3 Replies Latest reply: Dec 24, 2009 5:38 PM by warren.peace
warren.peace Level 1 Level 1 (0 points)
So. Frustrated. I've tried so many different things that I'm not really even sure where to start. Disclaimer: I might be a bit too cautious when it comes to security, and I have just enough knowledge to make my paranoia go into overdrive. Hopefully there's nothing seriously wrong here.

I'm running 10.4 on a MBP. I have the firewall enabled (Apple's and my router's) with all the services turned off, Stealth Mode enabled, block all UDP traffic, etc. A couple of spam emails bounced back to me that had originated from my account. The headers indicated that it was coming from a 10.103.197.1. I ran a traceroute and came up with nothing. After some Googling, I found out it's a blackhole. I got nervous and checked the ipfw logs and found a lot of connection attempts. Most, of course, are from sites I had visited, but a few IP addresses and ports looked strange. The logs are pretty lengthy, but here's a snippet. Again, I know a little, but I don't know enough to be 100% about what's normal and what isn't. I know a lot of them are safe websites, but I don't understand why they're trying to connect to the specific ports - I couldn't find any info on most of the ports. Bear with me if some of this is obviously benign.

Dec 20 21:11:05 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:05 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:06 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:11:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51335 from 209.85.225.100:80
Dec 20 21:14:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51373 from 72.32.194.250:80
Dec 20 21:14:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51373 from 72.32.194.250:80
Dec 20 21:14:35 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51373 from 72.32.194.250:80
Dec 20 21:15:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:15:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:15:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:16:01 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51414 from 208.111.168.7:80
Dec 20 21:41:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:15 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:33 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 21:41:57 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:51807 from 74.54.212.168:80
Dec 20 22:28:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:28:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:28:55 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:29:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:29:31 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:30:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52235 from 81.93.57.98:80
Dec 20 22:51:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:51:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:51:36 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:51:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52481 from 66.114.53.22:80
Dec 20 22:52:33 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:52:36 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:52:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:52:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:53:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:54:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52502 from 208.109.107.127:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52579 from 66.114.53.23:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52583 from 66.114.53.28:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52584 from 66.114.53.28:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52604 from 66.114.53.17:80
Dec 20 22:54:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52582 from 66.114.53.28:80
Dec 20 22:54:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52605 from 66.114.53.17:80
Dec 20 22:54:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52607 from 66.114.53.17:80
Dec 20 22:54:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:54:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52579 from 66.114.53.23:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52583 from 66.114.53.28:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52584 from 66.114.53.28:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52604 from 66.114.53.17:80
Dec 20 22:54:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52582 from 66.114.53.28:80
Dec 20 22:54:26 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52605 from 66.114.53.17:80
Dec 20 22:54:26 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52607 from 66.114.53.17:80
Dec 20 22:54:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:54:36 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52567 from 66.114.53.51:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52579 from 66.114.53.23:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52568 from 66.114.53.51:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52583 from 66.114.53.28:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52584 from 66.114.53.28:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52604 from 66.114.53.17:80
Dec 20 22:54:37 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52582 from 66.114.53.28:80
Dec 20 22:54:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52605 from 66.114.53.17:80
Dec 20 22:54:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52613 from 66.114.53.28:80
Dec 20 22:54:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52607 from 66.114.53.17:80
Dec 20 22:54:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 22:55:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52581 from 63.84.95.58:80
Dec 20 23:14:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:49 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:53 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:14:58 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52900 from 209.85.225.101:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53027 from 66.114.53.48:80
Dec 20 23:16:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52986 from 66.114.53.48:80
Dec 20 23:16:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52989 from 66.114.53.48:80
Dec 20 23:16:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52985 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52996 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52987 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52990 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52988 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52995 from 66.114.53.48:80
Dec 20 23:16:21 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52993 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52994 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53018 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53021 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53020 from 66.114.53.48:80
Dec 20 23:16:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53019 from 66.114.53.48:80
Dec 20 23:16:23 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53027 from 66.114.53.48:80
Dec 20 23:16:26 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52986 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52996 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52992 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52987 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52988 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52995 from 66.114.53.48:80
Dec 20 23:16:27 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52993 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52994 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53018 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53021 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53020 from 66.114.53.48:80
Dec 20 23:16:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:29 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53019 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52989 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52985 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52986 from 66.114.53.48:80
Dec 20 23:16:38 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52996 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52987 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52992 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52988 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52995 from 66.114.53.48:80
Dec 20 23:16:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52993 from 66.114.53.48:80
Dec 20 23:16:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:52994 from 66.114.53.48:80
Dec 20 23:16:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53020 from 66.114.53.48:80
Dec 20 23:16:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53021 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53025 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53026 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53023 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53022 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53019 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53027 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:16:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:16:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53077 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:16:45 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:16:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:16:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53077 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:16:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:16:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:17:02 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53077 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53081 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53085 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53095 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53083 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53089 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53080 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53092 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53090 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53088 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53096 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53078 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53084 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53082 from 66.114.53.48:80
Dec 20 23:17:03 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53097 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53087 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53091 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53098 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53079 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53086 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53094 from 66.114.53.48:80
Dec 20 23:17:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53093 from 66.114.53.48:80
Dec 20 23:37:58 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:02 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:38:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:11 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:13 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:13 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:16 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:31 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:31 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:39:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53642 from 195.24.233.53:80
Dec 20 23:39:53 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:39:55 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:39:55 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:39:56 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:39:56 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:40:41 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53669 from 208.109.107.127:80
Dec 20 23:40:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53678 from 208.109.107.127:80
Dec 20 23:40:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53674 from 208.109.107.127:80
Dec 20 23:40:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53677 from 208.109.107.127:80
Dec 20 23:40:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53676 from 208.109.107.127:80
Dec 20 23:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 20 23:58:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53817 from 209.85.225.113:80
Dec 21 00:01:11 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:01:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:01:20 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:01:32 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53919 from 208.69.36.230:80
Dec 21 00:11:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:11:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:11:57 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:12:09 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:53967 from 208.69.36.231:80
Dec 21 00:25:14 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:15 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:15 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:17 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:19 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:25:24 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54092 from 209.85.225.100:80
Dec 21 00:26:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54106 from 216.119.110.211:80
Dec 21 00:26:44 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54106 from 216.119.110.211:80
Dec 21 00:26:51 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54106 from 216.119.110.211:80
Dec 21 00:29:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 00:29:46 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 00:29:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 00:30:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:54147 from 69.90.98.85:80
Dec 21 23:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:56927 from 168.143.171.84:80

