
  Test engineer

  Hi,
  Every time I have the same error. I looking for the /log, and all i OK, and /tmp the last file is one day before the Telnet fails.
    I see the logs and anywhere i can't see some error.
  If you want to see any log, I can can put it hear.
  Thanks a lot
  Xavier

• Ipfw: Stealth Mode connection attempt to UDP...

  Hi all,
  I recently encountered internet slow down at home. I connect to internet using a wireless router, which has been used for almost a year without any problem. The router has WEP setup and MAC address filter enabled.
  When I open the firewall log, I found that my router is keep using different ports (from 6355 down to 2063), trying to connect the port 137 of my Mac Mini. I have checked that port 137 is related to NetBIOS. The following is extracted from the firewall log (with my host name masked).
  May 18 00:46:54 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2058
  May 18 00:47:03 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2059
  May 18 00:47:06 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2059
  May 18 00:47:18 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2059
  May 18 00:47:28 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2060
  May 18 00:47:30 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2060
  May 18 00:47:42 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2060
  The IP address of my router is 192.168.2.1 and my Mac Mini is 192.168.2.2. I have checked from the router administrative page and can't find any other machine in my wireless network. I have no idea what's wrong with my router. Any idea please? Thanks for any advice in advance.
  Best regards,
  TC
  Mac Mini 1.4G (PowerPC) | iPod Shuffle (2nd Gen)   Mac OS X (10.4.9)   1GB

  Hi Rick,
  Thanks also for your response.
  Do you have a network printer? (make, model, please)
  Any other network devices on this LAN (Xbox, printer,
  PC :o
  I don't have a network printer. The little network only consists of the router and the Mac for the time being.
  Do you have uPNP enabled on your router?
  What make/model of router? (there may be something
  common to this mfr)
  No, the uPNP is never enabled. My router is Belkin Wireless G Router (F5D7230-4), which is supposed quite Mac-friendly in the market...
  You say you still get the logging, even when the DSL
  modem is disconnected. Weird.
  Yes, it is weird.
  StealthMode has been known to cause more paranoia in
  some users. This 137 port scanning might be coming
  from a printer or other network device on the inside
  of your little network...with stealth disabled,
  things would just work the way they're supposed to --
  quietly. Your mac is probably secure. Your router is
  probably secure (especially if you changed the admin
  password when you set it up. If you've been using the
  default admin password, then shame on you <wink>
  I have enabled Stealth mode in my Mac. Sorry to let you down (^^V) that I am not using the default password before the discovery of the port probing mentioned and have changed to another one after reset and firmware upgrade as advised by the other poster.
  Am I off-base here, fellows?
  Nope, you're appreciated for any idea trying to help.
  TC
  (P.S. I found that the "Helpful" is used up. Sorry that I can't give you one...)

• Have I been hacked??? "Stealth Mode connection attempt to UDP"

  My Mac Mini has been running very slowly lately. Sometimes it takes half a minute to switch between apps, and I mean simple apps like Mail and Safari and Appleworks, not Photoshop. Photoshop is a joke it runs so slow. So I've run Onyx SEVERAL times, restarted and cleared my PRam, and nothing is helping. I also noticed it seemed like my Mini was "running" a lot (the hard drive making a noise like it was up to something when I'm not doing anything). So I looked at the cable box and the Ethernet light was flashing softly, going along with the hard drive noise. Then I downloaded something called MenuMeters and it is showing that I'm receiving data constantly - it goes between about 300B/s to 1500B/s, and sometimes it shows I'm sending too. So I opened up the System Preferences and found out that "Network Time" was enabled in the Firewall preference pane. I unchecked that but my Mini is still receiving. (I'm not on any Ethernet network or anything either.) So I opened Advanced and found that the "Block UDP Traffic" box is not checked, though the other two "Enable Firewall Logging" and "Enable Stealth Mode" are checked. THEN I opened the log file and was shocked to see 1048 lines, mostly reading ""Stealth Mode connection attempt to UDP," although once in a while I saw a few that said "12190 Deny TCP." And that 1048 is just for yesterday and today. Is that normal??? Sometimes the "Stealth Mode connection" lines are single (I mean, not to a repeating number), but sometimes they repeat two, three, even five times to the same number.
  Have I been hacked? Is someone stealing our small business data? Sounds kind of ridiculous, but can't help and worry some. Or do I have a virus? I tried to google whether or not there are any Mac viruses out there, that might pertain to this, but couldn't figure out anything. What do I do? I'm not very computer savvy, other than running my apps, and don't anything about Terminal or things like that. Even as I type this MenuMeters is showing me I'm receiving SOMETHING. Yikes!
  Mini   Mac OS X (10.4.8)  

