Cocktail - Firewall Logs - 02/24/10 05:37 PM
Yesterday I purchased "Cocktail" and today I've been looking at a few of the features. The Files feature - Files/Logs/Firewall - displayed the following information. The third log (Stealth Mode connection attempt) is listed as 23 times yesterday and twice already today.
The Help file unfortunately doesn't have any analytical guides so I'm not sure what to make of this information. Should I be concerned? Or should I be glad my Security software is up to date?
ryck
Feb 23 17:29:20 firstname-lastname-imac Firewall[65]: Deny configd data in from 10.0.1.1:67 to port 68 proto=17
Feb 23 17:29:20 firstname-lastname-imac Firewall[65]: Deny mDNSResponder data in from fe80::223:32ff:fe95:1ec4:5353 to port 5353 proto=17
Feb 23 17:31:24 firstname-lastname-imac Firewall[65]: Stealth Mode connection attempt to UDP 10.0.1.2:60019 from 10.0.1.1:53
UPDATE (16:34:00):
I now appear to have hundreds of the "Stealth Mode connect attempt" and various amounts of the following:
Feb 24 10:02:04 firstname-lastname-imac Firewall[66]: LaunchCFMApp is listening from 0.0.0.0:3324 proto=6
Feb 24 10:02:04 firstname-lastname-imac Firewall[66]: Deny LaunchCFMApp data in from 10.0.1.2:56350 to port 2222 proto=17
Feb 24 10:24:57 firstname-lastname-imac Firewall[66]: Deny mDNSResponder data in from fe80::223:32ff:fe95:1ec4:5353 to port 5353 proto=17
The Help file unfortunately doesn't have any analytical guides so I'm not sure what to make of this information. Should I be concerned? Or should I be glad my Security software is up to date?
ryck
Feb 23 17:29:20 firstname-lastname-imac Firewall[65]: Deny configd data in from 10.0.1.1:67 to port 68 proto=17
Feb 23 17:29:20 firstname-lastname-imac Firewall[65]: Deny mDNSResponder data in from fe80::223:32ff:fe95:1ec4:5353 to port 5353 proto=17
Feb 23 17:31:24 firstname-lastname-imac Firewall[65]: Stealth Mode connection attempt to UDP 10.0.1.2:60019 from 10.0.1.1:53
UPDATE (16:34:00):
I now appear to have hundreds of the "Stealth Mode connect attempt" and various amounts of the following:
Feb 24 10:02:04 firstname-lastname-imac Firewall[66]: LaunchCFMApp is listening from 0.0.0.0:3324 proto=6
Feb 24 10:02:04 firstname-lastname-imac Firewall[66]: Deny LaunchCFMApp data in from 10.0.1.2:56350 to port 2222 proto=17
Feb 24 10:24:57 firstname-lastname-imac Firewall[66]: Deny mDNSResponder data in from fe80::223:32ff:fe95:1ec4:5353 to port 5353 proto=17