Stealth mode logs in ipfw.log
Every so often I get logs like this in my /var/log/ipfw.log:
Jan 20 08:41:33 PowerBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.x:53725 from xxx.xxx.xxx.xxx:80
These log entries do not show an ipfw rule number. So how can I tell which rule from ipfw is causing them to be logged? Are they being logged before matching any of the rules you see on the command sudo ipfw show?
Hi Rick,
Thanks also for your response.
Do you have a network printer? (make, model, please)
Any other network devices on this LAN (Xbox, printer,
PC :o
I don't have a network printer. The little network only consists of the router and the Mac for the time being.
Do you have uPNP enabled on your router?
What make/model of router? (there may be something
common to this mfr)
No, the uPNP is never enabled. My router is Belkin Wireless G Router (F5D7230-4), which is supposed quite Mac-friendly in the market...
You say you still get the logging, even when the DSL
modem is disconnected. Weird.
Yes, it is weird.
StealthMode has been known to cause more paranoia in
some users. This 137 port scanning might be coming
from a printer or other network device on the inside
of your little network...with stealth disabled,
things would just work the way they're supposed to --
quietly. Your mac is probably secure. Your router is
probably secure (especially if you changed the admin
password when you set it up. If you've been using the
default admin password, then shame on you <wink>
I have enabled Stealth mode in my Mac. Sorry to let you down (^^V) that I am not using the default password before the discovery of the port probing mentioned and have changed to another one after reset and firmware upgrade as advised by the other poster.
Am I off-base here, fellows?
Nope, you're appreciated for any idea trying to help.
TC
(P.S. I found that the "Helpful" is used up. Sorry that I can't give you one...)
Similar Messages
-
Stealth mode and firewall logging problems to be resolved please.
I am running OS X v10.6.8 and am having difficulty setting stealth mode. System Preferences shows stealth mode to be switched on, but System Profiler shows it to be off, no matter how many times I set it and shut down/restart. System profiler also shows firewall logging to be switched off, but there is no facility within the Security/Firewall section of System Preferences to switch it on.
I think the answer to this is if you have "Block all incoming connections" checked, then "Enable stealth mode" in Sys Prefs is checked but greyed out. Mine is set up that way and I'm seeing, like you, that Stealth Mode is off in System Profiler>Network>Firewall. If you have "Block all incoming" checked, then activating Stealth Mode becomes moot.
I can only get it undimmed if I uncheck Block all incoming. -
I'm seeing this on the ipfw.logs
First, what does ipfw log? What is a stealth mode connection? Is someone trying to break my firewall?
Mar 12 17:48:08 Computer ipfw: Stealth Mode connection attempt to TCP 192.xxx.xx.xxx:49321 from 205.xxx.xxx.xxx:80in system preferences go to firewall and click on advanced. if you have block udp and stealth mode checked you are protected. You can check this by going to Shields Up at grc.com. This is the premier SAFE firewall check.. Click on shields up to enter site go down page click on Shields Up description, click on PROCEED on next page, click on All service ports...wait for test to run...If test map comes up all green you will see explanation that YOPU PASSED and that computer is not seen by others unless YOU allow it.... Apples firewall works...just stay away from JUNK sites and you will not have problems!!
-
Ipfw: Stealth Mode connection attempt to UDP...
Hi all,
I recently encountered internet slow down at home. I connect to internet using a wireless router, which has been used for almost a year without any problem. The router has WEP setup and MAC address filter enabled.
When I open the firewall log, I found that my router is keep using different ports (from 6355 down to 2063), trying to connect the port 137 of my Mac Mini. I have checked that port 137 is related to NetBIOS. The following is extracted from the firewall log (with my host name masked).
May 18 00:46:54 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2058
May 18 00:47:03 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2059
May 18 00:47:06 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2059
May 18 00:47:18 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2059
May 18 00:47:28 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2060
May 18 00:47:30 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2060
May 18 00:47:42 ------- ipfw: Stealth Mode connection attempt to UDP 192.168.2.2:137 from 192.168.2.1:2060
The IP address of my router is 192.168.2.1 and my Mac Mini is 192.168.2.2. I have checked from the router administrative page and can't find any other machine in my wireless network. I have no idea what's wrong with my router. Any idea please? Thanks for any advice in advance.
Best regards,
TC
Mac Mini 1.4G (PowerPC) | iPod Shuffle (2nd Gen) Mac OS X (10.4.9) 1GBHi Rick,
Thanks also for your response.
