The October 2010 Blog
send me a comment

Buffalo Router Port Scans (Sunday, Oct 31)
[ permalink ] [ e-mail me ] [ ]

I was running low on hard drive space on my MacBook, so I started looking around for unusually large files and folders to archive and/or delete. I eventually found myself at the /var/log directory (open Finder, choose the menu option Go - Go to folder..., and type /var/log) which had somehow grown to be over 5GB in size. Mostly in the "asl" subfolder, which is where the aslmanager dumps all its logging info.

<sidenote>
aslmanager is the "Apple System Log data store file manager", and on a Mac this interacts with syslogd somehow to manage logfiles. Type "man aslmanager" in a Terminal window if you're curious for more.
</sidenote>

Turns out that when Time Machine went haywire on me earlier in the day (which has happened to other people too) it kind of went crazy on the logging. That's fine, I just deleted the gigantic log files and freed up the space again.

But I also started actually looking at the asl logfiles, just to see what was normally in there. By issuing a command like this:

syslog /var/log/asl/2010.10.30.asl | less

I could page through the logfile and view the contents. What I found was entries like this, every 20 seconds:

Firewall[61] : Stealth Mode connection attempt to TCP 192.168.42.10:80 from 192.168.42.1:4823
Firewall[61] : Stealth Mode connection attempt to TCP 192.168.42.10:80 from 192.168.42.1:4823
Firewall[61] : Stealth Mode connection attempt to TCP 192.168.42.10:8000 from 192.168.42.1:2447
Firewall[61] : Stealth Mode connection attempt to TCP 192.168.42.10:8000 from 192.168.42.1:2447
Firewall[61] : Stealth Mode connection attempt to TCP 192.168.42.10:8080 from 192.168.42.1:2482
Firewall[61] : Stealth Mode connection attempt to TCP 192.168.42.10:8080 from 192.168.42.1:2482
Firewall[61] : Stealth Mode connection attempt to TCP 192.168.42.10:3389 from 192.168.42.1:3896
Firewall[61] : Stealth Mode connection attempt to TCP 192.168.42.10:3389 from 192.168.42.1:3896
Firewall[61] : Stealth Mode connection attempt to UDP 192.168.42.10:137 from 192.168.42.1:2059
Firewall[61] : Stealth Mode connection attempt to UDP 192.168.42.10:137 from 192.168.42.1:2059

That's pretty much enough to stop the heart of most tech folks, because that right there is a port scan, and it's coming from inside my home network. In fact, the .1 address is my router, so I was thinking that someone might even be tunneling in from the outside somehow.

xkcd.com Campfire
original comic at http://xkcd.com/742

Searches for "mac stealth mode connection" turned up a lot of results, but none that were really relevant to my situation. All the examples I found had to do with Internet IP addresses trying to make the connection. Nothing about a local router scanning your ports.

Finally I made some search adjustments and found a forum entry on the Symantec site that described what was going on. The culprit was, in fact, my wireless router. I have a Buffalo Nfiniti WHR-HP-G300N wireless router (which I've been very pleased with) that has a setting in the Admin Config - Name section of the setup called "List Network Services":

Buffalo Router List Network Services (Port Scan)

On my router this box was checked, which apparently means that the router will constantly scan the network ports of all attached computers, all day and all night, to figure out if any of them happen to have things like a web server running.

This is the single most annoying feature I have ever seen on a wireless router, and I am amazed that it's on by default.

I unchecked the box, applied my change, and my "stealth mode connection attempts" have been quiet ever since.

Bacon. And Me. And You Guys Are Awesome. (Tuesday, Oct 12)
[ permalink ] [ e-mail me ] [ ]

"What's the deal with that Julian guy and bacon?"

This is a question that gets asked a lot (that specific quote was from yesterday), more frequently now that I have been absolutely showered with bacony goodness for the past couple months. I hope I don't miss thanking anyone, but here's a brief recap of the amazing bacon flavor my life has achieved recently. I am in total awe of the generosity of my friends as well as their willingness to encourage my many personality quirks.

At the IamLUG conference in August, Gab Davis presented me with a fantastic bacon watch that she and the lovely Kitty Elsmore found and acquired in a store of unknown parts. It is a mouthwatering and versitile adornment and accessory, and I will be buying a bacon belt to go with it very soon.

During that same conference, Jo Ann Card surprised me with a delicious Mo's Bacon Bar and a Flying Chocolate Pig. If you've never had bacon and chocolate together, you really really should try it. It might change your life.

I later almost fainted when Francie Tanner pulled out an overflowing sack of Lorenz Peppi's gožt bacon snacks. Incredibly (note the sly use of the word "edible" there...) these delicacies -- which only seem to be available in the United States by means of the GermanDeli.com website -- traveled through multiple countries to get to St. Louis and arrived uncrushed... and uneaten! This is a feat equivalent to crossing the Sahara desert on foot carrying a pan of water without either spilling or drinking it.

Unfortunately, all of these items have long since been gobbled up, and I didn't have a chance to take a picture of the real deals (or the astounded look on my face).

Then just yesterday at the TriStateLUG conference, I got two more mindblowing gifts. The first was a pan of caramel bacon brownies baked and brought down on the train by Kathy Brown. I've had 4 pieces so far, including the one I ate for breakfast this morning. Soooo good. (NOTE: I think that's the correct recipe link; I originally thought it was from a different website, but I guess I was thinking of bacon waffles).

Yesterday's second gift (not necessarily chronological order here, I get mixed up) was the custom speaker gift bag put together by Kathleen McGivney! It contained a Mo's Bacon Bar, a Flying Chocolate Pig, microwave bacon popcorn, bacon-flavored Mmmvelopes, bacon lollipop, and bacon lip balm. It should also be pointed out that Kathleen McGivney was also the one who introduced me to the wonders of Mo's Bacon Bars back at Lotusphere in January.

There is not a WOW big enough to express my wowness. Just, WOW!

Please, please understand that I don't write this as some kind of sneaky way of asking for more bacon. Truly, I have enough to last me for hours and hours, and I need no more.

But I know that I'm not nearly as outwardly appreciative as I really should be, and I'm often very late to thank people (see above), so I wanted to step up and say THANK YOU to my insanely generous friends. I am humbled... and flattered... and not in the least bit hungry anymore.