Firewall & Security

[powermac]

Out of curiosity, I am wondering if other people have similar experiences with firewall. I have mine set on all the options. I have airport Extreme and broadband connection (roadrunner) 10.4.6. Here is a small sample of my log file:

Jun 11 08:15:21 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55743 from 64.12.145.24:80
Jun 11 08:15:21 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55720 from 64.12.145.24:80
Jun 11 08:15:21 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55744 from 64.12.145.24:80
Jun 11 08:15:21 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55728 from 64.12.145.24:80
Jun 11 08:15:21 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55724 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55725 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55729 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55722 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55733 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55740 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55727 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55738 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55741 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55735 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55731 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55730 from 64.12.145.24:80
Jun 11 08:15:22 PowerBook-G4 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:55726 from 64.12.145.24:80

What does this mean? Some one from that IP address has tried to access my computer?

 

[nixgeek]

I've seen this as well on my iMac G5 using my Earthlink account. It's possible that someone is attempting to get in but probably failed to do so, and syslog is letting you know that. I could be wrong though, but I don't want to worry about it just yet.

 

[barhar]

Via 'Terminal' ('/Applications/Utilities/' folder) enter ...

whois 64.12.145.24

... and press the <return> key.

Below is what I received ...

'Welcome to Darwin!
s:~ s$ whois 64.12.145.24

OrgName: America Online, Inc.
OrgID: AMERIC-158
Address: 10600 Infantry Ridge Road
City: Manassas
StateProv: VA
PostalCode: 20109
Country: US

NetRange: 64.12.0.0 - 64.12.255.255
CIDR: 64.12.0.0/16
NetName: AOL-MTC
NetHandle: NET-64-12-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Assignment
NameServer: DNS-01.NS.AOL.COM
NameServer: DNS-02.NS.AOL.COM
Comment:
RegDate: 1999-12-13
Updated: 1999-12-16

RTechHandle: AOL-NOC-ARIN
RTechName: America Online, Inc.
RTechPhone: +1-703-265-4670
RTechEmail: domains@aol.net

# ARIN WHOIS database, last updated 2006-06-08 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
s:~ s$ '

It appears you are accessing (or being accessed by) AOL via port 80 (that of a web browser application).

 

[macworks]

This could be something as simple as a search engine bot attempting to see if there's a site present at your IP and if it found one, it would attempt to index it.

My point is that it's easy to visualize (jump to conclusions) that some 16-year old cracker is on the other end trying to perform malicious tasks on your computer, when it could and is more likely to be something harmless.

 

[chemistry_geek]

After I had Comcast broad band internet access for an hour, I realized that I should activate the firewall. I turned-on "Block UDP Traffic", "Enable Firewall Logging", "Enable Stealth Mode". There are two Widgets you can download: "GeoLocate" and "IPLocator". I've used GeoLocate to see from where my connection attempts originate. About half of my connection attemps are from CHINA, the other half are from the U.S.A. and Europe (mostly U.S.A.).

Someone's poking around a lot of computers...