Do you have a network printer? (make, model, please)
Any other network devices on this LAN (Xbox, printer,
PC :o
I don't have a network printer. The little network only consists of the router and the Mac for the time being.
Do you have uPNP enabled on your router?
What make/model of router? (there may be something
common to this mfr)
No, the uPNP is never enabled. My router is Belkin Wireless G Router (F5D7230-4), which is supposed quite Mac-friendly in the market...
You say you still get the logging, even when the DSL
modem is disconnected. Weird.
Yes, it is weird.
StealthMode has been known to cause more paranoia in
some users. This 137 port scanning might be coming
from a printer or other network device on the inside
of your little network...with stealth disabled,
things would just work the way they're supposed to --
quietly. Your mac is probably secure. Your router is
probably secure (especially if you changed the admin
password when you set it up. If you've been using the
default admin password, then shame on you <wink>
I have enabled Stealth mode in my Mac. Sorry to let you down (^^V) that I am not using the default password before the discovery of the port probing mentioned and have changed to another one after reset and firmware upgrade as advised by the other poster.
Am I off-base here, fellows?
Nope, you're appreciated for any idea trying to help.
TC
(P.S. I found that the "Helpful" is used up. Sorry that I can't give you one...) -
Ipfw Logs and Other Delightful Issues
So. Frustrated. I've tried so many different things that I'm not really even sure where to start. Disclaimer: I might be a bit too cautious when it comes to security, and I have just enough knowledge to make my paranoia go into overdrive. Hopefully there's nothing seriously wrong here.
I'm running 10.4 on a MBP. I have the firewall enabled (Apple's and my router's) with all the services turned off, Stealth Mode enabled, block all UDP traffic, etc. A couple of spam emails bounced back to me that had originated from my account. The headers indicated that it was coming from a 10.103.197.1. I ran a traceroute and came up with nothing. After some Googling, I found out it's a blackhole. I got nervous and checked the ipfw logs and found a lot of connection attempts. Most, of course, are from sites I had visited, but a few IP addresses and ports looked strange. The logs are pretty lengthy, but here's a snippet. Again, I know a little, but I don't know enough to be 100% about what's normal and what isn't. I know a lot of them are safe websites, but I don't understand why they're trying to connect to the specific ports - I couldn't find any info on most of the ports. Bear with me if some of this is obviously benign.
Dec 20 21:11:05 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:05 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:06 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:14:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51373 from 72.32.194.250:80
Dec 20 21:14:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51373 from 72.32.194.250:80
Dec 20 21:14:35 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51373 from 72.32.194.250:80
Dec 20 21:15:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:15:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:15:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:16:01 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:41:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:15 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:33 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:57 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 22:28:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:28:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:28:55 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:29:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:29:31 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:30:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:51:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:51:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:51:36 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:51:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:52:33 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:52:36 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:52:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:52:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:53:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:54:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52579 from 66.114.53.23:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52583 from 66.114.53.28:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52584 from 66.114.53.28:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52604 from 66.114.53.17:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52582 from 66.114.53.28:80
Dec 20 22:54:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52605 from 66.114.53.17:80
Dec 20 22:54:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52607 from 66.114.53.17:80
Dec 20 22:54:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:54:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52579 from 66.114.53.23:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52583 from 66.114.53.28:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52584 from 66.114.53.28:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52604 from 66.114.53.17:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52582 from 66.114.53.28:80
Dec 20 22:54:26 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52605 from 66.114.53.17:80
Dec 20 22:54:26 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52607 from 66.114.53.17:80
Dec 20 22:54:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:54:36 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52579 from 66.114.53.23:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52583 from 66.114.53.28:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52584 from 66.114.53.28:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52604 from 66.114.53.17:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52582 from 66.114.53.28:80
Dec 20 22:54:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52605 from 66.114.53.17:80
Dec 20 22:54:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52607 from 66.114.53.17:80
Dec 20 22:54:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:55:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 23:14:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:53 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:58 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53027 from 66.114.53.48:80
Dec 20 23:16:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52986 from 66.114.53.48:80
Dec 20 23:16:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52989 from 66.114.53.48:80
Dec 20 23:16:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52985 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52996 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52987 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52990 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52988 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52995 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52993 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52994 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53018 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53021 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53020 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53019 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53027 from 66.114.53.48:80
Dec 20 23:16:26 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52986 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52996 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52992 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52987 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52988 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52995 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52993 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52994 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53018 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53021 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53020 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53019 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52989 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52985 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52986 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52996 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52987 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52992 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52988 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52995 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52993 from 66.114.53.48:80
Dec 20 23:16:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52994 from 66.114.53.48:80
Dec 20 23:16:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53020 from 66.114.53.48:80
Dec 20 23:16:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53021 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53019 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53027 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:16:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53077 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:16:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53077 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:17:02 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53077 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:37:58 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:02 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:11 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:13 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:13 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:16 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:31 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:31 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:39:53 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:55 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:55 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:56 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:56 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:40:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:40:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:40:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:40:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:40:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 21 00:01:11 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:01:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:01:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:01:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:11:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:11:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:11:57 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:12:09 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:25:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:15 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:15 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:24 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:26:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54106 from 216.119.110.211:80
Dec 21 00:26:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54106 from 216.119.110.211:80
Dec 21 00:26:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54106 from 216.119.110.211:80
Dec 21 00:29:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 00:29:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 00:29:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 00:30:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 23:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:56927 from 168.143.171.84:80
In an attempt to keep this as short as I can, I'm just going to list the repeat hits.
