Firewall log... what and who is this listening?

Discussion in 'Mac Basics and Help' started by Lordillingworth, Apr 13, 2008.

  1. macrumors regular

    Joined:
    Nov 8, 2007
    Location:
    Shropshire, UK
    #1
    I was taking a look in the firewall log of my mac last night and there were all sorts of 'Stealth mode connection attempt' but then repeated here and there throughout the log there was the message

    'krb5kdc is listening from 0.0.0.0:88 uid = 0 proto=6'

    I have no idea who or what that is, i have tried googling it and only come up with pages of jargon that i don't understand, could somebody please tell me if this is a good or bad sign, is it an apple program or something sinister?

    Please help as this is very disturbing!

    thanks,
     
  2. macrumors 6502

    chriscl

    Joined:
    Jan 4, 2008
    Location:
    Nottingham, England
    #2
    From that name, if I had to guess, I would think it would be something to do with kerberos authentication - possibly the service for managing kerberos keys?

    If you wanted to connect to Windows shares, you would need to use SMB components (Windows use SMB/CIFS for its file shares) and the authentication for those is handled by kerberos.

    In this case, I'm not surprised you'd see a kerberos app - I don't think it's anything to worry about!
     
  3. macrumors 65816

    steveza

    Joined:
    Feb 20, 2008
    Location:
    UK
    #3
    Kerberos Authentication (version) 5 Key Distribution service.

    As chriscl said this is normally related to Windows domain authentication but it is used for other things to. Do you connect to corporate networks for anything?
     
  4. thread starter macrumors regular

    Joined:
    Nov 8, 2007
    Location:
    Shropshire, UK
    #4
    Hello, thanks for the replies,

    I am not connect to any other computers in a network.

    I use wifi from a wireless router that was initially set up using a windows computer if that has any effect on matters?!

    The only windows application that i am aware that i am using is messenger for mac.

    I do use flip4mac aswell

    I can't think of anything else windows related that has any connection in any way to the mac.

    Thanks again for the help.
     
  5. macrumors 6502

    joegomolski

    Joined:
    Apr 28, 2006
    Location:
    So CA
    #5
    I installed the demo version of Little Snitch, and I was appalled to see the number of servers wanting to log onto my system.

    Little Snitch informs me of these "intrusions" I can then choose to accept the connection, or deny it.

    Many of the login attempts are by credit reporting agencies, and I don't want them having access to my system.
     
  6. macrumors 6502a

    KD7IWP

    Joined:
    Mar 8, 2004
    Location:
    American living in Canada
    #6
    wow... Credit reporting agencies? May I ask how you figured out who it was?
     
  7. macrumors 65816

    Morod

    Joined:
    Jan 1, 2008
    Location:
    On The Nickel, over there....
    #7
    Where is the firewall log?

    After reading this thread, I got curious about what would be in my firewall log. I went to SYS PREF>SECURITY>FIREWALL, but could not find a log. I opened Finder and did a search, no log there either. So, where is it? Thanks for the help!
    Morod
     
  8. macrumors 6502

    joegomolski

    Joined:
    Apr 28, 2006
    Location:
    So CA
    #8
    I figured it out by using Little Snitch.

    Little Snitch tells me, through a popup box, the identity of the server wanting access to my Mac.

    Most of the time, the servers wanting access to my Mac, are credit reporting agencies.

    Little Snitch tells me this, this program is definitely a must have for me.

    They have a demo, try it out and see for yourself.
     
  9. macrumors 65816

    merl1n

    Joined:
    Mar 30, 2008
    Location:
    New Jersey, USA
    #9
    System Prefs -> Security -> Firewall Tab. If you have it turned off (Allow all incoming traffic) than your firewall is not enabled. If you enable it by selecting one of the other options, the "Advanced Tab" will be enabled. Click that and you can enable logging and view the log from there.
     
  10. macrumors 65816

    Morod

    Joined:
    Jan 1, 2008
    Location:
    On The Nickel, over there....
    #10
    Thanks for the info! My problem is I generally use a standard account when using OS X, and the "Advanced" tab was grayed out. I need to use my Admin account to look through the log, or the box states, "You do not have permission to view this log."
    Morod
     
  11. thread starter macrumors regular

    Joined:
    Nov 8, 2007
    Location:
    Shropshire, UK
    #11
    Right then, i have just gone to 'sharing' in 'preferences' and disabled file sharing... why it was enabled i am not sure as i don't have anything i would want to stick on another computer!

    I will see if that has something to do with this kerberos weird thing in the log, i will wait a day or two and see if it has appeared then and post back with my findings!
     

Share This Page