  You mention one of the applications you have been using is Appleworks - which is not supplied with Intel systems, only PPC Macs. This would tend to suggest that your mini is a G4 model. It would be helpful to know which model the system is, what software you have on it, how much free space you have on your hard drive, and what you typically use the system for.
  It's interesting that you note the system seems generally busy, which would go some way to explain why it may also seem rather slow, but you haven't mentioned whether you've run Activity Monitor to see what processes are active when the system seems to be active with some task that is not of your doing. If you haven't tried this yet, do so now - and let us know what processes the system shows as active when otherwise the system ought to be idle.
  To answer a few of your broad questions: When the system is connected to the internet, it's not unusual to see a certain amount of data through-putting the network connection, but in most instances this would be in the region of 100-200B/s, with occasional, brief, spikes upwards of that. In the absence of a local router that level of data is likely to be higher, since basically your Mac is managing your internet connection and maintaining a public IP address assigned by your service provider. In a system with a router, the router handles this traffic so the resultant volume of data the Mac sees would be less.
  The fact you see entries in the log of the sort you describe is not necessarily an indicator of a problem. It may suggest that the system is being probed, which as Boece has said is not at all uncommon for a system with a public IP number - and is indeed why it's most common to find systems being used 'behind' a router. The router takes the public IP number, and so systems behind it are given internal addresses by the router which are not visible to the outside world. The Router then performs something called Network Address Translation (NAT) which converts internal and public addresses as needed to ensure the computer can communicate with the internet while still staying 'invisible'.
  In your position, I would look to add a basic router between your Mac and your cable/DSL modem because a hardware firewall is generally more effective than a software firewall, and NAT will keep your system clear of most potential hacking risks.
  As for the potential for a virus - this is a bit of a thorny subject because most will (rightly) say that MacOS is not the target of any known virus that exists in the wild. Unfortunately, that doesn't mean that it will remain that way, or that it's impossible to create malware that can infect or impact Mac systems. A good line of defense can be obtained by downloading and installing ClamXav (http://www.clamxav.com/) and setting it to examine vulnerable spots such as the desktop where files are typically downloaded or your mail folders, and using it to scan the system. Generally speaking, unlike antivirus products for Windows, this software does not consume copious amounts of CPU time (it grabs between 1 and 5% on my 1.25 G4 mini while in the background) so it's worth having around.
  You also mention running OnyX several times - this is not a good thing. OnyX, like the other utilities of this type, is a useful tool in resolving performance issues, but if you find that it doesn't work when you use it once, it indicates the problem is not something that OnyX can resolve. Running it multiple times doesn't necessarily do any harm, but it does mean that macOS is continually having to build new cache files etc, which makes the system run very badly!
  So....
  (1) tell us about your system, the software on it and what you use it for.
  (2) how much free space is on your hard drive.
  (3) run Activity Monitor and tell us what it shows when the system seems to be busy doing it's own thing.
  (4) download ClamXav and run it as described.
  (5) get an inexpensive router and insert that into your system as described (we can help explain how to set everything up once you've got it if you need assistance).

• Error: DeviceTransientConnection - Transient connection attempt

  Hello experts,
  I have recently inherited a small CCM system (a publisher, no subscribers, one mgcp gateway)
  For the most part everything seems to works ok, however, every couple of weeks we cannot place external calls (reorder tone), although we can receive incoming pstn calls. Internal calls work fine. I temporarily fix this problem by resetting the gateway. I have found nothing in the gateway logs or debug sessions that indicate a problem.
  However, every forty seconds exactly, for weeks on end, and across reboots, I get the following event message:
  Event Type: Error
  Event Source: Cisco CallManager
  Event Category: None
  Event ID: 3
  Date: 10/9/2006
  Time: 4:56:23 PM
  User: N/A
  Computer: HQCCM1
  Description:
  Error: DeviceTransientConnection - Transient connection attempt.
  Connecting Port: 0
  Device name [Optional].:
  Device IP address.: 192.168.253.1
  Device type. [Optional]: 255
  Reason Code [Optional].: 6
  App ID: Cisco CallManager
  Cluster ID: StandAloneCluster
  Node ID: 192.168.1.6
  Explanation: A connection was established and immediately dropped before completing registration. Incomplete registration may indicate a device is rehoming in the middle of registration. The alarm could also indicate a device misconfiguration, database error, or an illegal/unknown device trying to attempt a connection.
  Recommended Action: No action is required if this event was issued as a result of a normal device rehome..
  What device is causing this? As a troubleshooting I went and eliminated every mtp, transcoder, and conference service we had and the error message continued. I only have one pri on the gateway.
  Any ideas?