209.85.225.100 (Go Daddy - no reason for this to be on here, is there?) attempting to connect to 54458, 54459, 55509, etc. There are quite a few of these.
Dec 22 05:26:48 abcd ipfw: 12190 Deny TCP 85.17.154.200:63777 192.168.1.xxx:22 in via en1 This one particularly disturbed me. Does it mean my computer was trying to connect to 85.17.154 from PORT 22?! That's not good, is it? What's more, I have Little Snitch, so I'm not really sure how this didn't pop up.
Dec 22 21:43:41 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:52910 in via en1
Dec 22 21:43:41 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:52910 in via en1
Dec 22 21:47:18 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:61905 from 192.168.1.xxx:53
Dec 22 21:47:23 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:49775 from 208.67.222.222:53
Dec 22 21:55:47 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:64315 from 192.168.1.xxx:53
Dec 22 21:55:49 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:62435 from 208.67.222.222:53
Dec 22 22:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:59:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:58538 in via en1
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.220:53 192.168.1.xxx:51316 in via en1
Dec 22 21:47:18 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:61905 from 192.168.1.xxx:53
Dec 22 21:47:23 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:49775 from 208.67.222.222:53
Dec 22 21:55:47 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:64315 from 192.168.1.xxx:53
Dec 22 21:55:49 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:62435 from 208.67.222.222:53
Dec 22 22:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:59:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:58538 in via en1
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.220:53 192.168.1.xxx:51316 in via en1
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60980 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60981 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60982 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60983 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60983 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60982 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60981 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60980 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60983 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60982 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60981 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60980 from 140.239.191.10:80
Dec 23 21:28:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80 (Lots more of these)
Dec 23 21:32:37 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:51887 from 192.168.1.xxx:53
Dec 23 23:26:13 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:62632 from 192.168.1.xxx:53
Dec 24 00:00:29 abcd ipfw: 10100 Deny TCP 212.18.195.102:16955 192.168.1.xxx:22 in via en1
Dec 24 03:37:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49322 from 208.69.36.231:80
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:53 in via en1
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:443 in via en1
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:25 in via en1
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:22 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:443 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:53 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:22 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:25 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:143 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:143 in via en1
Dec 24 03:53:51 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:54229
Dec 24 03:53:52 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:54230
Dec 24 03:57:16 abcd ipfw: 12190 Deny TCP 66.230.207.58:44027 192.168.1.xxx:53 in via en1
Dec 24 03:57:16 abcd ipfw: 12190 Deny TCP 66.230.207.58:44028 192.168.1.xxx:53 in via en1
Dec 24 03:57:16 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:44027
Dec 24 03:57:17 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:44028
Dec 24 04:03:06 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:16 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:03:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:03:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:03:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:03:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:03:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:04:00 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:00 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:04:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:04:06 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:04:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:16 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:04:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:04:33 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49414 from 87.230.55.47:80
It keeps going on and on. Here's a Netstat:
NETSTAT:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.1.xxx.54159 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54158 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54157 209.85.225.100.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54156 209.85.225.100.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54155 209.85.225.100.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54154 209.85.225.100.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54153 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54152 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54151 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54150 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54149 208.69.36.230.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54140 209.85.225.113.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54099 63.84.95.75.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54098 63.84.95.75.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54038 63.84.95.75.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54034 63.84.59.50.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54033 63.84.59.50.80 ESTABLISHED
tcp4 0 0 127.0.0.1.1033 127.0.0.1.920 ESTABLISHED
tcp4 0 0 127.0.0.1.920 127.0.0.1.1033 ESTABLISHED
tcp4 0 0 . . CLOSED
tcp4 0 0 127.0.0.1.631 . LISTEN
tcp4 0 0 . . CLOSED
tcp4 0 0 127.0.0.1.1033 127.0.0.1.1021 ESTABLISHED
tcp4 0 0 127.0.0.1.1021 127.0.0.1.1033 ESTABLISHED
tcp4 0 0 127.0.0.1.1033 . LISTEN
udp4 0 0 *.5353 .