In an attempt to keep this as short as I can, I'm just going to list the repeat hits.
209.85.225.100 (Go Daddy - no reason for this to be on here, is there?) attempting to connect to 54458, 54459, 55509, etc. There are quite a few of these.

Dec 22 05:26:48 abcd ipfw: 12190 Deny TCP 85.17.154.200:63777 192.168.1.xxx:22 in via en1 This one particularly disturbed me. Does it mean my computer was trying to connect to 85.17.154 from PORT 22?! That's not good, is it? What's more, I have Little Snitch, so I'm not really sure how this didn't pop up.
Dec 22 21:43:41 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:52910 in via en1
Dec 22 21:43:41 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:52910 in via en1
Dec 22 21:47:18 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:61905 from 192.168.1.xxx:53
Dec 22 21:47:23 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:49775 from 208.67.222.222:53
Dec 22 21:55:47 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:64315 from 192.168.1.xxx:53
Dec 22 21:55:49 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:62435 from 208.67.222.222:53
Dec 22 22:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:59:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:58538 in via en1
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.220:53 192.168.1.xxx:51316 in via en1
Dec 22 21:47:18 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:61905 from 192.168.1.xxx:53
Dec 22 21:47:23 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:49775 from 208.67.222.222:53
Dec 22 21:55:47 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:64315 from 192.168.1.xxx:53
Dec 22 21:55:49 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:62435 from 208.67.222.222:53
Dec 22 22:58:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:12 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:58:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 22:59:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:59718 from 72.47.236.203:80
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.222:53 192.168.1.xxx:58538 in via en1
Dec 22 23:02:39 abcd ipfw: 35000 Deny UDP 208.67.222.220:53 192.168.1.xxx:51316 in via en1
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60980 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60981 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60982 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60983 from 140.239.191.10:80
Dec 23 21:28:47 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60983 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60982 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60981 from 140.239.191.10:80
Dec 23 21:28:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60980 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60983 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60982 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60981 from 140.239.191.10:80
Dec 23 21:28:50 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60980 from 140.239.191.10:80
Dec 23 21:28:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:60984 from 140.239.191.10:80 (Lots more of these)
Dec 23 21:32:37 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:51887 from 192.168.1.xxx:53
Dec 23 23:26:13 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:62632 from 192.168.1.xxx:53
Dec 24 00:00:29 abcd ipfw: 10100 Deny TCP 212.18.195.102:16955 192.168.1.xxx:22 in via en1
Dec 24 03:37:08 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49322 from 208.69.36.231:80
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:53 in via en1
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:443 in via en1
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:25 in via en1
Dec 24 03:53:44 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:22 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:443 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:53 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:22 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:25 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54229 192.168.1.xxx:143 in via en1
Dec 24 03:53:45 abcd ipfw: 12190 Deny TCP 66.230.207.58:54230 192.168.1.xxx:143 in via en1
Dec 24 03:53:51 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:54229
Dec 24 03:53:52 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:54230
Dec 24 03:57:16 abcd ipfw: 12190 Deny TCP 66.230.207.58:44027 192.168.1.xxx:53 in via en1
Dec 24 03:57:16 abcd ipfw: 12190 Deny TCP 66.230.207.58:44028 192.168.1.xxx:53 in via en1
Dec 24 03:57:16 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:44027
Dec 24 03:57:17 abcd ipfw: Stealth Mode connection attempt to UDP 192.168.1.xxx:53 from 66.230.207.58:44028
Dec 24 04:03:06 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:16 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:18 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:39 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:03:40 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:03:42 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:03:43 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:03:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:03:48 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:03:52 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49397 from 87.230.55.47:80
Dec 24 04:03:54 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:04:00 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:00 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:04:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:04 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49401 from 87.230.55.47:80
Dec 24 04:04:06 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:04:07 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:10 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:16 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:22 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49407 from 87.230.55.47:80
Dec 24 04:04:25 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49403 from 87.230.55.47:80
Dec 24 04:04:28 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49410 from 87.230.55.47:80
Dec 24 04:04:30 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49405 from 87.230.55.47:80
Dec 24 04:04:33 abcd ipfw: Stealth Mode connection attempt to TCP 192.168.1.xxx:49414 from 87.230.55.47:80

