Understanding ipfw.log

I'm seeing this on the ipfw.logs
First, what does ipfw log? What is a stealth mode connection? Is someone trying to break my firewall?
Mar 12 17:48:08 Computer ipfw: Stealth Mode connection attempt to TCP 192.xxx.xx.xxx:49321 from 205.xxx.xxx.xxx:80

in system preferences go to firewall and click on advanced. if you have block udp and stealth mode checked you are protected. You can check this by going to Shields Up at grc.com. This is the premier SAFE firewall check.. Click on shields up to enter site go down page click on Shields Up description, click on PROCEED on next page, click on All service ports...wait for test to run...If test map comes up all green you will see explanation that YOPU PASSED and that computer is not seen by others unless YOU allow it.... Apples firewall works...just stay away from JUNK sites and you will not have problems!!

Similar Messages

Ipfw Logs and Other Delightful Issues

So. Frustrated. I've tried so many different things that I'm not really even sure where to start. Disclaimer: I might be a bit too cautious when it comes to security, and I have just enough knowledge to make my paranoia go into overdrive. Hopefully there's nothing seriously wrong here.
I'm running 10.4 on a MBP. I have the firewall enabled (Apple's and my router's) with all the services turned off, Stealth Mode enabled, block all UDP traffic, etc. A couple of spam emails bounced back to me that had originated from my account. The headers indicated that it was coming from a 10.103.197.1. I ran a traceroute and came up with nothing. After some Googling, I found out it's a blackhole. I got nervous and checked the ipfw logs and found a lot of connection attempts. Most, of course, are from sites I had visited, but a few IP addresses and ports looked strange. The logs are pretty lengthy, but here's a snippet. Again, I know a little, but I don't know enough to be 100% about what's normal and what isn't. I know a lot of them are safe websites, but I don't understand why they're trying to connect to the specific ports - I couldn't find any info on most of the ports. Bear with me if some of this is obviously benign.
Dec 20 21:11:05 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:05 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:06 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:14:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51373 from 72.32.194.250:80
Dec 20 21:14:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51373 from 72.32.194.250:80
Dec 20 21:14:35 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51373 from 72.32.194.250:80
Dec 20 21:15:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:15:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:15:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:16:01 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:41:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:15 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:33 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:57 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 22:28:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:28:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:28:55 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:29:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:29:31 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:30:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:51:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:51:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:51:36 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:51:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:52:33 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:52:36 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:52:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:52:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:53:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:54:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52579 from 66.114.53.23:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52583 from 66.114.53.28:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52584 from 66.114.53.28:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52604 from 66.114.53.17:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52582 from 66.114.53.28:80
Dec 20 22:54:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52605 from 66.114.53.17:80
Dec 20 22:54:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52607 from 66.114.53.17:80
Dec 20 22:54:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:54:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52579 from 66.114.53.23:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52583 from 66.114.53.28:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52584 from 66.114.53.28:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52604 from 66.114.53.17:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52582 from 66.114.53.28:80
Dec 20 22:54:26 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52605 from 66.114.53.17:80
Dec 20 22:54:26 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52607 from 66.114.53.17:80
Dec 20 22:54:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:54:36 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52579 from 66.114.53.23:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52583 from 66.114.53.28:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52584 from 66.114.53.28:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52604 from 66.114.53.17:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52582 from 66.114.53.28:80
Dec 20 22:54:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52605 from 66.114.53.17:80
Dec 20 22:54:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52607 from 66.114.53.17:80
Dec 20 22:54:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:55:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 23:14:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:53 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:58 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53027 from 66.114.53.48:80
Dec 20 23:16:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52986 from 66.114.53.48:80
Dec 20 23:16:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52989 from 66.114.53.48:80
Dec 20 23:16:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52985 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52996 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52987 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52990 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52988 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52995 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52993 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52994 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53018 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53021 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53020 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53019 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53027 from 66.114.53.48:80
Dec 20 23:16:26 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52986 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52996 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52992 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52987 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52988 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52995 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52993 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52994 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53018 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53021 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53020 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53019 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52989 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52985 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52986 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52996 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52987 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52992 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52988 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52995 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52993 from 66.114.53.48:80
Dec 20 23:16:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52994 from 66.114.53.48:80
Dec 20 23:16:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53020 from 66.114.53.48:80
Dec 20 23:16:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53021 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53019 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53027 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:16:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53077 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:16:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53077 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:17:02 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53077 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:37:58 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:02 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:11 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:13 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:13 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:16 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:31 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:31 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:39:53 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:55 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:55 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:56 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:56 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:40:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:40:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:40:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:40:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:40:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 21 00:01:11 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:01:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:01:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:01:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:11:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:11:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:11:57 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:12:09 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:25:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:15 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:15 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:24 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:26:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54106 from 216.119.110.211:80