  As indicated by the following link, the device type is "MODEL_UNKNOW" and the reason code indicates a connectivity error.
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_error_message09186a0080208afa.html
  Do you know what device has IP address 192.168.253.1?
  What type of gateway and what IOS version are you using? There have been some DSP problems with certain versions of IOS that could cause the problem you are having. The link below references one such problem.
  http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdu53333
  Hope this helps. If so, please rate the post.
  Brandon

• Perl and telnet connection

  Hi,
  Sorry, I dont speak english very well. I want to create some program to check telnet connection. I base on old perl scripts "Telnet_Crack":
  # CONNECTION.
  sub connect {
  print "\n\nATTEMPTING CONNECTION TO $HOST.";
  $telnet = new Net::Telnet (Timeout => 5, Errmode => "return");
  $telnet-> open("$HOST");
  print "\n\nOK ... CONNECTED!!!\n\n";
  # DO_IT.
  sub do_it{
  print "\nTRYING : USERNAME = $USER PASSWORD = $PASS";
  &success if $telnet -> login($USER,$PASS);
  $telnet -> close;
  # SUCCESS.
  sub success {
  open (LOGFILE, ">>TELNET_CRACK") or die "\a\nERROR UNABLE TO OPEN TELNET_CRACK.\n $!";
  print "\a\a\a";
  print "\nUSERNAME: $USER has PASSWORD: $PASS on $HOST.\n\n\n\n\n";
  print LOGFILE "\nUSERNAME: $USER has PASSWORD: $PASS on $HOST.\n\n";
  close LOGFILE;
  &quit;
  But Telnet_Crack not working. Everything is ok in log:
  Nov 9 14:07:07 jlug login[9086]: pam_unix(login:session): session opened for user us3r by (uid=0)
  Nov 9 14:07:12 jlug xinetd[9004]: EXIT: telnet pid=9085 duration=6(sec)
  Nov 9 14:07:12 jlug login[9086]: pam_unix(login:session): session closed for user us3r
  But telnet_crack not execute success function. Maybe something is wrong with PAM? In gentoo Telnet_Crack work fine.. Of course, it's pretty good for users (dictionary attack doesnt work).
  Maybe smb known, how i can check result from telnet login?

  use Net::Telnet;
  $telnet = new Net::Telnet ( Timeout=>10);
  $telnet->open('10.2.60.156');
  $telnet->login('user', 'pass') and &ok;
  $telnet->close;
  sub ok {
  print "Success\n";
  return 0;
  I get timed-out waiting for password prompt at test3.pl line 5. Anybody known what  I must do?

• [SOLVED]PGL reporting persistent bogon connection attempts

  I noticed a series of connection attempts while reviweing pgld.log starting when I installed my system/acquired ADSL (occured at the same time). The log reads the following every 11-12 minutes:
  Feb 21 18:53:55 IN 192.168.1.1:138 192.168.1.255:138 UDP || Consiglio Nazionale delle Ricerche | Dabber.BBT | Bogon
  I added rules for tcp and udp to drop requests on ports 137-139,445,67,68 and the log readouts in pgld.log did not change. I also crosschecked the pgld.log on a seperate machine running Arch Bang on the same network and there were 0 hits over the course of hours. To check for intrusions I ran rkhunter and chkrootkit from a RO usb and ran snort for a couple of hours but found nothing.
  The main concern is that according to a pgl blocklist IPs eminating from "Consiglio Nazionale delle Ricerche", or "National Research Council", are persistently attempting to connect to my system. This Italian public organization is set up to conduct a variety of tech and science researches. I neither live in Italy nor have an ISP affiliated with Italy. However, the blocklist classifies it as a bogon, which undermines the possibility of the organization being positively identified.
  How do I proceed in order to understand the source of the problem and begin to stop the persistent connection attempts?
  The problem was also reported here on the forums but the ports are different. For me its reporting on a port associated with netbios, a legacy protocol used most often with Windows. The config in /etc/cups/client.conf yields nothing valuable and I would like to get rid of CUPS but # pacman -Rs cups shows that no such package exists.
  More information from wikipedia relating to the port in question:
  Datagram distribution service
  Datagram mode is connectionless; the application is responsible for error detection and recovery.
  In NBT, the datagram service runs on UDP port 138.
  The datagram service primitives offered by NetBIOS are:
  Send Datagram – send a datagram to a remote NetBIOS name.
  Send Broadcast Datagram – send a datagram to all NetBIOS names on the network.
  Receive Datagram – wait for a packet to arrive from a Send Datagram operation.
  Receive Broadcast Datagram – wait for a packet to arrive from a Send Broadcast Datagram operation.
  Last edited by Divinorum (2013-02-22 19:40:16)

