Home Forums OS X Server and Client Discussion Questions and Answers Q: is my MacOS X server being hacked?

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • October 22, 2004 at 7:03 pm #359636
    Nick
    Participant

    Hi, Our DNS and mail server is using the built-in ipfw running on MacOS X Server 10.3.5. We are filtering out a lot of UDP packets coming from computers in Russia. Should I worry about our computers being hacked? Any insight is greatly appreciated.

    The ipfw log follows:

    Oct 22 11:51:43 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.217 207.95.154.3 in via en0 (frag 5045:25@512)
    Oct 22 11:52:09 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.4 207.95.154.3 in via en0 (frag 20770:25@512)
    Oct 22 11:52:11 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.41 207.95.154.3 in via en0 (frag 42994:25@512)
    Oct 22 11:52:20 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.58 207.95.154.3 in via en0 (frag 37098:25@512)
    Oct 22 11:52:23 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.46 207.95.154.3 in via en0 (frag 12019:25@512)
    Oct 22 11:52:24 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.48 207.95.154.3 in via en0 (frag 13945:25@512)
    Oct 22 11:52:58 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.47 207.95.154.3 in via en0 (frag 802:25@512)
    Oct 22 11:53:34 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.76 207.95.154.3 in via en0 (frag 21637:25@512)
    Oct 22 11:54:44 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.47 207.95.154.3 in via en0 (frag 29790:25@512)
    Oct 22 11:55:26 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.49 207.95.154.3 in via en0 (frag 47996:25@512)
    Oct 22 11:55:32 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.41 207.95.154.3 in via en0 (frag 5902:25@512)
    Oct 22 11:55:38 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.7 207.95.154.3 in via en0 (frag 7222:25@512)
    Oct 22 11:56:35 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.45 207.95.154.3 in via en0 (frag 40302:25@512)
    Oct 22 11:57:02 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.42 207.95.154.3 in via en0 (frag 9637:25@512)
    Oct 22 11:57:07 saturn kernel: ipfw: 1020 Deny UDP 83.102.166.131 207.95.154.3 in via en0 (frag 7887:25@512)

    October 23, 2004 at 9:16 pm #359644
    Nick
    Participant

    Thank you very much for your reply.

    It is not killing our bandwidth, but it is very unnerving to see all that activity in the log.

    Thanks agian.

    Nick

    October 27, 2004 at 7:54 pm #359710
    Kayners
    Participant

    I review my firewall logs every day and there’s a blizzard of activity. I dump it all into a FileMaker database and filter out everything aimed at well-known Windows exploit ports (e.g. 1025->1027, 4899, 9898, etc.). That eliminates most of the entries. The remainder can be sorted and scanned (visually) to get an idea of what’s been hitting the firewall.

    While that may seem reassuring, the logs only tell me what is being blocked, not what is getting in. So, yes, you should worry. I do.

    Steve.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2026 AFP548. All Rights Reserved.