udp4 0 0 . .
udp4 0 0 . .
udp4 0 0 *.631 .
udp4 0 0 . .
udp4 0 0 127.0.0.1.49164 127.0.0.1.1022
udp4 0 0 127.0.0.1.49163 127.0.0.1.1022
udp4 0 0 127.0.0.1.1022 .
udp4 0 0 127.0.0.1.49162 127.0.0.1.1023
udp4 0 0 127.0.0.1.1023 .
udp4 0 0 192.168.1.85.123 .
udp6 0 0 fe80:5::214:51ff.123 .
udp4 0 0 127.0.0.1.123 .
udp6 0 0 fe80:1::1.123 .
udp6 0 0 ::1.123 .
udp6 0 0 *.123 .
udp4 0 0 *.123 .
udp6 0 0 *.5353 .
udp4 0 0 *.5353 .
udp4 0 0 127.0.0.1.1033 .
icm6 0 0 . .
63.84.59.50 is blacklisted as are some others - can't remember exactly what they are. I got a little discouraged and stopped checking all the IPs. Okay, so here's what I've done: Ran Clam (clean results), ran MacScan and found 1 tracking cookie that I removed, reconfigured Little Snitch and blocked the majority of the IPs. Oh - how do you manually block an IP range from the firewall? I can't figure that out.
OH - one more thing that I thought was really strange: I was poking around in Terminal and ran the who command just out of curiosity.
17:49 up 13:20, 3 users, load averages: 0.18 0.24 0.29
USER TTY FROM LOGIN@ IDLE WHAT
janed console - 13:35 4:13 -
janed p1 - 17:49 - w
janed p2 - 13:51 3:56 -
Let's pretend my user name name is janedoe. Why would it only show janed? There IS no user named janed. So I tried to investigate more:
abcd:~ abcd$ whoami
abcd
abcd:~ janedoe$ who
janed console Dec 24 13:35
janed ttyp1 Dec 24 17:49
janed ttyp2 Dec 24 13:51
I'm really hoping this is just a fluke. I'm sorry this is so long, but I'm desperate here. I appreciate any input that you guys can give me! Many thanks.Hi warren.peace, and a warm welcome to the forums!
A couple of spam emails bounced back to me that had originated from my account. The headers indicated that it was coming from a 10.103.197.1. I ran a traceroute and came up with nothing.
Not to worry on that one, many Spammers fake//spoof the IP to get it delivered by returning it!
I don't understand why they're trying to connect to the specific ports - I couldn't find any info on most of the ports
I'm on Dial-up & get thousands of attempts some days
Run this on some of the ports you're worried about, click on SG security scan: port 51335 here for instance...
http://www.speedguide.net/port.php?port=51335&print=friendly
Dec 22 05:26:48 abcd ipfw: 12190 Deny TCP 85.17.154.200:63777 192.168.1.xxx:22 in via en1 This one particularly disturbed me. Does it mean my computer was trying to connect to 85.17.154 from PORT 22?! That's not good, is it? What's more, I have Little Snitch, so I'm not really sure how this didn't pop up.
No, it means 85.17.154.200...
** Registrant:
Trends Yaz�l�m
Cemal Pa�a Mahallesi Bahar Caddesi Ne�e Apartman�
alt� No : 3/A
Adana,
T�rkiye
Was trying to see if they could connect to you by ftp. Little Snitch is great.
208.67.222.222 is OpenDNS, no worry really.
