[Tee]

MacOS 8.6
Cable Modem
NetBarrier 1.6 software firewall

I have two unexplained entries in the NetBarrier firewall log.

One is a connection to TCP port 8892

The other is a HTTP connection.

Both are to two different IPs that appear to be somewhere is Asia.

Both were at times when the computer was unattended and no other apps were running...

How is this possible?

[Rainy Day]

Well, for one thing, you always have apps running on your computer, even when no one is logged in! There are many system tasks and daemons running at any given time. Just do a ps -cxa from the terminal sometime.

But beyond that, you don't need to be running any software* for someone to probe your ports, and that's what happened to you. There have been a lot of attacks coming from Asia lately, so it's not surprising that's the origin of the probes.

The bad guys are out there, shooting in the dark, hoping to get lucky. Mostly they're looking for systems running MS software, because that is always an easy target. But it drives home the need to take security seriously. The InterNet levels the playing field in that everyone is your next-door-neighbor; there are no "good neighborhoods" because there is no physical isolation from the dregs of society. Unfortunately, this tends to lower everything to the lowest common denominator. Everyone lives in the slums online.

____________________
* Well, okay, you have to be running some software, like the system (kernel).

[ghporter]

I wholeheartedly agree with Rainy Day-there are very bad people out there who want to steal from you, make your system unusable, or even kidnap your system and make it a zombie to attack other systems. Very bad people indeed. Also, very unlucky people, because they have to roll the dice every time they try to do anything bad, and often the dice come up against them.

The odds that your system has been targeted specifically are infinitesimal. Odds that your ISP's address range has been targeted are quite good, but that's not a problem, because your logs show probes, but not attacks. Somebody knows that there's something behind your IP (at the time you were probed). That's not much to base a real attack on, and there are bigger, more vulnerable fish to go after, so don't sweat too much.

That is not to say "don't sweat at all." On the contrary. Now is a perfect time to see the utility of at least a cable/DSL router, if not a more elaborate protection system. With a router, you can make everything behind your IP completely invisible-the router passes only replies to requests you've sent out. Properly configured, it will exist in a stealth mode that is hard to find from outside, even with very good hacking tools. They're cheap, easy to use, and provide both privacy and security; all good reasons to look into them.

And don't get the impression that, because Rainy Day points out that Windows/Intel systems are most often targeted that MacOS makes you safe. It's just that there are far more businesses built around Wintel systems, leaving more people to goof in more ways when it comes to security. OS X and its successors are built on Unix, which has more than its share of vulnerabilities. That there is a less lucrative target population running MacOS (few major banks do their business operations on Macs, etc.) is a somewhat mitigating factor, but not anything to get smug about. Eventually some script kiddie will want to flex his coding muscles and go after fresh meat-the Mac user community. Face it, we're a pretty laid back crowd, and it's hard enough to get many Mac users to use worthwhile passwords on their email and bank accounts-as a whole, security-wise we'll be as vulnerable as a bunch of newly hatched chicks.