Home
Posted By: ryck Cocktail - Firewall Logs - 02/24/10 05:37 PM
Yesterday I purchased "Cocktail" and today I've been looking at a few of the features. The Files feature - Files/Logs/Firewall - displayed the following information. The third log (Stealth Mode connection attempt) is listed as 23 times yesterday and twice already today.

The Help file unfortunately doesn't have any analytical guides so I'm not sure what to make of this information. Should I be concerned? Or should I be glad my Security software is up to date?

ryck

Feb 23 17:29:20 firstname-lastname-imac Firewall[65]: Deny configd data in from 10.0.1.1:67 to port 68 proto=17

Feb 23 17:29:20 firstname-lastname-imac Firewall[65]: Deny mDNSResponder data in from fe80::223:32ff:fe95:1ec4:5353 to port 5353 proto=17

Feb 23 17:31:24 firstname-lastname-imac Firewall[65]: Stealth Mode connection attempt to UDP 10.0.1.2:60019 from 10.0.1.1:53

UPDATE (16:34:00):

I now appear to have hundreds of the "Stealth Mode connect attempt" and various amounts of the following:

Feb 24 10:02:04 firstname-lastname-imac Firewall[66]: LaunchCFMApp is listening from 0.0.0.0:3324 proto=6

Feb 24 10:02:04 firstname-lastname-imac Firewall[66]: Deny LaunchCFMApp data in from 10.0.1.2:56350 to port 2222 proto=17

Feb 24 10:24:57 firstname-lastname-imac Firewall[66]: Deny mDNSResponder data in from fe80::223:32ff:fe95:1ec4:5353 to port 5353 proto=17
Posted By: tacit Re: Cocktail - Firewall Logs - 02/25/10 05:21 AM
What you're seeing is a normal consequence of OS X's UNIX underpinnings. When you see configd accessing the network, that is how the Mac maintains things like lists of network file servers; configd helps maintain the icons you see in the Network window, among other things.

mDNSresponder is part of Bonjour, the part of OS X that maintains local no-configuration network connections. iChat, network printers, iTunes shared libraries, file servers, iPhoto libraries, and so on.

LaunchCFMapp is a part of the operating system responsible for loading and running programs that are based on Carbon. You will see network connection attempts from LaunchCFMapp when you run a Carbon program that requests network access, such as iTunes Helper.

In other words, all these network access attempts are normal, ordinary parts of OS X activity. If you use a firewall to block configd, you may have trouble accessing file servers on the network. If you block mDNSresponder, you may have trouble accessing shared iTunes libraries or remote iPhoto libraries on other servers. If you blick LaunchCFMapp, then programs like iTunes and the Microsoft Office automatic updater may not work correctly.
© FineTunedMac