Hi everyone,
- Jan 20, 2018 Still, your Mac's standard firewall allows for these unlikely connections, but a customized Intego ISB X6 firewall (a 3rd-party firewall for Macs that run anything at, or newer, than the Leopard Operating System) will block them. You can also try to use Little Snitch with Intego's ISB X6 (VBX6).
- Feb 11, 2018 I got little snitch for just this reason. I block everything until I look it up, auto deny everything go back and fix later. Do a Whois on the domain name that's trying to open and do a trace route or even search for the site on google and see what you find. You can usually get a.
I was wondering if someone could explain the protected rules at the top of the LS configuration, and why I would enable or disable them?
Feb 28, 2018 For me the last seven are trusted items in that I know what they belong to (Java update info to run Adobe products, some Adobe stuff itself, the Little Snitch install and an item to do with my Printer) There is one item there though that does refer back to when this Mac User Account was migrated from a G4 computer.
What are ICMP/UDP incoming connections? I know the right hand side of the LS configuration provides a little explanation for both, but I would like some more information on it. Would my internet experience suffer if I were to disable them? What's the risk, in terms of malware/remote access, if I kept them enabled?Also - allowing outgoing or incoming connections to my local network - why would I or wouldn't I need to do that? Does it open me up to infecting my system if other machines on the network are infected (especially if I'm using public wi-fi)? I'm on the home wi-fi and I tried testing it out just then by disabling the incoming connections from local network rule. Within 5 minutes LS notified me that my Macbook (system, not me) tried to establish incoming connections to mDNSResponder, port 5353:
- from the IPv4 address associated with my Macbook on the home wifi
- from fe##::####:#$$$:$$$#:##$$
- from fe##::$$$$:##$$:$$#$:##$#
Imessage
(I figured I should disguise it just in case? Anyway, hashes are numbers, dollar signs are letters)