Dec 21 00:26:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54106 from 216.119.110.211:80
Dec 21 00:26:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54106 from 216.119.110.211:80
Dec 21 00:29:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 00:29:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 00:29:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 00:30:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 23:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:56927 from 168.143.171.84:80
In an attempt to keep this as short as I can, I'm just going to list the repeat hits.
209.85.225.100 (Go Daddy - no reason for this to be on here, is there?) attempting to connect to 54458, 54459, 55509, etc. There are quite a few of these.
Dec 22 05:26:48 abcd ipfw: 12190 Deny TCP 85.17.154.200:63777 192.168.1.xxx:22 in via en1 This one particularly disturbed me. Does it mean my computer was trying to connect to 85.17.154 from PORT 22?! That's not good, is it? What's more, I have Little Snitch, so I'm not really sure how this didn't pop up.
Dec 22 21:43:41 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:52910 in via en1
Dec 22 21:43:41 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:52910 in via en1
Dec 22 21:47:18 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:61905 from 192.168.1.xxx:53
Dec 22 21:47:23 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:49775 from 208.67.222.222:53
Dec 22 21:55:47 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:64315 from 192.168.1.xxx:53
Dec 22 21:55:49 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:62435 from 208.67.222.222:53
Dec 22 22:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:59:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:58538 in via en1
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.220:53 192.168.1.xxx:51316 in via en1
Dec 22 21:47:18 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:61905 from 192.168.1.xxx:53
Dec 22 21:47:23 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:49775 from 208.67.222.222:53
Dec 22 21:55:47 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:64315 from 192.168.1.xxx:53
Dec 22 21:55:49 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:62435 from 208.67.222.222:53
Dec 22 22:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:59:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:58538 in via en1
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.220:53 192.168.1.xxx:51316 in via en1
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60980 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60981 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60982 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60983 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60983 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60982 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60981 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60980 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60983 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60982 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60981 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60980 from 140.239.191.10:80
Dec 23 21:28:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80 (Lots more of these)
Dec 23 21:32:37 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:51887 from 192.168.1.xxx:53
Dec 23 23:26:13 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:62632 from 192.168.1.xxx:53
Dec 24 00:00:29 abcd ipfw: 10100 Deny TCP 212.18.195.102:16955 192.168.1.xxx:22 in via en1
Dec 24 03:37:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49322 from 208.69.36.231:80
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:53 in via en1
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:443 in via en1
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:25 in via en1
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:22 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:443 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:53 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:22 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:25 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:143 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:143 in via en1
Dec 24 03:53:51 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:54229
Dec 24 03:53:52 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:54230
Dec 24 03:57:16 abcd ipfw: 12190 Deny TCP 66.230.207.58:44027 192.168.1.xxx:53 in via en1
Dec 24 03:57:16 abcd ipfw: 12190 Deny TCP 66.230.207.58:44028 192.168.1.xxx:53 in via en1
Dec 24 03:57:16 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:44027
Dec 24 03:57:17 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:44028
Dec 24 04:03:06 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:16 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:03:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:03:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:03:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:03:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:03:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:04:00 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:00 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:04:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:04:06 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:04:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:16 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:04:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:04:33 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49414 from 87.230.55.47:80
It keeps going on and on. Here's a Netstat:
NETSTAT:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.1.xxx.54159 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54158 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54157 209.85.225.100.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54156 209.85.225.100.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54155 209.85.225.100.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54154 209.85.225.100.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54153 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54152 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54151 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54150 209.85.225.101.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54149 208.69.36.230.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54140 209.85.225.113.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54099 63.84.95.75.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54098 63.84.95.75.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54038 63.84.95.75.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54034 63.84.59.50.80 ESTABLISHED
tcp4 0 0 192.168.1.xxx.54033 63.84.59.50.80 ESTABLISHED
tcp4 0 0 127.0.0.1.1033 127.0.0.1.920 ESTABLISHED
tcp4 0 0 127.0.0.1.920 127.0.0.1.1033 ESTABLISHED
tcp4 0 0 . . CLOSED
tcp4 0 0 127.0.0.1.631 . LISTEN
tcp4 0 0 . . CLOSED
tcp4 0 0 127.0.0.1.1033 127.0.0.1.1021 ESTABLISHED
tcp4 0 0 127.0.0.1.1021 127.0.0.1.1033 ESTABLISHED
tcp4 0 0 127.0.0.1.1033 . LISTEN
udp4 0 0 *.5353 .
udp4 0 0 . .
udp4 0 0 . .
udp4 0 0 *.631 .
udp4 0 0 . .
udp4 0 0 127.0.0.1.49164 127.0.0.1.1022
udp4 0 0 127.0.0.1.49163 127.0.0.1.1022
udp4 0 0 127.0.0.1.1022 .
udp4 0 0 127.0.0.1.49162 127.0.0.1.1023
udp4 0 0 127.0.0.1.1023 .
udp4 0 0 192.168.1.85.123 .
udp6 0 0 fe80:5::214:51ff.123 .
udp4 0 0 127.0.0.1.123 .
udp6 0 0 fe80:1::1.123 .
udp6 0 0 ::1.123 .
udp6 0 0 *.123 .
udp4 0 0 *.123 .
udp6 0 0 *.5353 .
udp4 0 0 *.5353 .
udp4 0 0 127.0.0.1.1033 .
icm6 0 0 . .
63.84.59.50 is blacklisted as are some others - can't remember exactly what they are. I got a little discouraged and stopped checking all the IPs. Okay, so here's what I've done: Ran Clam (clean results), ran MacScan and found 1 tracking cookie that I removed, reconfigured Little Snitch and blocked the majority of the IPs. Oh - how do you manually block an IP range from the firewall? I can't figure that out.
OH - one more thing that I thought was really strange: I was poking around in Terminal and ran the who command just out of curiosity.
17:49 up 13:20, 3 users, load averages: 0.18 0.24 0.29
USER TTY FROM LOGIN@ IDLE WHAT
janed console - 13:35 4:13 -
janed p1 - 17:49 - w
janed p2 - 13:51 3:56 -
Let's pretend my user name name is janedoe. Why would it only show janed? There IS no user named janed. So I tried to investigate more:
abcd:~ abcd$ whoami
abcd
abcd:~ janedoe$ who
janed console Dec 24 13:35
janed ttyp1 Dec 24 17:49
janed ttyp2 Dec 24 13:51
I'm really hoping this is just a fluke. I'm sorry this is so long, but I'm desperate here. I appreciate any input that you guys can give me! Many thanks.