On the janed thing, what do these 2 report in terminal...
w
who -
Network == DSL, verizon, westel 7500 router (recent replacement to defunct westel 327W)
1 Macbook on wireless, 1 iMac wired, 1 Cube on wireless, 1 HP7210 wired (to DSL router/modem)
new activity in Macbook only, from log---all devices have same os x firewall setting enabled
Apr 4 10:56:10 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3384 192.168.1.46:80 in via en1
Apr 4 10:56:16 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3384 192.168.1.46:80 in via en1
Apr 4 10:56:28 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3384 192.168.1.46:80 in via en1
Apr 4 10:56:37 -billslaptop- ipfw: Stealth Mode connection attempt to UDP 192.168.1.46:137 from 192.168.1.1:137
Apr 4 10:56:38 -billslaptop- ipfw: Stealth Mode connection attempt to UDP 192.168.1.46:137 from 192.168.1.1:137
Apr 4 10:56:38 -billslaptop- ipfw: Stealth Mode connection attempt to UDP 192.168.1.46:137 from 192.168.1.1:137
Are these coming through the DSL router, or from it? I'm getting ready to install a packet sniffer out of frustration---and installing that is sure to be frustrating in and of itself!!
On a side note, the new Westel boxes seem to have embedded Linux, port 4567 open for flash upgrades from the ISP, and use iptables etc. for firewalling....anyone know how to telnet into these boxes...the Verizon GUI (like so much Verizon stuff) is not bad, but I'd rather have real access.....
Thanks for your help, if you have it.Because I only posted a snippet from console, you don't see that the "pings" from the dsl router increment through a list of high number ports.....
Apr 5 11:39:13 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3543 192.168.1.46:80 in via en1
Apr 5 11:53:29 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3545 192.168.1.46:80 in via en1
Apr 5 11:44:53 -billslaptop- ipfw: Stealth Mode connection attempt to TCP 192.168.1.46:58135 from 74.125.91.103:80
So at any given time, just researching the source port # doesn't answer the question...
The router recognizes the laptop (in its web interface--it's a frustrating fact of life that, at least as far as I can tell, ISPs block any access to their modem/routers except through their canned interface)
There may be some clue to what's going on in the fact that the "Stealth Mode connection" language only appeared after I change the firewall to stealth mode....prior to that the log was filling with the "Deny.." entries.....and even if that's not a clue, it's still an interesting fact on its own. -
I got a Macbook Air. My system language is russian but the login password is english. I put the laptop into sleep mode, then wanted to log in again, but the language seems to have switched to russian, there's no language change button! How do I log in now?
Severia,
I tried your solution, but it did not work with my laptop. After I restart the laptop, the language does not change and I cannot type the password in English language. Do you have any other suggestion?
Thank you. -
I am not able to see "Edit Mode on" when i log into workspace...
I am not able to see "Edit Mode on" when i log into workspace...through Weblogic user...Oracle BPM 11g
If your trying to put pictures that are on your phone to your computer you import it see link below
http://support.apple.com/kb/HT4083 -
Hello,
how can I enable ipfw logging in OS X 10.7.
I have a rule
00400 allow log ip from any to any dst-port 80
# sysctl net.inet.ip.fw.verbose
net.inet.ip.fw.verbose: 2
I did not change /etc/syslog.conf in any way
I would expect to gett log entries in /var/log/ipfw.log or even in /var/log/system.log but there are none.
What do I have to do to set up ipfw logging in Lion?
Best regards from Germany
macmartinThank you for your comment.
I have a line in /etc/syslog.conf:
local1.* /var/log/ipfw.log
Thats why I thought logging should go there.
I also checke kernel.log but no logging entries there either.
I have also read the link you directed me to.
I dont have the line jnoir mentioned in my asl.conf file and I dont understand how the asl.conf works.
'man asl.conf' didn't realy help
I dont want to screw things up but I think maybe this might be the right place to get my issue fixed.
Any explanation would be appreciated.
Regards macmartin -
Hello,
Just wondering if IPFW logging is broken in 10.6. I'm using my own IPFW firewall since 10.5 and I noticed that after the 10.6 upgrade, IPFW is still working but doesn't log anything anymore. I noticed that the /etc/syslog seems to have changed at some point. Here's an extract from the backed up one that was working on 10.5:
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/ipfw.log
Now in 10.6 this looks like this:
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/appfirewall.log
local1.* /var/log/ipfw.log
And I haven't changed that because then I would have backed it up. So for instance my SSH rule looks like this:
# Allow SSH inbound
add 00700 set 3 count log tcp from any to any dst-port 22 in setup
add 00701 set 3 allow tcp from any to any dst-port 22 in setup keep-state
But my ipfw.log is exactly 0 bytes long and empty... and I definitely get hits on the rules. Here an extract form 'ipfw show':
00700 2 104 count log logamount 100 tcp from any to any dst-port 22 in setup
00701 1888 250506 allow tcp from any to any dst-port 22 in setup keep-state
And yes, the appfirewall.log is also empty which seems to have now taken over the local0 log facility... (the App firewall is not enabled)
Any help is appreciated.
