fane_j wrote:
What he is saying is that his network device (Airport, or, en1) is talking to itself through the router instead of through loopback.
What he said was:
Mar 12 03:08:47 laptop Firewall[61]: Stealth Mode connection attempt to UDP 192.168.0.23:63923 from 192.168.0.1:53
Notice that the IP address is the same for both of them.
IP address 192.168.0.23 (presumably that of his Mac) is not the same as IP address 192.168.0.1 (presumably that of his router/access point). Port 53 is the "well known" port for DNS, which must use what he calls the "main network interface" to reach his ISP's (or any other non-local) DNS server through the router/access point.
He also seems to be confusing mDNSResponder (used by Bonjour on UDP port 5353) with DNS. Like DNS, Bonjour would be useless if implemented through loopback -- its function is device discovery on the local area network the device (here, the Mac) is a part of, so it must of necessity 'talk' to the router to see what else is connected to it.
Terry Lambert was correct; you may have misunderstood the technical term in question.
Calling UDP "connectionless protocol" is technically correct, but not in the not-so-technical sense he used it -- UDP clearly requires a network connection & there is nothing wrong with or buggy about logging a connection attempt on a UDP port.
He sort of figures out some of this in his discussion of Windows file sharing (SMB), like that 192.168.0.1 is the IP address of his router rather than the one in use by his en1 interface on his Mac, but he still seems fairly confused about what network traffic is coming from his LAN vs. WAN connection, & which device on his LAN is responsible for which part of the local traffic, & about OS X specific networking in general.
That may not be true but this appears to be his only post to ASC so it is hard to say much about his opinion other than it doesn't make a very convincing argument for any alleged "bad design" issues in the logs.