03-09-2007, 04:14 AM
I have been doing some looking about how to better secure my system as I'm getting satellite internet (ONLY option available for me if I want better than dialup - and I mean ONLY) and will be always connected, so to speak. Actually, for many months now, I am basically always connected via AOL - they never disconnect me so I just stay on for days at a time until I reboot or disconnect for some other reason, so I really should have known more about being secure to the maximum all along.
I have just always used OS X firewall and set at most secure - Stealth Mode enabled no services enabled. Probably I am ok with these settings?
However, in checking Firewall Log, I was shocked to see such a large (IMO) number of connection attempts - between midnight last night and 9 PM tonight a total of 444! Yes, 444 - is that a lot? Seems so to me, but that's why I'm here asking.
Most have similar wording in the log, usually one of the two following:
1. Stealth Mode connection attempt to UDP 172.192.183.182 from (some IP here) - this is most frequent type
2. 12190 Deny TCP 12.24.127.147:16679 172.192.183.182:2967 in via ppp0 in via ppp0 with the 2nd IP being mine; only item that changes is other IP number
Ran a Whois on just a few if the IP numbers and came up with such innocent-sounding names as:
Women's Health
Shaw Cable
and then came to one that said:
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
ReferralServer: whois://whois.afrinic.net
Have the Nigerian emailers found me? I NEVER read their emails.
But seriously, folks, does anyone that knows about this kind of stuff have any thoughts on all this - does anyone that doesn't know but might hazard a guess?
Thanks for any thoughts.
I have just always used OS X firewall and set at most secure - Stealth Mode enabled no services enabled. Probably I am ok with these settings?
However, in checking Firewall Log, I was shocked to see such a large (IMO) number of connection attempts - between midnight last night and 9 PM tonight a total of 444! Yes, 444 - is that a lot? Seems so to me, but that's why I'm here asking.
Most have similar wording in the log, usually one of the two following:
1. Stealth Mode connection attempt to UDP 172.192.183.182 from (some IP here) - this is most frequent type
2. 12190 Deny TCP 12.24.127.147:16679 172.192.183.182:2967 in via ppp0 in via ppp0 with the 2nd IP being mine; only item that changes is other IP number
Ran a Whois on just a few if the IP numbers and came up with such innocent-sounding names as:
Women's Health
Shaw Cable
and then came to one that said:
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
ReferralServer: whois://whois.afrinic.net
Have the Nigerian emailers found me? I NEVER read their emails.
But seriously, folks, does anyone that knows about this kind of stuff have any thoughts on all this - does anyone that doesn't know but might hazard a guess?
Thanks for any thoughts.