Hi warren.peace, and a warm welcome to the forums!
A couple of spam emails bounced back to me that had originated from my account. The headers indicated that it was coming from a 10.103.197.1. I ran a traceroute and came up with nothing.
Not to worry on that one, many Spammers fake//spoof the IP to get it delivered by returning it!
I don't understand why they're trying to connect to the specific ports - I couldn't find any info on most of the ports
I'm on Dial-up & get thousands of attempts some days
Run this on some of the ports you're worried about, click on SG security scan: port 51335 here for instance...
http://www.speedguide.net/port.php?port=51335&print=friendly
Dec 22 05:26:48 abcd ipfw: 12190 Deny TCP 85.17.154.200:63777 192.168.1.xxx:22 in via en1 This one particularly disturbed me. Does it mean my computer was trying to connect to 85.17.154 from PORT 22?! That's not good, is it? What's more, I have Little Snitch, so I'm not really sure how this didn't pop up.
No, it means 85.17.154.200...
** Registrant:
Trends Yaz�l�m
Cemal Pa�a Mahallesi Bahar Caddesi Ne�e Apartman�
alt� No : 3/A
Adana,
T�rkiye
Was trying to see if they could connect to you by ftp. Little Snitch is great.
208.67.222.222 is OpenDNS, no worry really.
On the janed thing, what do these 2 report in terminal...
w
who

Enable ipfw logging in Lion

Hello,
how can I enable ipfw logging in OS X 10.7.
I have a rule
00400 allow log ip from any to any dst-port 80
# sysctl net.inet.ip.fw.verbose
net.inet.ip.fw.verbose: 2
I did not change /etc/syslog.conf in any way
I would expect to gett log entries in /var/log/ipfw.log or even in /var/log/system.log but there are none.
What do I have to do to set up ipfw logging in Lion?
Best regards from Germany
macmartin

Thank you for your comment.
I have a line in /etc/syslog.conf:
local1.* /var/log/ipfw.log
Thats why I thought logging should go there.
I also checke kernel.log but no logging entries there either.
I have also read the link you directed me to.
I dont have the line jnoir mentioned in my asl.conf file and I dont understand how the asl.conf works.
'man asl.conf' didn't realy help
I dont want to screw things up but I think maybe this might be the right place to get my issue fixed.
Any explanation would be appreciated.
Regards macmartin

Understanding http log

Hi,
I know that the doc did specify a very high level of understanding the log:
dateTime hostName processName[pid]: category logLevel: eventMessage
However I have couple of questions here:
Q1) Why is there different IP addresses shown? 129.2.20.19 is the load balancer and 136.14.130.21 is from PC.
Q2) What is the difference between the 2 time stamps, one at the beginning and one at the end of each entry?
Example: ..03/Jun/2005:14:58:00....14:56:57 0:01:03.....
[03/Jun/2005:14:58:00 +0800] mux1 httpd[10763]: Account Notice: close [129.2.20.19] [unauthenticated] 2005/6/3 14:58:00 0:00:00 19 149 0
[03/Jun/2005:14:58:00 +0800] mux1 httpd[10763]: Account Notice: close [192.168.48.109] [unauthenticated] 2005/6/3 14:58:00 0:00:00 623 262 0
[03/Jun/2005:14:58:00 +0800] mux1 httpd[10763]: Account Notice: close [136.14.130.21] [unauthenticated] 2005/6/3 14:56:57 0:01:03 1330 604 0
[03/Jun/2005:14:58:00 +0800] mux1 httpd[10763]: Account Notice: close [136.14.130.21] [unauthenticated] 2005/6/3 14:56:56 0:01:04 2435 3698 0

