Skip navigation

Firewall - stealth mode connection attempts from AEBS to computer

7101 Views 31 Replies Latest reply: Mar 3, 2012 6:21 PM by fane_j RSS
1 2 3 Previous Next
thetidytiger Level 1 Level 1 (15 points)
Currently Being Moderated
Feb 29, 2012 8:58 PM

Console log is packed with Info messages realted to connection attempts from AEBS router. Is that normal?

 

also, system profiler states:  Firewall Logging:          No /  Stealth Mode:          No. Why the discrepancy?

MacBook Pro, Mac OS X (10.6.7), assorted apple products
  • fane_j Level 4 Level 4 (3,655 points)

    chriswalsh wrote:

     

    Console log is packed with Info messages realted to connection attempts from AEBS router. Is that normal?

    Yes, if you've enabled stealth mode. If you are behind a router which does NAT (and I believe all of them do it nowadays), you don't need stealth mode.

  • fane_j Level 4 Level 4 (3,655 points)

    chriswalsh wrote:

     

    Are you able to explain why it does that?

    Why it does what? Make pointless log entries? Bad design.

    Why if the AEBS has NAT turned on...

    Because, if you're behind a device which does NAT, your ports can't be scanned anyway.

    Do I still see connection attemPts from undesirable external IP addresses?

    Did you see any?

    also, system profiler states

    It's a known bug. See

     

    <http://support.apple.com/kb/TS3052>

  • fane_j Level 4 Level 4 (3,655 points)

    chriswalsh wrote:

     

    I've seen connection attempts from multiple IP addresses.

    Read carefully Terry Lambert's comments in this thread

     

    <https://discussions.apple.com/message/13205934#13205934>

     

    They show you not just that it's a question of bad design, but, if you understand them, also how to analyse your own traffic. If you do, indeed, find any 'undesirable' connection attempts (I should be surprised if you did), pls post them here. It means that your router is not doing its job.

  • R C-R Level 6 Level 6 (13,830 points)

    chriswalsh wrote:

     

    How can I find out which processes are associated with which ports?

    Try Well known TCP and UDP ports used by Apple software products.

     

    EDIT: You might also want to check out Mac OS X v10.5, 10.6: About the Application Firewall, especially when trying to evaluate comments about claimed "bugs" in the built-in firewall.

  • R C-R Level 6 Level 6 (13,830 points)

    fane_j wrote:

    Read carefully Terry Lambert's comments in this thread

     

    <https://discussions.apple.com/message/13205934#13205934>

     

    They show you not just that it's a question of bad design ...

    I suggest not taking Mr. Lambert's "bad design" commnets too seriously. For instance, he seems to have confused the IP addresses of two different network devices (his Mac & his Airport router) & suggested loopback (which is a virtual connection that never leaves the device) could be used as a less "expensive" way to communicate between them.

     

    He also seems to have concluded that UDP's lack of a handshake protocol makes it a "connectionless" protocol, which makes no sense -- any data transferred over a network obviously requires a connection.

     

    His main "bogosity" complaint seems to be that the logs are too "lazy" to provide the info he wants in the form he wants it. That may be true, but that is the nature of system logs -- traditionally, they are written to provide info for programmers who are expected to know how to interpret them, not for casual users who usually do not.

     

    This can lead to confusion, for example for log entries that appear to be serious errors when they may just be normal behavior indicating a program has fallen back on a planned for contingency routinely encountered in normal use.

  • fane_j Level 4 Level 4 (3,655 points)

    R C-R wrote:

     

    I suggest not taking Mr. Lambert's "bad design" commnets too seriously.

    AFAICT, the string "bad design" does not appear in the post I referred to. Please do not chastise Terry Lambert (whoever he or she may be) for someone else's sins. If anyone said 'bad design', it was I.

    he seems to have confused the IP addresses of two different network devices (his Mac & his Airport router) & suggested loopback

    No, he didn't; you misunderstood. What he is saying is that his network device (Airport, or, en1) is talking to itself through the router instead of through loopback.

    He also seems to have concluded that UDP's lack of a handshake protocol makes it a "connectionless" protocol, which makes no sense

    Terry Lambert was correct; you may have misunderstood the technical term in question. For instance, a quick look in Wikipedia reveals that,

     

    "In telecommunications, connectionless describes communication between two network end points in which a message can be sent from one end point to another without prior arrangement. […] Internet Protocol (IP) and User Datagram Protocol (UDP) are connectionless protocols." (The stress is mine.)

     

    But Wikipedia is not always to be trusted. We are not a bunch of techies here, so I'll turn to an easy, plain-language reference:

     

    "A connectionless protocol doesn’t go to the trouble of establishing a connection before sending a packet. Instead, it simply sends the packet. TCP is a connection-oriented Transport layer protocol. The connectionless protocol that works alongside TCP is called UDP." (The stress is mine.)

     

    Lowe, D. (2008). Networking all-in-one desk reference for dummies, 3rd edition. Indianapolis, IN: Wiley Publishing, Inc. ISBN 0470179155, p. 31.

  • R C-R Level 6 Level 6 (13,830 points)

    Using a Whois query in Snow Leopard's Network Utility for the IP address 67.149.105.183, I get:

     

    WideOpenWest Finance LLC WIDEOPENWEST (NET-67-149-0-0-1) 67.149.0.0 - 67.149.255.255

    WIDEOPENWEST MICHIGAN WOW-TR17-1-104-149-67 (NET-67-149-104-0-1) 67.149.104.0 - 67.149.107.255

     

    Wikipedia shows this for a Google search on "WideOpenWest Finance LLC."

     

    A similar process for IP address 84.254.20.220 leads to what may be Tellas S. A.

     

    Both appear to provide broadband services of one kind or another.

  • fane_j Level 4 Level 4 (3,655 points)

    chriswalsh wrote:

     

    I'm not quite sure I fully understand why I get to see certain things if the FW on the AEBS is doing it's stuff.

     

    There are a few entries which I'd like to understand, e.g.:

    33300 Deny ICMP:8.0 67.149.105.183  xxx.xxx.xx.xxx in via ppp0

    33300 Deny ICMP:8.0 84.254.20.220 xxx.xxx.xx.xxx in via ppp0

    Hold on.

     

    First, what exactly to you mean by AEBS? I assumed it was Airport Extreme Base Station.

     

    Second, where is this coming from? It looks like you're connecting PPPoE, but, if you're behind a router, your Mac shouldn't (couldn't) be using it. That's exactly the kind of stuff your router, not your Mac, should be doing -- if you're behind a router.

1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.