It keeps going on and on. Here's a Netstat:
NETSTAT:
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0  192.168.1.xxx.54159    209.85.225.101.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54158    209.85.225.101.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54157    209.85.225.100.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54156    209.85.225.100.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54155    209.85.225.100.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54154    209.85.225.100.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54153    209.85.225.101.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54152    209.85.225.101.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54151    209.85.225.101.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54150    209.85.225.101.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54149    208.69.36.230.80       ESTABLISHED
tcp4       0      0  192.168.1.xxx.54140    209.85.225.113.80      ESTABLISHED
tcp4       0      0  192.168.1.xxx.54099    63.84.95.75.80         ESTABLISHED
tcp4       0      0  192.168.1.xxx.54098    63.84.95.75.80         ESTABLISHED
tcp4       0      0  192.168.1.xxx.54038    63.84.95.75.80         ESTABLISHED
tcp4       0      0  192.168.1.xxx.54034    63.84.59.50.80         ESTABLISHED
tcp4       0      0  192.168.1.xxx.54033    63.84.59.50.80         ESTABLISHED
tcp4       0      0  127.0.0.1.1033         127.0.0.1.920          ESTABLISHED
tcp4       0      0  127.0.0.1.920          127.0.0.1.1033         ESTABLISHED
tcp4       0      0  .                    .                    CLOSED
tcp4       0      0  127.0.0.1.631          .                    LISTEN
tcp4       0      0  .                    .                    CLOSED
tcp4       0      0  127.0.0.1.1033         127.0.0.1.1021         ESTABLISHED
tcp4       0      0  127.0.0.1.1021         127.0.0.1.1033         ESTABLISHED
tcp4       0      0  127.0.0.1.1033         .                    LISTEN
udp4       0      0  *.5353                 .                    
udp4       0      0  .                    .                    
udp4       0      0  .                    .                    
udp4       0      0  *.631                  .                    
udp4       0      0  .                    .                    
udp4       0      0  127.0.0.1.49164        127.0.0.1.1022         
udp4       0      0  127.0.0.1.49163        127.0.0.1.1022         
udp4       0      0  127.0.0.1.1022         .                    
udp4       0      0  127.0.0.1.49162        127.0.0.1.1023         
udp4       0      0  127.0.0.1.1023         .                    
udp4       0      0  192.168.1.85.123       .                    
udp6       0      0  fe80:5::214:51ff.123   .                    
udp4       0      0  127.0.0.1.123          .                    
udp6       0      0  fe80:1::1.123          .                    
udp6       0      0  ::1.123                .                    
udp6       0      0  *.123                  .                    
udp4       0      0  *.123                  .                    
udp6       0      0  *.5353                 .                    
udp4       0      0  *.5353                 .                    
udp4       0      0  127.0.0.1.1033         .                    
icm6       0      0  .                    .      