Hi,
I know that the doc did specify a very high level of
understanding the log:
dateTime hostName processName[pid]: category
logLevel: eventMessage
However I have couple of questions here:
Q1) Why is there different IP addresses shown?
129.2.20.19 is the load balancer and 136.14.130.21
1 is from PC.The ip is the address of the system that connected. It's reporting that. If one of your users connected directly, then his ip is reported. We must know the ip where the connection is happening, if we're going to have ip security.
Q2) What is the difference between the 2 time stamps,
one at the beginning and one at the end of each
entry?Login time vs log out time? I'm not exactly sure, myself.
Why is this important to you? The timestamp on the left is the logout time.
>
Example: ..03/Jun/2005:14:58:00....14:56:57
0:01:03.....
[03/Jun/2005:14:58:00 +0800] mux1 httpd[10763]:
Account Notice: close [129.2.20.19] [unauthenticated]
2005/6/3 14:58:00 0:00:00 19 149 0
[03/Jun/2005:14:58:00 +0800] mux1 httpd[10763]:
Account Notice: close [192.168.48.109]
[unauthenticated] 2005/6/3 14:58:00 0:00:00 623 262
0
[03/Jun/2005:14:58:00 +0800] mux1 httpd[10763]:
Account Notice: close [136.14.130.21]
[unauthenticated] 2005/6/3 14:56:57 0:01:03 1330 604
0
[03/Jun/2005:14:58:00 +0800] mux1 httpd[10763]:
Account Notice: close [136.14.130.21]
[unauthenticated] 2005/6/3 14:56:56 0:01:04 2435 3698
0

Stealth mode logs in ipfw.log

Every so often I get logs like this in my /var/log/ipfw.log:
Jan 20 08:41:33 PowerBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.x:53725 from xxx.xxx.xxx.xxx:80
These log entries do not show an ipfw rule number. So how can I tell which rule from ipfw is causing them to be logged? Are they being logged before matching any of the rules you see on the command sudo ipfw show?

Hi Rick,
Thanks also for your response.
Do you have a network printer? (make, model, please)
Any other network devices on this LAN (Xbox, printer,
PC :o
I don't have a network printer. The little network only consists of the router and the Mac for the time being.
Do you have uPNP enabled on your router?
What make/model of router? (there may be something
common to this mfr)
No, the uPNP is never enabled. My router is Belkin Wireless G Router (F5D7230-4), which is supposed quite Mac-friendly in the market...
You say you still get the logging, even when the DSL
modem is disconnected. Weird.
Yes, it is weird.
StealthMode has been known to cause more paranoia in
some users. This 137 port scanning might be coming
from a printer or other network device on the inside
of your little network...with stealth disabled,
things would just work the way they're supposed to --
quietly. Your mac is probably secure. Your router is
probably secure (especially if you changed the admin
password when you set it up. If you've been using the
default admin password, then shame on you <wink>
I have enabled Stealth mode in my Mac. Sorry to let you down (^^V) that I am not using the default password before the discovery of the port probing mentioned and have changed to another one after reset and firmware upgrade as advised by the other poster.
Am I off-base here, fellows?
Nope, you're appreciated for any idea trying to help.
TC
(P.S. I found that the "Helpful" is used up. Sorry that I can't give you one...)

Snow Leopard & IPFW logging

Hello,
Just wondering if IPFW logging is broken in 10.6. I'm using my own IPFW firewall since 10.5 and I noticed that after the 10.6 upgrade, IPFW is still working but doesn't log anything anymore. I noticed that the /etc/syslog seems to have changed at some point. Here's an extract from the backed up one that was working on 10.5:
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/ipfw.log
Now in 10.6 this looks like this:
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/appfirewall.log
local1.* /var/log/ipfw.log
And I haven't changed that because then I would have backed it up. So for instance my SSH rule looks like this:
# Allow SSH inbound
add 00700 set 3 count log tcp from any to any dst-port 22 in setup
add 00701 set 3 allow tcp from any to any dst-port 22 in setup keep-state
But my ipfw.log is exactly 0 bytes long and empty... and I definitely get hits on the rules. Here an extract form 'ipfw show':
00700 2 104 count log logamount 100 tcp from any to any dst-port 22 in setup
00701 1888 250506 allow tcp from any to any dst-port 22 in setup keep-state
And yes, the appfirewall.log is also empty which seems to have now taken over the local0 log facility... (the App firewall is not enabled)
Any help is appreciated.
Thanks!
Frank

