Why is macOS syslogd listening for UDP connections?
a year ago
- #syslogd
- #macOS
- #Network Security
- Little Snitch alerted to an incoming connection attempt from a Google-controlled IP (142.250.191.99) to UDP port 56878.
- The connection attempt coincided with an outgoing Safari connection to fonts.gstatic.com using QUIC protocol.
- Port 56878 was randomly selected by syslogd, which was unexpectedly listening for UDP connections despite default configurations suggesting otherwise.
- The incident appears to be a coincidence where the same local UDP port was used by both syslogd and Safari's QUIC connection.
- syslogd's UDP listener behavior is inconsistent, appearing across macOS versions from Monterey onwards, but not always active.
- The reason for syslogd listening on UDP ports remains unclear, raising potential security concerns.