The service is used for delivering you push notifications. Push notifications usually appear in the Notification Center in the top right corner of your desktop. Read more about it here:
http://support.apple.com/kb/ht5362
If you disable the service, you'll probably lose notifications for events such as received iMessage-messages, Facetime calls and notification from websites that you have requested notifications from.
From what you write, there does not seem to be a weighty reason for disabling it. It is a normal, system service that should not pose a problem to your system.
The connections in FIN_WAIT_1 state does not pose a problem to your system. You can safely ignore it (in those numbers).
You can also safely ignore the log message. The log message does not indicate that there has been a "data leak" as such.
The reason for the log message is that Apple uses a large number of servers for sending your push notifications. Your computer will connect to a (somewhat) random of those servers. The server will present a generic certificate for the service, and not one customized to the exact "sub-server" you have connected to. That is the cause of the log message. This is something Apple needs to fix on their servers, but it is a known bug and not something you yourself can do anything about.
This does not mean that you lose encryption or anything like that, but it might mean that your system could be vulnerable to a Man-In-The-Middle attack, where you could be sent falsified Push Notifications. Whether that is indeed the case would require further research. It is most likely that Apple employed some sort of certificate pinning or similar to avoid this type of exploit. The likelihood that you should be attacked this way is pretty low anyhow. I.e. don't worry about it.
I don't see why you say the daemon is "misbehaving". It is not misbehaving more on your computer than on any other computer. You could say that it is misbehaving, but it is doing so by Apple's design. So instead, create bug reports with Apple to let them know that you're seeing a problem.
Of course, if you do not actually use Push Notifications for anything, you can safely disable it.
Best Answer
The command
lsof -i TCP:53
will give the active sessions on port 53.The command
netstat -vanp tcp | grep 53
will give information on the processes that are listening on port 53. The 9th column gives you the process ID (PID).To get from the PID to the program name you run:
ps -p <PID>
. Which will give you what application is running under this ID.You can string these command together as
As for killing the process, you can always run
kill -9 <PID>
. But I'd recommend finding out what program is running and why. It might be back up after a reboot.A similar question was asked at Kill TCP connections on a Mac in Terminal .