Little Snitch just caught a request by syslogd to accept an incoming connection from 17.253.21.53. Whois resolves the IP to Apple. Why is Apple trying to connect to my computer using syslogd?
MacBook Pro 15″, macOS 10.15
I just got an incoming connection to syslogd from 17.253.14.133 reported this morning.
To explain for the complainers: a firewall will allow incoming connections to the NAT-ed LAN, if there had been a prior outgoing connection. In ths case only, replies will be routed to the LAN-IP. In laymans terms, it means either syslogd or any other task had opened an outgoing connection to that internet-IP. As to why a local log daemon needs to communicate with the cloud is for Apple to answer.
If you care to run something like wireshark (or tcpdump) it would be plain visible how many connections are done to the apple cloud ervery second. It is not clear if all of these are actually needed, seems like every part has it's own (several!) cloud locations. And many of these (weather, stocks, news) cannot be turned off, and will happen even if you never ever open any of these. Yes, I did report that but I'm just one voice among millions.
I just got an incoming connection to syslogd from 17.253.14.133 reported this morning.
To explain for the complainers: a firewall will allow incoming connections to the NAT-ed LAN, if there had been a prior outgoing connection. In ths case only, replies will be routed to the LAN-IP. In laymans terms, it means either syslogd or any other task had opened an outgoing connection to that internet-IP. As to why a local log daemon needs to communicate with the cloud is for Apple to answer.
If you care to run something like wireshark (or tcpdump) it would be plain visible how many connections are done to the apple cloud ervery second. It is not clear if all of these are actually needed, seems like every part has it's own (several!) cloud locations. And many of these (weather, stocks, news) cannot be turned off, and will happen even if you never ever open any of these. Yes, I did report that but I'm just one voice among millions.
This is a month old thread, reawakened.
pgeorgan wrote:
This is just a redirect to a post about someone saying you shouldn't use third-party firewalls because it will "cause problems".
Actually, your machine will do exactly what it's intended to do, even without the internet. If you're big into iCloud stuff, sure it can be precarious to use something like Little Snitch.
That being said, in the right hands, Little Snitch is a very effective and powerful tool in combatting bloatware and spying, etc...
Judged solely by the traffic posted around here, Little Snitch exists to cause collateral-damage questions.
Which is why the perceptions of that tool lean negative around here.
Not because the tool doesn’t work, or doesn’t work well, or doesn’t do what it claims, but because the tool does work and does work well, and because the folks around here then get asked to fix the results of the damage caused, or to research and identify what is typically innocuous network activities.
We don’t get the positive postings.
As for this case, I’m mildly puzzled how IP 17/8 can even access the host involved, as most Macs are configured behind a firewall / gateway / router / NAT box. Which would default-block an incoming connection from 17/8. Which means port forwarding or NAT games or an exposed Mac on a public IP address. But details are lacking.
Apple doesn’t list UDP 514, TCP 514, or TCP 6514 TLS usage in their well-known ports list, either.
Whether Little Snitch didn’t provide details of the incoming connection, or those were omitted here, or something else got garbled somewhere?
Next steps are to use tcpdump or a TLS-capable client or maybe mitmproxy or such, and see what the incoming traffic is. On whichever port. But catching unsolicited incoming traffic gets ugly without a managed switch and port mirroring, or without some other layer 3 shenanigans. To also check if anything is connected and listening locally, too.
Or we can also assume that a security attack arising from Apple 17/8 hosts means we’re all doomed.
I suggest just blocking all incoming connection requests from syslogd.
System Settings -> Network -> Firewall -> Options
Click the '+' button and I believe you can find it over in /usr/sbin/
You can go one step further and:
The ways in which you can break your machine are not just limited to third-party software ;)
Hope this helps.
My apologies. If the first result in a Google search query is a month-old Apple Discussions post, I'll be sure to ignore it.
OP, can you please post the relevant connection details provided by Little Snitch? Incoming connection requests from 17.253.XX.XXX are quite common.
