Port 53 Firewall connection attempt

Discussion in 'OS X' started by multimania, Mar 27, 2010.

  1. macrumors member

    Joined:
    Nov 2, 2007
    #1
    Hi guys, i keep getting this show up in my log:

    27/03/2010 09:49:21 Firewall[7800] Stealth Mode connection attempt to UDP 10.0.1.2:59861 from 10.0.1.1:53
    27/03/2010 09:49:28 Firewall[7800] Stealth Mode connection attempt to UDP 10.0.1.2:58984 from 10.0.1.1:53
    27/03/2010 09:49:29 Firewall[7800] Stealth Mode connection attempt to UDP 10.0.1.2:61034 from 10.0.1.1:53
    27/03/2010 09:49:31 Firewall[7800] Stealth Mode connection attempt to UDP 10.0.1.2:59062 from 10.0.1.1:53
    27/03/2010 09:49:31 Firewall[7800] Stealth Mode connection attempt to UDP 10.0.1.2:65046 from 10.0.1.1:53

    It seems to happen when loading websites, my understanding is limited, but 10.0.1.1 is the Airport Extreme as far as I know. Is this harmless?

    Many thanks for any help.

    Michael
     
  2. Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #2
    DNS primarily uses User Datagram Protocol (UDP) on port number 53 to serve requests. DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. The Transmission Control Protocol (TCP) is used when the response data size exceeds 512 bytes, or for tasks such as zone transfers. Some operating systems, such as HP-UX, are known to have resolver implementations that use TCP for all queries, even when UDP would suffice.
    from http://en.wikipedia.org/wiki/Domain_Name_System
    via http://www.google.com/search?client...oe=UTF-8&redir_esc=&ei=dNatS4GJJJKpsQaTuaTBDg
     
  3. thread starter macrumors member

    Joined:
    Nov 2, 2007
    #3
    Thank you for that! So can i assume it's ok then?
     
  4. macrumors G4

    Joined:
    Mar 4, 2006
    #4
    Basically you're seeing a late DNS response which is being dropped because you have Stealth Mode enabled. Because your router (10.0.1.1) isn't really a DNS server it has to forward all requests from your Mac (10.0.1.2) out to your ISP's DNS servers, which also may have to forward the requests on further if they cannot resolve the name to an address themselves. Sometimes the responses take longer than your Mac expects so the firewall closes the connection the request was made on, meaning the returned packet is rejected. The rest of the output is how they get logged by OSX.

    Don't worry about it. It's normal behaviour.
     
  5. macrumors newbie

    Joined:
    Mar 28, 2004
    #5
    How can I turn of “bings” resulting from stealth mode connection attempts?

    Thanks for the explanation Queso, but a few weeks ago I started hearing “bings” from my iMac, (including when it was asleep), that I eventually tracked down to the same stealth mode connection attempt as reported in this thread.

    I thus have two questions:

    (1) How can I turn off the “bings”, as I can see no relevant setting in Firewall preferences?

    (2) (Less important, unless no solution to (1))
    What might have changed on my iMac to cause this phenomenon to start? (I cannot think of anything relevant that I have changed recently.)

    Environment:
    27” iMac
    2.93 GHz Intel Core i7
    12 GB SDRAM
    Mac OS X 10.7.3

    Thank you
    ________________________

     

Share This Page