What are these stealth mode connection attempts and should I be concerned?

Viewing 7 reply threads
  • Author
    Posts
    • #5926
      macattack
      Participant

      Apologies if this is the wrong forum to post this, it’s my best guess.

      I’ve setup my ipfw firewall on Mac Snow Leopard.  In checking my console logs, I continually get this message:

      Stealth mode connection attempt to UDP 10.8.4.14:(port) from ip address

      The ip addresses are almost always the following ones
      178.47.171.97
      216.131.95.20
      71.146.211.156
      128.194.77.181
      87.221.235.25
      70.109.191.180
      72.23.181.106
      174.103.147.143
      217.149.5.169
      209.59.255.39
      210.242.195.50

      I looked up these addresses with http://whois.domaintools.com/

      Some interesting results:
      178.47.171.97 Russian Federation Ojsc Uralsvyazinfor

      216.131.95.20 United States South Lake Tahoe Reliablehosting.com – Network Services
      (Interesting message afterwards)
      Reverse IP:
      1 website uses this address. (example: uktranssexual.com)

      71.146.211.156 United States Sarah

      128.194.77.181 United States College Station Texas A&m University

      87.221.235.25 Spain Barcelona Jazztel Triple Play Services

      70.109.191.180 United States South Londonderry Fairpoint Communications I

      72.23.181.106 United States Meadville Armstrong Cable Service

      174.103.147.143 United States Milford Road Runner Holdco Ll

      217.149.5.169 Spain Filnet Serveis I Comunicacions

      209.59.255.39 United States Charlotte Carolina Internet Ltd

      210.242.195.50 Taiwan Taipei Nextlink Ltd

      There are more but I guess it’s not worth posting?

      What’s most interesting is 216.131.95.20.  There are many repeat occurrences of this.  Almost all repeat at some point in the log, but this one in particular is quite often.

      What are these connection attempts and should I be concerned?

    • #37119
      macattack
      Participant

      I’ve also notice din my Little Snitch app firewall it reports this:

      mDNSResponder connection to ns1.california.net
      Which resolves to 216.131.95.20

      A Google search for
      “ns1.california.net” mDNSResponder
      returns zero results.

      What’s going on?  Can anybody help?

    • #37120
      macattack
      Participant

      Not only that, but every time I click refresh page it shows it’s connecting to ns1.california.net

    • #37121
      hayabusa
      Participant

      Sounds to me like ns1.california.net is a nameserver, and you’re seeing DNS resolution for whatever is browsing and needs to resolve names to ip addressess.  Very likely normal traffic, there.

    • #37122
      macattack
      Participant

      Thanks for the help.  It seems ok…but, what is this:

      216.131.95.20 United States South Lake Tahoe Reliablehosting.com – Network Services
      (Interesting message afterwards)
      Reverse IP:
      1 website uses this address. (example: uktranssexual.com)

      Why does it say “1 website uses this address..”

      Putting in this address in google turns up a LOT of porn sites:
      ns1.california.net

      Can I block this site, will it cause problems?
      Or better yet, is there a way to make sure it’s resolving names as opposed to accessing servers for a malicious intent?

    • #37123
      macattack
      Participant

      Also, why does it say “steal mode connection attempt?”

      The fact that my internet accesses this IP and and has stealth mode attempts is very disturbing.

    • #37124
      macattack
      Participant

      Apologies…turns out it’s the nameserver for my VPN service.

      =)

      Thanks again for your help (I’m still learning).

    • #37125
      hayabusa
      Participant

      No worries, macattack.  That’s what we’re all here for – knowledge share and learning.

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?