Take Control of Security for Mac Users, Chapter 7: Fortify Your Mac’s Defenses
Regardless of how secure your Mac’s connection with another computer may be, that computer could try to send your Mac dangerous software, or someone could attempt to break into your Mac remotely. Conversely, you could have software on your Mac that attempts to make connections to distant servers without your knowledge and send them information you’d rather keep private. This chapter discusses ways of keeping your Mac and its data safe from outside attacks, some of which could appear in the form of malicious software, or malware.
curious if you can tell me anything about this
cupsd wants to accept an incoming connection from 71.6.135.131 on TCP
port 631 (ipp)
71.6.135.131
census7.shodan.io
Connecting to /usr/sbin/cupsd
Process ID 263
User root (UID: 0)
That got through my Airport Express with NAT, and past my Mavericks firewall (on; shared printing should only have been for the local network), and I got the popup first thing in the morning when I looked at the Mac.
--------
Also, you say: "In Mountain Lion and earlier, OS X includes the ipfw firewall; in Yosemite, Apple switched ..." -- what about Mavericks?
I can't tell you anything about it, except that it looks suspicious for several different reasons. I'd definitely deny this address access to cupsd, but why and how it's trying to connect, I don't know.
I'm not clear _how_ to deny this address access to cupsd. Will you be going into that at some point? With the Airport Express doing NAT (one IP, feeding three home computers) and the Mac and Windows firewalls on, I'm not sure what to change where. (Of course this applies to everything, at the level of which port for which service)
I found out that Shodan is an Internet security company that does port scanning as part of their business, apparently legitimately, once I looked it's documented many places.
Well, in OS X's built-in firewall, you don't allow/deny by address, but by app. So, in the alert that appears, you can click Deny, or you can go into Firewall Options as described in this chapter and choose Block Incoming Connections for cupsd. But that's one of the limitations of an application-based firewall; you don't get granular control over specific ports or IP addresses. For that, you'd need to use one of the other firewalls I mentioned.
Sorry, that should have said, "In Mavericks and earlier…"