piknyc wrote:
I had the same problem and can't remember exactly what I did to fix it but I think this was it.
I added the below to /etc/syslog.conf and restarted:
put this at the top
!ipfw
this at the bottom
\. /var/log/ipfw.log
This had strange effects in snow leopard. It had no effect on the output of appfirewall.log, but now ipfw.log fills up with everything.
All i want is a clean logfile with my ipfw logs not spammed by the appfirewall. I've tried changing /usr/libexec/ApplicationFirewall/com.apple.alf.plist loggingenabled key to 0 and restarting but it had no effect.

Ipfw: logging and verbosity

Hello all,
First post here, I hope you'll find it easy to answer. I haven't
I use ipfw as my firewall and supply a custom set of rules. It is configured at startup as described in this (very good) tutorial:
http://silvester.org.uk/OSX/wrangling_ipfw.html
As you see, the script /usr/local/bin/Firewall that customizes the rules, includes the line:<pre>
/usr/sbin/sysctl -w net.inet.ip.fw.verbose=1 </pre>
Moreover, in /var/log/system.log I see:
</pre>
sparrow:~ (12:46)$ grep net.inet.ip.fw.verbose /var/log/system.log
Dec 16 12:45:10 localhost com.ipfw.daemon49: net.inet.ip.fw.verbose: 0 -> 1
Dec 16 12:45:10 localhost com.ipfw.daemon49: net.inet.ip.fw.verbose_limit: 0 -> 65535
</pre>
However, when I look at the value of net.inet.ip.fw.verbose right after the startup, it's not 1!
<pre>
sparrow:~ (12:47)$ /usr/sbin/sysctl -w net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose: 2
sysctl: net.inet.ip.fw.verbose: Operation not permitted
</pre>
(yes I know I'm not the root in this example)
So question #1 is:
#1. When and where is the default value of net.inet.ip.fw.verbose is set? I know this must be done after I initialize the firewall rules.
The question #2 is related to the logging daemon, syslogd. I've tried many tricks to make ipfw log into its own separate file (e.g., /var/log/ipfw.log) with no success. I know ipfw generates logs from the kern. facility.
So, the question is:
#2. Is there any sane way of redirecting the ipfw messages into a separate file?
Thanks!

Here is the key part of the ipfw startup script on my machine:
ipfw /etc/firewallrules
# firewall logging
sysctl -w net.inet.ip.fw.verbose=2
sysctl -w net.inet.ip.fw.verbose_limit=0
# interface forwarding
sysctl -w net.inet.ip.forwarding=0
and logging goes to /var/log/appfirewall.log
Strictly speaking, this is the "wrong" log file, since this is the ipfw firewall and not the app firewall. But I don't know how to change it (and don't really care, since I'm not going to be using the app firewall).
Note, the code above comes from the startup script created by the shareware app called WaterRoof, which is what I use to control my ipfw firewall.

Issue understanding PFRO Log

Hey Everyone,
I have, what I hope to be a pretty simple question. Here we go.
I was looking at the PFRO Logs as I am trying to understand different system level things, for a class I am taking on System Administration (I am taking a deeper dive). When I came across the PFRO logs, I found something similar to the following:
7/22/2011 10:43:23 - PFRO Error: \??\C:\Users\UserName\AppData\Local\Temp\download_file_name.exe, |delete operation|, 0xc000003a
7/22/2011 10:43:23 - 1 Successful PFRO operations
Does this mean that the system was deleting the file "download_file_name.exe" and it was successful. As this is what it appears to be. I am not sure, and hoping someone can clarify as the "PFRO Error" is throwing me off.
Any help is greatly appreciated.
Thanks in advance.
Darksider

Hi,
Some products and updates use a registry key to store information about pending file rename operations (PFRO). This feature is used when files that have to be updated that are locked or that are being used, the installer writes the files to a temp location
and renames them after a restart.
The delete operation in your log means that the file (the pending file) is successfully deleted after a restart.
Kate Li
TechNet Community Support

