Hoping a Sys Admin Can Explain This
Hi!
A strange thing happened this morning. I was looking at a video on YouTube, (Hebrew Hammer trailer!), when Little Snitch alerted me to an incoming connection on port 88, trying to connect to krb5kdc. I did a whois on the IP address, and it indicated that it originated with a Chinese ISP. So, being the paranoid sort, I went back to Little Snitch and hit "Deny Forever." Instantly, the translucent curtain dropped, my computer was frozen, and I was advised in four languages to do a hard reboot. This is the first time my five-year-old computer ever froze or crashed.
So, once I repaired the HD and got back up, I took a look at the logs:
11/28/13 11:49:55 AM | Firewall[80] | Allow krb5kdc connecting from 202.206.242.98:63793 to port 88 proto=6 |
There's nothing in any of the Little Snitch logs near this timestamp, and nothing at all in it's spindump log. If Little Snitch caused the crash, shouldn't there be something there? Also, the krb5kdc log is completely empty.
Perhaps I don't know where to look, but I can't figure out what caused the crash/freeze. I know krb5kdc has to do with Kerberos authentication, but don't really understand how it's used, or why. How was the connection allowed, when I tried to deny it? Shouldn't the system's firewall automatically deny incoming connections, unless specifically authorized? Why would someone be trying to connect to my IP on port 88? There are a couple of known exploits involving port 88, but I have no idea how that stuff works. I guess the thing I ultimately want to know is, should I be paranoid and suspicious about all this? If so, what steps should I take?
OS 10.6.8
connected via VPN (iPredator)
not sure what other info would be helpful,
but happy to supply it on request
MacBook, Mac OS X (10.6.8), Matching white Peterbilt 386