Thanks in advance.
Do you have iCloud services on, it could be that trying to sync!
Steve314 wrote:
Little Snitch just caught a request by syslogd to accept an incoming connection from 17.253.21.53. Whois resolves the IP to Apple. Why is Apple trying to connect to my computer using syslogd?
It begs the question.
Why does the user find it necessary to use a Third Party Two Way Firewall ?
Any good Access Point will only show the IP Address of the Access Point to the Internet, if Security is of importance
This is just a redirect to a post about someone saying you shouldn't use third-party firewalls because it will "cause problems".
Actually, your machine will do exactly what it's intended to do, even without the internet. If you're big into iCloud stuff, sure it can be precarious to use something like Little Snitch.
That being said, in the right hands, Little Snitch is a very effective and powerful tool in combatting bloatware and spying, etc...
pgeorgan wrote:
If the first result in a Google search query is a month-old Apple Discussions post, I'll be sure to ignore it.
Excellent strategy.
OP, can you please post the relevant connection details provided by Little Snitch? Incoming connection requests from 17.253.XX.XXX are quite common.
I'm sure the OP is long gone. If you have a specific question, you should start your own thread to get it answered. Piggy-backing onto someone else's post is only useful when you're looking to start some kind of pointless argument.
Please point to any evidence I'm trying to start an argument. Spare me the speculation in the process.
etresoft wrote:
Piggy-backing onto someone else's post is only useful when you're looking to start some kind of pointless argument.
Did it dawn on you that perhaps I was directed here because I had a similar question? Seems to me that the first responder to this question needs no help in "starting an argument".
P.S. - Do better at paying attention. OP is clearly alive and well.
Yes, I have iCloud services on and expect that Apple's apps need to synchronize with it. My perplexity arises from the fact that the incoming connection was addressed to syslogd, the log daemon. Why Apple wants to communicate with that escapes me hence my question. Instead I end up in a metadiscussion about the wisdom of using LittleSnitch and the not so subtle implication that Objective Development doesn't know what they are about.
pgeorgan wrote:
This is just a redirect to a post about someone saying you shouldn't use third-party firewalls because it will "cause problems".
Actually, your machine will do exactly what it's intended to do, even without the internet. If you're big into iCloud stuff, sure it can be precarious to use something like Little Snitch.
That being said, in the right hands, Little Snitch is a very effective and powerful tool in combatting bloatware and spying, etc...
About Apple threat notifications and protecting against mercenary spyware - Apple Support
About Lockdown Mode - Apple Support
PRP_53 wrote:
pgeorgan wrote:
This is just a redirect to a post about someone saying you shouldn't use third-party firewalls because it will "cause problems".
Actually, your machine will do exactly what it's intended to do, even without the internet. If you're big into iCloud stuff, sure it can be precarious to use something like Little Snitch.
That being said, in the right hands, Little Snitch is a very effective and powerful tool in combatting bloatware and spying, etc...
About Apple threat notifications and protecting against mercenary spyware - Apple Support
About Lockdown Mode - Apple Support
Are you suggesting OP turn on Lockdown Mode as a means to address his syslogd question?
pgeorgan wrote:
PRP_53 wrote:
pgeorgan wrote:
This is just a redirect to a post about someone saying you shouldn't use third-party firewalls because it will "cause problems".
Actually, your machine will do exactly what it's intended to do, even without the internet. If you're big into iCloud stuff, sure it can be precarious to use something like Little Snitch.
That being said, in the right hands, Little Snitch is a very effective and powerful tool in combatting bloatware and spying, etc...
About Apple threat notifications and protecting against mercenary spyware - Apple Support
About Lockdown Mode - Apple Support
> Are you suggesting OP turn on Lockdown Mode as a means to address his syslogd question? <<
To answer that question politely 😎
No
That's called iCloud syncing!
Why does syslogd want to accept an incoming connection?