Thanks!
Frankpiknyc wrote:
I had the same problem and can't remember exactly what I did to fix it but I think this was it.
I added the below to /etc/syslog.conf and restarted:
put this at the top
!ipfw
this at the bottom
\. /var/log/ipfw.log
This had strange effects in snow leopard. It had no effect on the output of appfirewall.log, but now ipfw.log fills up with everything.
All i want is a clean logfile with my ipfw logs not spammed by the appfirewall. I've tried changing /usr/libexec/ApplicationFirewall/com.apple.alf.plist loggingenabled key to 0 and restarting but it had no effect. -
Hello all,
First post here, I hope you'll find it easy to answer. I haven't
I use ipfw as my firewall and supply a custom set of rules. It is configured at startup as described in this (very good) tutorial:
http://silvester.org.uk/OSX/wrangling_ipfw.html
As you see, the script /usr/local/bin/Firewall that customizes the rules, includes the line:<pre>
/usr/sbin/sysctl -w net.inet.ip.fw.verbose=1 </pre>
Moreover, in /var/log/system.log I see:
</pre>
sparrow:~ (12:46)$ grep net.inet.ip.fw.verbose /var/log/system.log
Dec 16 12:45:10 localhost com.ipfw.daemon49: net.inet.ip.fw.verbose: 0 -> 1
Dec 16 12:45:10 localhost com.ipfw.daemon49: net.inet.ip.fw.verbose_limit: 0 -> 65535
</pre>
However, when I look at the value of net.inet.ip.fw.verbose right after the startup, it's not 1!
<pre>
sparrow:~ (12:47)$ /usr/sbin/sysctl -w net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose: 2
sysctl: net.inet.ip.fw.verbose: Operation not permitted
</pre>
(yes I know I'm not the root in this example)
So question #1 is:
#1. When and where is the default value of net.inet.ip.fw.verbose is set? I know this must be done after I initialize the firewall rules.
The question #2 is related to the logging daemon, syslogd. I've tried many tricks to make ipfw log into its own separate file (e.g., /var/log/ipfw.log) with no success. I know ipfw generates logs from the kern. facility.
So, the question is:
#2. Is there any sane way of redirecting the ipfw messages into a separate file?
Thanks!Here is the key part of the ipfw startup script on my machine:
ipfw /etc/firewallrules
# firewall logging
sysctl -w net.inet.ip.fw.verbose=2
sysctl -w net.inet.ip.fw.verbose_limit=0
# interface forwarding
sysctl -w net.inet.ip.forwarding=0
and logging goes to /var/log/appfirewall.log
Strictly speaking, this is the "wrong" log file, since this is the ipfw firewall and not the app firewall. But I don't know how to change it (and don't really care, since I'm not going to be using the app firewall).
Note, the code above comes from the startup script created by the shareware app called WaterRoof, which is what I use to control my ipfw firewall. -
Stealth mode connection attempts? Reason for Open DNS in router settings?
Console is giving me repeated messages (many times per minute) that read
"Stealth Mode connection attempt to UDP xxxx from 208.67.222.222:53"
That's a little scary to the uninitiated! I've done some rummaging here and across the net on this. I understand little of what I found or how to stop this. I understand that the 208.67.222.222 is Open DNS related. I was glad to discover that as I originally thought some malicious computer somewhere was trying to gain access to my MacBook Pro. I thought I'd delete the DNS servers to see if that would help, but they are greyed out in the Preferences--Network--DNS panel and cannot be removed.
From what I've investigated, those Open DNS servers are set in the router. I know how to change or delete those, but maybe I shouldn't. In fact, maybe someone can remind me why I put them in there in the first place (years ago). I vaguely recall some advantage to using Open DNS (faster?), although I'll confess that, of late, too often mistyped web addresses go to an Open DNS page, which is a nuisance.
In any event, I'd like to do something that would stop the stealth mode "attacks". While I'm sure I could ignore it, maybe it's eating up some browser or network time. It also seems odd that it would go on and on!Thanks for some info on this. Should I only see it then, when I'm in a browser? Or, when wi-fi is on? I'm assuming that the Mac may be checking what time it is, although it seems a little too frequent for that! (3 times a minute? Well, maybe that's about right, but then Apple and Open DNS should coordinate so that this message doesn't show up.)
I did find this: http://forums.opendns.com/comments.php?DiscussionID=1785
Does that make sense? It's completely benign? And doesn't waste CPU cycles?