63.84.59.50 is blacklisted as are some others - can't remember exactly what they are. I got a little discouraged and stopped checking all the IPs. Okay, so here's what I've done: Ran Clam (clean results), ran MacScan and found 1 tracking cookie that I removed, reconfigured Little Snitch and blocked the majority of the IPs. Oh - how do you manually block an IP range from the firewall? I can't figure that out.

OH - one more thing that I thought was really strange: I was poking around in Terminal and ran the who command just out of curiosity.

17:49 up 13:20, 3 users, load averages: 0.18 0.24 0.29
USER TTY FROM LOGIN@ IDLE WHAT
janed console - 13:35 4:13 -
janed p1 - 17:49 - w
janed p2 - 13:51 3:56 -

Let's pretend my user name name is janedoe. Why would it only show janed? There IS no user named janed. So I tried to investigate more:

abcd:~ abcd$ whoami
abcd

abcd:~ janedoe$ who
janed console Dec 24 13:35
janed ttyp1 Dec 24 17:49
janed ttyp2 Dec 24 13:51

I'm really hoping this is just a fluke. I'm sorry this is so long, but I'm desperate here. I appreciate any input that you guys can give me! Many thanks.

1.83 GHz Intel Core Duo, Mac OS X (10.4.11)
  • 1. Re: ipfw Logs and Other Delightful Issues
    BDAqua Level 10 Level 10 (116,470 points)
    Hi warren.peace, and a warm welcome to the forums!

    A couple of spam emails bounced back to me that had originated from my account. The headers indicated that it was coming from a 10.103.197.1. I ran a traceroute and came up with nothing.


    Not to worry on that one, many Spammers fake//spoof the IP to get it delivered by returning it!

    I don't understand why they're trying to connect to the specific ports - I couldn't find any info on most of the ports


    I'm on Dial-up & get thousands of attempts some days

    Run this on some of the ports you're worried about, click on SG security scan: port 51335 here for instance...

    http://www.speedguide.net/port.php?port=51335&print=friendly

    Dec 22 05:26:48 abcd ipfw: 12190 Deny TCP 85.17.154.200:63777 192.168.1.xxx:22 in via en1 This one particularly disturbed me. Does it mean my computer was trying to connect to 85.17.154 from PORT 22?! That's not good, is it? What's more, I have Little Snitch, so I'm not really sure how this didn't pop up.


    No, it means 85.17.154.200...

    ** Registrant:
    Trends Yaz�l�m
    Cemal Pa�a Mahallesi Bahar Caddesi Ne�e Apartman�
    alt� No : 3/A
    Adana,
    T�rkiye

    Was trying to see if they could connect to you by ftp. Little Snitch is great.

    208.67.222.222 is OpenDNS, no worry really.

    On the janed thing, what do these 2 report in terminal...

    w

    who
  • 2. Re: ipfw Logs and Other Delightful Issues
    warren.peace Level 1 Level 1 (0 points)
    Thanks, BDAqua. Yeah - I had gone to Speed Guide to check out all the ports higher than 1024 (ephemeral ports?) and came up with nothing. I'm relieved to know that I should just ignore them. Should I try to block the IPs that are less than reputable, i.e., 85.17.154.200?

    Here you go:

    abcd:~ janedoe$ w
    19:35 up 15:06, 3 users, load averages: 0.44 0.56 0.50
    USER TTY FROM LOGIN@ IDLE WHAT
    janed console - 13:35 5:59 -
    janed p1 - 19:34 - w
    janed p2 - 13:51 5:42 -

    abcd:~ janedoe$ who
    janed console Dec 24 13:35
    janed ttyp1 Dec 24 19:34
    janed ttyp2 Dec 24 13:51

    Thanks again so very much.
  • 3. Re: ipfw Logs and Other Delightful Issues
    BDAqua Level 10 Level 10 (116,470 points)
    Should I try to block the IPs that are less than reputable, i.e., 85.17.154.200?


    I think on my work/10.4.11 Mac I have whole regions of the world blocked, same on my BBS, like Russia, China, Netherlands, etc., as well as a hosts file a mile long!

    Sounds like janed is janedoe for some reason.