  The Internet is the definition of an Unsecured network. The only way to prevent connection attempts is to unplug your computer from the Internet. It is exactly like trying to stop someone from talking to you.... You can kill the person, walk away, or where headphones so you don't hear them. At the end of the day you can not control what someone ells dose.
  If you are dropping the packets then you have nothing to worry about. Those connection attempts are just infected Widows computers trying to infect other Windows computers.
  Last edited by hunterthomson (2013-02-22 07:37:42)

• Connection attempt to at least one service in a pool failed (Event ID 14584)

  I see a number of these errors on my Lync 2010 Server. I don't have federations or any other connections to these domains listed in the details (see bolded text). Why is my server attempting to contact them?
  Log Name:      Lync Server
  Source:        LS Protocol Stack
  Date:          3/16/2014 2:27:12 AM
  Event ID:      14584
  Task Category: (1001)
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      EdgeServer.mydomain.com
  Description:
  Connection attempt to at least one service in a pool failed.
  Connection attempts to the following services have failed. Another attempt will be made for each service every 10 minutes.
  Service Address: 128.229.5.30:5061; Pool FQDN: lcs.bah.com; Down Time: 65:25
  Service Address: 128.229.5.39:5061; Pool FQDN: lcs.bah.com; Down Time: 65:55
  Service Address: 151.151.42.145:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 66:14
  Service Address: 151.151.42.148:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
  Service Address: 151.151.42.151:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
  Service Address: 151.151.42.154:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
  Service Address: 170.12.17.4:5061; Pool FQDN: lync-edge.raymondjames.com; Down Time: 0:36
  Cause: The specified service(s) are unavailable.
  Resolution:
  Check the servers in the pool(s) on which the service(s) are installed.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="LS Protocol Stack" />
      <EventID Qualifiers="50153">14584</EventID>
      <Level>3</Level>
      <Task>1001</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-16T07:27:12.000000000Z" />
      <EventRecordID>32162</EventRecordID>
      <Channel>Lync Server</Channel>
      <Computer>EdgeServer.mydomain.com</Computer>
      <Security />
    </System>
    <EventData>
      <Data>10</Data>
      <Data>Service Address: 128.229.5.30:5061; Pool FQDN: lcs.bah.com; Down Time: 65:25
  Service Address: 128.229.5.39:5061; Pool FQDN: lcs.bah.com; Down Time: 65:55
  Service Address: 151.151.42.145:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 66:14
  Service Address: 151.151.42.148:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
  Service Address: 151.151.42.151:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
  Service Address: 151.151.42.154:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
  Service Address: 170.12.17.4:5061; Pool FQDN: lync-edge.raymondjames.com; Down Time: 0:36
  </Data>
    </EventData>
  </Event>
  Blog /
  Facebook / Twitter

  To remove federation, verify from Topology builder that you disable lync federation.
  To get round above issue. On the Edge open a remote certificate snap-in on a 2008 machine. Open another certificate snap-in of the local Edge. Copy the missing Trusted Root Certificate Authorities from the remote
  machine to the Edge. This will hopefully include all the certificates relevant to your federated organizations, if not you'll need to acquire the root cert direct from the vendor.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Firewall - stealth mode connection attempts from AEBS to computer

  Console log is packed with Info messages realted to connection attempts from AEBS router. Is that normal?
  also, system profiler states:  Firewall Logging:          No /  Stealth Mode:          No. Why the discrepancy?