One problem with all this stealth mode logging is that it fills up the Console message window! It thus means that there is gobs of stuff I have to wade through to see if there really is something going on from the outside!
I did find two oddballs in there (I don't think they were open DNS as they weren't 208s), so the firewall is doing something. -
Setting AEBS for Stealth mode? Is it possible??
Hello,
I have a Airport Extreme Base Station and I currently have all the default settings for it. I know that the AEBS has a firewall, but I don't really know how to configure it. When I test it's security level by going to a website and running port scans etc... (I go to www.grc.com) I'm getting responses that the ports are responding but are "closed". Is there a way to set the AEBS to have a stealth setting??
I used to have a SMC Barricade router before I got my mac and the AEBS and when I ran these types of tests before they always came out as stealth on all my ports.
Does anyone out there know how to set this base station to show up as stealth?
Thanks in advance.Hi,
I've asked this question before, too by going to an Apple Store to ask one of their Geniuses what to do about this problem. The response I got was basically that I didn't know what I was talking about and that I was stupid for asking. Usually the Apple folks are cheerful and happy to help; must have been a bad fruit in the lot.
Past messages on this board (I searched for "stealth") mention a similar stance: don't worry about ping, just make sure your ports are closed and/or services disabled.
The objective of stealth mode is to make sure hackers don't even know we exist so that they won't have reason to port scan our IP in the attempt to hack in. —When I ran a development web server for a while I monitored log files via Console seeing all kinds of external hack attempts!!
What I'm looking for is `stateful packet inspection` with all ports `stealthed`. Better yet, the AEBS needs to provide a configuration wizard for customers both who just want to run it out of the box AND include expert options (i.e. LinkSys, NetGear, D-Link, ...) so that we can fine-tune the firewall to our needs!
The main reason for my reply was to show that others have the same concerns and to solicit a meaningful response from Apple that satisfies this concern.
~Cheers
PS: I've also used grc.com to test my vulnerability from the outside world as well as asking external SysAdmins to port-scan my system. -
Stealth mode causing sleep trouble?
Hi,
I have a Rev A. PB 12", and I recently decided to beef up my security, so I checked on all the options under the "Advanced" button of the Firewall pane - Blocking UDP, Firewall logging, and Stealth Mode. It seemed to have worked for a few days, but then yesterday I discovered that the computer would not go to sleep on its own, but only if I forced it to. This really freaked me out because I just recently solved this exact issue with my computer, and it took my a very long time to figure it out, so I was naturally worried again. This time it turns out that if I turn off Stealth Mode, the computer is fine. If I keep it on, it keeps the computer awake. I am not sure why this occurs, and I would rather not have Stealth Mode off, but I want the computer to sleep on its own. Does anyone have any suggestions.? Thanks.Erasing firewall prefes solved the problem
-
Have I been hacked??? "Stealth Mode connection attempt to UDP"
My Mac Mini has been running very slowly lately. Sometimes it takes half a minute to switch between apps, and I mean simple apps like Mail and Safari and Appleworks, not Photoshop. Photoshop is a joke it runs so slow. So I've run Onyx SEVERAL times, restarted and cleared my PRam, and nothing is helping. I also noticed it seemed like my Mini was "running" a lot (the hard drive making a noise like it was up to something when I'm not doing anything). So I looked at the cable box and the Ethernet light was flashing softly, going along with the hard drive noise. Then I downloaded something called MenuMeters and it is showing that I'm receiving data constantly - it goes between about 300B/s to 1500B/s, and sometimes it shows I'm sending too. So I opened up the System Preferences and found out that "Network Time" was enabled in the Firewall preference pane. I unchecked that but my Mini is still receiving. (I'm not on any Ethernet network or anything either.) So I opened Advanced and found that the "Block UDP Traffic" box is not checked, though the other two "Enable Firewall Logging" and "Enable Stealth Mode" are checked. THEN I opened the log file and was shocked to see 1048 lines, mostly reading ""Stealth Mode connection attempt to UDP," although once in a while I saw a few that said "12190 Deny TCP." And that 1048 is just for yesterday and today. Is that normal??? Sometimes the "Stealth Mode connection" lines are single (I mean, not to a repeating number), but sometimes they repeat two, three, even five times to the same number.
Have I been hacked? Is someone stealing our small business data? Sounds kind of ridiculous, but can't help and worry some. Or do I have a virus? I tried to google whether or not there are any Mac viruses out there, that might pertain to this, but couldn't figure out anything. What do I do? I'm not very computer savvy, other than running my apps, and don't anything about Terminal or things like that. Even as I type this MenuMeters is showing me I'm receiving SOMETHING. Yikes!