Understanding MapViewer log - total time loading X features

Hi All,
I'm interested in finding out more about how to understand the following lines from the log file.
What I'm unsure about is what "total time loading features" means. For example Theme_14 has a sql exec time of 1797ms, however the total time loading 3 features is 21233ms.
I'm assuming the total time includes the sql exec time. However there is about 20 seconds extra. Understanding this time should allow me to make changes to reduce it.
What is MapViewer doing in that time? / What are the components that make up the "total time loading features"?
Mon Apr 21 14:57:30 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_1 ] sql exec time: 63ms, total time loading 0 features: 63ms.
Mon Apr 21 14:57:30 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_2 ] sql exec time: 422ms, total time loading 0 features: 422ms.
Mon Apr 21 14:57:30 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_3 ] sql exec time: 422ms, total time loading 7 features: 422ms.
Mon Apr 21 14:57:30 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_4 ] sql exec time: 422ms, total time loading 0 features: 422ms.
Mon Apr 21 14:57:30 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_5 ] sql exec time: 516ms, total time loading 0 features: 516ms.
Mon Apr 21 14:57:30 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_6 ] sql exec time: 500ms, total time loading 0 features: 500ms.
Mon Apr 21 14:57:30 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_7 ] sql exec time: 516ms, total time loading 0 features: 516ms.
Mon Apr 21 14:57:30 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_8 ] sql exec time: 422ms, total time loading 5 features: 422ms.
Mon Apr 21 14:57:30 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_9 ] sql exec time: 516ms, total time loading 0 features: 516ms.
Mon Apr 21 14:57:31 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_10 ] sql exec time: 218ms, total time loading 0 features: 218ms.
Mon Apr 21 14:57:31 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_11 ] sql exec time: 437ms, total time loading 12 features: 453ms.
Mon Apr 21 14:57:31 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_12 ] sql exec time: 766ms, total time loading 16 features: 1141ms.
Mon Apr 21 14:57:32 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_13 ] sql exec time: 906ms, total time loading 1 features: 1735ms.
Mon Apr 21 14:57:51 EST 2008 DEBUG [oracle.sdovis.theme.pgtp] [ THEME_14 ] sql exec time: 1797ms, total time loading 3 features: 21233ms.
Mon Apr 21 14:57:51 EST 2008 INFO [oracle.sdovis.DBMapMaker] **** time spent on loading features: 21233ms.
Your time is appreciated. Any other comments are also welcome.

Hi,
the "total time loading features" includes the whole process to prepare the theme data. It includes the SQL execution time plus the data fetching plus some other minor tasks which do not affect much the final total time. So basically look for the SQL exec time and the fetching/loading of data. In your case, the fetching/loading of THEME_14 geometries is taking too long. Also the SQL exec time for just 3 features seems high. For the fetching, check if the geometries are too detailed (too may points), and for the SQL check if you can improve it (the log, in finest mode, also shows the query executed).
Joao

Address book/exchange OWA sync - help understanding Console log

Like so many others I am having trouble getting Address Book to sync with Exchange through the Outlook Web Access settings. The trouble is that Console Messages doesn't seem to be giving me any information that I understand. Can anyone decipher this for me?
1/24/08 2:52:12 PM Translator[1774] Invoked to sync conduit com.apple.ExchangeConduit for entityNames: com.apple.contacts.Email Address,com.apple.contacts.Phone Number,com.apple.contacts.URL,com.apple.contacts.Contact,com.apple.contacts.Str eet Address
1/24/08 2:52:12 PM com.apple.syncservices.SyncServer[1633] 2008-01-24 14:52:12.224 Translator[1774:10b] Invoked to sync conduit com.apple.ExchangeConduit for entityNames: com.apple.contacts.Email Address,com.apple.contacts.Phone Number,com.apple.contacts.URL,com.apple.contacts.Contact,com.apple.contacts.Str eet Address

I've had the same problem for months and no solution as of yet. The source of the problem is that it appears that a software module is actually crashing. Has anyone ever figured out how to avoid this crash?
The following is the crash log:
Process: Translator 281
Path: /System/Library/PrivateFrameworks/SyncLegacy.framework/Resources/Translator
Identifier: Translator
Version: ??? (???)
Code Type: X86 (Native)
Parent Process: SyncServer 280
Date/Time: 2008-01-23 08:32:44.476 -0700
OS Version: Mac OS X 10.5.1 (9B18)
Report Version: 6
Exception Type: EXCBADACCESS (SIGBUS)
Exception Codes: KERNPROTECTIONFAILURE at 0x0000000000000014
Crashed Thread: 0
Thread 0 Crashed:
0 com.apple.CFNetwork 0x90ae10d7 _CFHTTPMessageSetHeader + 273
1 com.apple.CFNetwork 0x90ae0dee CFHTTPMessageSetHeaderFieldValue + 61
2 ...apple.AddressBook.framework 0x955d277a -ABDAVQuery buildRequest + 424
3 ...apple.AddressBook.framework 0x955d2903 -ABDAVQuery execute + 90
4 ...apple.AddressBook.framework 0x955d36bc -ABDAVQuery responseList + 78
5 ....synclegacy.ExchangeConduit 0x0004f2e3 0x4b000 + 17123
6 ....synclegacy.ExchangeConduit 0x0004ff5a 0x4b000 + 20314
7 Translator 0x00013205 0x1000 + 74245
8 Translator 0x00014089 0x1000 + 77961
9 Translator 0x000057aa 0x1000 + 18346
10 Translator 0x00006652 0x1000 + 22098
11 Translator 0x00004125 0x1000 + 12581
12 Translator 0x000033af 0x1000 + 9135
13 Translator 0x000028f2 0x1000 + 6386
Thread 1:
0 libSystem.B.dylib 0x9005ef5a select$DARWIN_EXTSN + 10
1 libSystem.B.dylib 0x90040075 pthreadstart + 321
2 libSystem.B.dylib 0x9003ff32 thread_start + 34
Thread 0 crashed with X86 Thread State (32-bit):
eax: 0xa05fd5a8 ebx: 0x955d25e7 ecx: 0xa029d4a0 edx: 0x00000000
edi: 0x00000000 esi: 0x00000003 ebp: 0xbfffec18 esp: 0xbfffebd0
ss: 0x0000001f efl: 0x00010246 eip: 0x90ae10d7 cs: 0x00000017
ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037
cr2: 0x00000014