  R C-R wrote:
  I suggest not taking Mr. Lambert's "bad design" commnets too seriously.
  AFAICT, the string "bad design" does not appear in the post I referred to. Please do not chastise Terry Lambert (whoever he or she may be) for someone else's sins. If anyone said 'bad design', it was I.
  he seems to have confused the IP addresses of two different network devices (his Mac & his Airport router) & suggested loopback
  No, he didn't; you misunderstood. What he is saying is that his network device (Airport, or, en1) is talking to itself through the router instead of through loopback.
  He also seems to have concluded that UDP's lack of a handshake protocol makes it a "connectionless" protocol, which makes no sense
  Terry Lambert was correct; you may have misunderstood the technical term in question. For instance, a quick look in Wikipedia reveals that,
  "In telecommunications, connectionless describes communication between two network end points in which a message can be sent from one end point to another without prior arrangement. […] Internet Protocol (IP) and User Datagram Protocol (UDP) are connectionless protocols." (The stress is mine.)
  But Wikipedia is not always to be trusted. We are not a bunch of techies here, so I'll turn to an easy, plain-language reference:
  "A connectionless protocol doesn’t go to the trouble of establishing a connection before sending a packet. Instead, it simply sends the packet. TCP is a connection-oriented Transport layer protocol. The connectionless protocol that works alongside TCP is called UDP." (The stress is mine.)
  Lowe, D. (2008). Networking all-in-one desk reference for dummies, 3rd edition. Indianapolis, IN: Wiley Publishing, Inc. ISBN 0470179155, p. 31.

• Odd stealth connection attempts

  Dear community,
  Looking for advice on security.
  I'm looking at my Console's appfirewall.log, and I'm getting relentless connection attempts like these on my laptop:
  Dec 29 20:31:43 *********MacBook-Pro Firewall[85]: Stealth Mode connection attempt to UDP 10.200.1.89:51413 from 186.105.225.249:41018
  Dec 29 20:31:45 *********MacBook-Pro Firewall[85]: Stealth Mode connection attempt to TCP 10.200.1.89:51413 from 24.93.125.238:60554
  Dec 29 20:31:46 *********MacBook-Pro Firewall[85]: Stealth Mode connection attempt to TCP 10.200.1.89:51413 from 186.105.225.249:48229
  Dec 29 20:31:48 *********MacBook-Pro Firewall[85]: Stealth Mode connection attempt to TCP 10.200.1.89:51413 from 24.93.125.238:60554
  Dec 29 20:31:52 *********MacBook-Pro Firewall[85]: Stealth Mode connection attempt to UDP 10.200.1.89:51413 from 66.41.205.203:52839
  Dec 29 20:31:54 *********MacBook-Pro Firewall[85]: Stealth Mode connection attempt to TCP 10.200.1.89:51413 from 24.93.125.238:60554
  Dec 29 20:31:59 *********MacBook-Pro Firewall[85]: Stealth Mode connection attempt to TCP 10.200.1.89:51413 from 117.254.218.104:65083
  ...on and on for hours at a time.
  What is going on here?
  Thank you!

  Hi,
  I looked up the 24.93.125.238 number and this belongs to Road Runner who are an ISP.
  The other numbers that start 24.xxx... also look like they are in the range owned by Road Runner.
  66.41.205.203 is Comcast (another ISP)
  186.105.225.249 covers an area for Latin America and  Caribbean.
  I have not checked the others.
  Note.
  The iChat and Messages app sends Pings when trying to connect in Video or Audio Only or Screen Sharing
  If the Stealth option in the Mac Firewall is On it blocks these and you cannot connect these types of chats.
  This may give you some clues as to why you are getting these attempts.
  9:15 pm      Sunday; December 29, 2013
    iMac 2.5Ghz 5i 2011 (Mavericks 10.9)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
   Couple of iPhones and an iPad

• Slowness in the connection attempt

  Hello all!
  I have Cisco AP 1200 Series configured with 802.1x with Cisco ACS working integrated with MS Active Directory. Always that I lose connection the Win XP get slowness in the connection attempt. Have somebody here that has adjusted this type of problem?
  Thanks.

  So when you loose your connection, however that may be... And then your laptop attempts to associate, it take an abnormal amount of time only on XP and not say on windows2000?
  Have you reviewd your ACS Failed attempt logs? Do you possibly have more than one ACS server configured on the AP?