As I logged into my admin account to set some things up on my Macbook (I surf using a standard account), I noticed via my third-party firewall application, Little Snitch, that mDNSResponder had accepted an incoming connection from the name given to the very same Macbook on the LAN – [name]'s-Macbook-Pro.local.
I was wondering:
(1) What does this actually mean?
(2) As long as I don't have any sharing options enabled, would my Macbook be at risk of any malware related/intrusion issues if I were to accept this connection even once? E.g. someone attempting to brute force my admin password to remote login etc
Running OS X 10.11.1, built-in firewall set to block all incoming connections, Little Snitch 3.6.1. I'm on a home wifi network. There are 2 other Macbooks, 3 iPhones and 1 laptop running Windows on the same network.
Best Answer
The mDNSResponder is responsible to handle (beyond other aspects) automatic distribution and resolution of computer hostnames without using a dedicated DNS-server. In the OS X world this is called the Bonjour service. The local names of all Bonjour (or zeroconf) enabled devices - including your host - are sent to a special multicast address: 224.0.0.251.
To detect those devices the firewalls have to open the respective port and accept incoming connection.
Since your host probably is the only receiver and sender in your local network there is no special risk to accept those incoming connections.
In larger, non-SOHO or non-home networks security issues exist:
Security issues (wikipedia):