Mini Mac OS X (10.4.8)You mention one of the applications you have been using is Appleworks - which is not supplied with Intel systems, only PPC Macs. This would tend to suggest that your mini is a G4 model. It would be helpful to know which model the system is, what software you have on it, how much free space you have on your hard drive, and what you typically use the system for.
It's interesting that you note the system seems generally busy, which would go some way to explain why it may also seem rather slow, but you haven't mentioned whether you've run Activity Monitor to see what processes are active when the system seems to be active with some task that is not of your doing. If you haven't tried this yet, do so now - and let us know what processes the system shows as active when otherwise the system ought to be idle.
To answer a few of your broad questions: When the system is connected to the internet, it's not unusual to see a certain amount of data through-putting the network connection, but in most instances this would be in the region of 100-200B/s, with occasional, brief, spikes upwards of that. In the absence of a local router that level of data is likely to be higher, since basically your Mac is managing your internet connection and maintaining a public IP address assigned by your service provider. In a system with a router, the router handles this traffic so the resultant volume of data the Mac sees would be less.
The fact you see entries in the log of the sort you describe is not necessarily an indicator of a problem. It may suggest that the system is being probed, which as Boece has said is not at all uncommon for a system with a public IP number - and is indeed why it's most common to find systems being used 'behind' a router. The router takes the public IP number, and so systems behind it are given internal addresses by the router which are not visible to the outside world. The Router then performs something called Network Address Translation (NAT) which converts internal and public addresses as needed to ensure the computer can communicate with the internet while still staying 'invisible'.
In your position, I would look to add a basic router between your Mac and your cable/DSL modem because a hardware firewall is generally more effective than a software firewall, and NAT will keep your system clear of most potential hacking risks.
As for the potential for a virus - this is a bit of a thorny subject because most will (rightly) say that MacOS is not the target of any known virus that exists in the wild. Unfortunately, that doesn't mean that it will remain that way, or that it's impossible to create malware that can infect or impact Mac systems. A good line of defense can be obtained by downloading and installing ClamXav (http://www.clamxav.com/) and setting it to examine vulnerable spots such as the desktop where files are typically downloaded or your mail folders, and using it to scan the system. Generally speaking, unlike antivirus products for Windows, this software does not consume copious amounts of CPU time (it grabs between 1 and 5% on my 1.25 G4 mini while in the background) so it's worth having around.
You also mention running OnyX several times - this is not a good thing. OnyX, like the other utilities of this type, is a useful tool in resolving performance issues, but if you find that it doesn't work when you use it once, it indicates the problem is not something that OnyX can resolve. Running it multiple times doesn't necessarily do any harm, but it does mean that macOS is continually having to build new cache files etc, which makes the system run very badly!
So....
(1) tell us about your system, the software on it and what you use it for.
(2) how much free space is on your hard drive.
(3) run Activity Monitor and tell us what it shows when the system seems to be busy doing it's own thing.
(4) download ClamXav and run it as described.
(5) get an inexpensive router and insert that into your system as described (we can help explain how to set everything up once you've got it if you need assistance).
Maybe you are looking for
-
How do I re-download MediaAccessibility.dll
Everytime I download an update for iTunes it is a huge problem because something goes wrong and this time it's saying I'm missing MediaAccessibility.dll and I have to reinstall iTunes because it was installed incorrectly, although I've already redown
-
Calls from Indonesia to Australia
Hi I have a skype unlimited international calls and skype to go AU number - but from what i have read i dont think it works if i'm calling from Indonesia to AUS or USA. Is this correct, and if so, If Ilargely want to be calling from Indonesia to the
-
Dynamic Internal Table in Function Module
Hi, I am developing a function module which is similar to GUI_DOWNLOAD. So , In My function module I would like to pass the internal table dynamically.I saw the paramter DATA_TAB in the function module GUI_DOWNLOAD. But there is no type associated wi
-
G/L Account is missing 1 / Message 131-46 / Out Going Excise - India
Hi All, Please note I have created a Sales Delivery and copied it to Outgoing Excise Invoice.When I click on Add I receive following error message. G/L Account is missing 1 Message 131-46 Now when I made the G/L account field visible, found that it w
-
ORA-02248: invalid option for ALTER SESSION when logging in from client
Hi, I am a junior dba and I was hoping if someone could help me out with a problem I am having. I recently installed on oracle 10g client on my windows machine. I am trying to remote connect to my database on a unix box but I am getting the below err