Help understanding my log

Can anyone help me understand what these 2 entries in my log indicate?
1.) Jan 31 00:42:03 Mark-p-macbook-pro Firewall[38]: qmasterd is listening from 0.0.0.0:49153 uid = 0 proto=6
2.) Jan 31 00:44:34 Mark-p-macbook-pro Firewall[38]: Stealth Mode connection attempt to UDP 10.0.1.300:49174 from
Thanks!!!!

They are making references to information from your firewall program. Qmasterd is a component of FCP. Not sure what program is generating the Stealth mode connection.

Understanding transaction log..

Hi all,
Is there a way I can understand about the transaction,
I have tried using "dbcc(3604);dbcc log;" but that doesnt help much..
After some searching i came to know to use SQLAnywhere, but couldnt find any link to download it.
Is there any other way to view the log ?
Any reference on this will also be helpful.
Thanks in advance.

Unless the database is configured for sql statement replication, the transaction log does not contain any query text that would be useful to your investigation. The log contains records showing the changes made to the binary data stored on each page as the result of data modifications (DML) only.
You might consider setting up auditing of cmdtext and waiting for the issue to happen again. The audit tables would then contain the queries run.
You might also consider posting a detailed description of the issue, we might be able to recognize it or give further suggestions on how to reproduce it.
-bret

Understanding Server Log

I am really grateful to members of this forum in helping and guiding me in setting up my first server. Everything appears to be running smoothly so far. The monitoring strategy and understanding the server log will be critical. Can anyone point me to documentation that would help understanding the server log?

Nope. Sorry.
There is no general documentation of the server logs (beyond scattered postings and web pages, and the associated source code for various associated component tools as that code is available, and details of logs and errors for some of the specific components from their respective maintainers), nor would I expect this sort of general console log documentation to be available due to the sheer breadth of componentry and the churn from the OS X updates and upgrades. The process of learning the logs involves watching and learning what's normal operation for a specific server, and what sorts of patterns — blocks of repeated errors, daemons crashing and restarting, unusual delays or such — that indicate issues. Some of the normal log chatter can look quite draconian and can spook readers, with the ClamAV warning being a popular example of this, as are various (paraphrasing) OMG OUTDATED API warnings for OS X components.
If you're starting to deal with a number of systems, then you'll be looking at implementing log analysis tools and rules, SNMP and syslog to manage the chatter.
As a more general discussion, learning the individual components from available resources is entirely reasonable and recommended, as might be learning the structure of the OS X kernel and maybe then looking at application crashes and such for more advanced understanding. There are books and videos and various web pages on the components. Once you know how the pieces work, knowing what's normal in the logs is a little easier.
Monitoring system activity can help, too. It's fairly common to see a failure generate excessive disk I/O or processor activity, and spool up the fans. Security breaches and DDoSes and such can generate similar loads. The server gets, well, hot. If you watch the server and network activity, you can know when your system is busy, and know when it's busy for no obvious or good reason. At a more advanced policy and planning level, plotting activity over time can tell you when your server is headed toward an overload.
Monitoring the core server forum postings via RSS feeds (eg: this forum) can help spot trends and what become known bugs, as can be membership on the Mac Enterprise mailing list. I also follow various security-oriented notification lists and RSS feeds, including those RSS feeds from Apple and those associated with components and tools I use. (These can also help you learn the system and the tools, too.)
More generally, have backups, consider and potentially implement periodic off-site backups, learn IP networking and DNS and maybe managed switches and DMZs and the rest if and as you scale up, get onto notification lists for the tools and products that you use (particularly for security reports), and (generally) don't rush to upgrade OS X Server save for cases involving actively-exploited or critical security or stability problems — have your reasons for upgrading and consider the trade-offs against not upgrading, and "shiny" isn't usually one of the best reasons for an upgrade.

Help Understanding the Log - status=sent to status=bounced

Hello,
This is a very newb question and I'm very sorry to have to ask this here. I attempted googling it and searching for it, and I just can't seem to find a clear answer on this issue, so I'm hoping someone can just help me understand 2 messages in my log here quickly.
First, we send emails to Company A all the time and have no problem doing so; however, recently we had the need to email a new employee at Company A that we've never emailed before and anything we email to him gets bounced back.
At looking at the logs I have the following 2 messages (and what I think they mean), can someone confirm with me what these messages mean. Sorry, again I know, newbie.
Nov 3 09:51:30 xxxx postfix/smtp[3785]: 72C2CCC203A: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.18, delays=0.01/0/0/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9C61DCC2049)
This means my server sent the message out to the Internet without issue correct?
Nov 3 09:51:33 xxxx postfix/smtp[3792]: 9C61DCC2049: to=<[email protected]>, relay=mail.global.frontbridge.com[216.32.181.22]:25, delay=3.3, delays=0/0/3.1/0.21, dsn=5.0.0, status=bounced (host mail.global.frontbridge.com[216.32.181.22] said: 554 <[email protected]>: Recipient address rejected: Access denied (in reply to RCPT TO command))
Does this mean another server (mail.global.frontbridge.com) flagged it as spam or blocked the email from going through?
If so, I'm really confused why we can email everyone else at companya.com but not this particular person. Then I don't even know who to blame as far as the problem goes, is my company blocked from sending out or is Company A blocked from receiving. (I'm thinking a blacklist)
I'm just looking for verification I guess and maybe what I should look at doing to resolve the issue.
In googling this issue, it did appear others out there are having this issue with mail.global.frontbridge.com, but that doesn't mean my server is setup correctly I guess ... even though I'm fairly certain it is .... :/
Thank you anyways to whoever can help me confirm what's going on here.
-Jessee

The problem is most likely on their end. If your mail server was blacklisted by them, you would not be able to mail any address on their server.
That said:
Nov 3 09:51:30 xxxx postfix/smtp3785: 72C2CCC203A: to=<[email protected]>, relay=127.0.0.1http://127.0.0.1:10024, delay=0.18, delays=0.01/0/0/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9C61DCC2049)
This means my server sent the message out to the Internet without issue correct?
No, it means the e-mail was delivered to the content filter (spam/virus)) on your server (relay=127.0.0.1 = localhost = your server).
Nov 3 09:51:33 xxxx postfix/smtp3792: 9C61DCC2049: to=<[email protected]>, relay=mail.global.frontbridge.comhttp://216.32.181.22:25, delay=3.3, delays=0/0/3.1/0.21, dsn=5.0.0, status=bounced (host mail.global.frontbridge.comhttp://216.32.181.22 said: 554 <[email protected]>: Recipient address rejected: Access denied (in reply to RCPT TO command))
The receiving server (mail.global.frontbridge.com) is rejecting the e-mail. Since they only give a generic error, you will need to ask them why. (Chances are they have not defined the new user on their gateway.)
HTH,
Alex
Message was edited by: pterobyte

Ipfw log strangeness

Here's a logline from ipfw on a machine I look after (exact dest ip masked for privacy):
Jan 22 23:50:01 imac-g5 ipfw: 54013 Deny TCP 64.233.167.99:80 68.x.x.x:49725 in via en0
... the source IP logged here belongs to Google.
If the source and destination ports were reversed ie:
SRC: 64.233.167.99:49725
DEST: 68.x.x.x:80
... then it's be fairly obviously a Googlebot being rebuffed. But they aren't reversed, the source as logged is port 80 on Google's IP, and the destination is a client-port on the local machine.
Anyone got any clues as to what this traffic may actually be? It's got me baffled.
Cheers
S.
Powerbook G4 1.5GHz 15 Mac OS X (10.4.4)

Here's a logline from ipfw on a machine I look after (exact dest ip masked for privacy):
Jan 22 23:50:01 imac-g5 ipfw: 54013 Deny TCP 64.233.167.99:80 68.x.x.x:49725 in via en0
... the source IP logged here belongs to Google.
If the source and destination ports were reversed ie:
SRC: 64.233.167.99:49725
DEST: 68.x.x.x:80
... then it's be fairly obviously a Googlebot being rebuffed. But they aren't reversed, the source as logged is port 80 on Google's IP, and the destination is a client-port on the local machine.
Anyone got any clues as to what this traffic may actually be? It's got me baffled.
Cheers
S.
Powerbook G4 1.5GHz 15 Mac OS X (10.4.4)

Understanding ipfw.log

Similar Messages

Maybe you are looking for