Hmm. Never seen THIS before. Any input?

[fiveightandten]

I happened to be browsing through my network settings and noticed a connection listed that I never saw before. The computer is a Macbook and doesn't even have anything plugged into the Ethernet port.

What gives? Looks fishy to me.

-Nick

 

[DrEwTiMe42o]

To be honest this seems like a 3rd party is connecting to your computer remotely and gaining control. I would take your machine offline and take measures to increast the security on your machine. Maybe you want to go into your preferences and take off remote users.

 

[fiveightandten]

To be honest this seems like a 3rd party is connecting to your computer remotely and gaining control. I would take your machine offline and take measures to increast the security on your machine. Maybe you want to go into your preferences and take off remote users.

Thanks man, that's kind of what I feared. I don't have remote users enabled, and to be honest i'm not sure what else to do outside of having the firewall enabled (which I always do) and not having any type of file sharing or remote access enabled.

Any suggestions? I found the connection listed in my port configurations (*separate* from the Ethernet port listing) and deleted it. Should I just do a clean OS-X install now to be safe? Any help in changing my router's security settings? Not sure how this would've happened, but it's not cool.

-Nick

 

[Sherman Homan]

You don't have anything plugged into the ethernet port?!?!

 

[DrEwTiMe42o]

Thanks man, that's kind of what I feared. I don't have remote users enabled, and to be honest i'm not sure what else to do outside of having the firewall enabled (which I always do) and not having any type of file sharing or remote access enabled.

Any suggestions? I found the connection listed in my port configurations (*separate* from the Ethernet port listing) and deleted it. Should I just do a clean OS-X install now to be safe? Any help in changing my router's security settings? Not sure how this would've happened, but it's not cool.

-Nick

reinstalling OSX will not really help being that whatever security issue will still be present. For starters for protect your information i would turn file vault on( which encrypts your files) which can be found in your preferences by clicking on the apple, if someone is relaly accessing your system that will make it much harder for them to actually get anything of use.

Another way to really lock your computer down( will be at the cost of some extra work by you) is to set the firewall to only connections which you allow. You will have to look through your apps and see which programs will need to make outgoing connections, By doing this you are not allowing anything not on that list to even be visible to someone from the outside.

Just to be safe i would reconfigure your router's security parameters, whoever is doing this could be accessing a port on your router and making the system think he is connected to the router( hence you get the ethernet notification).

Let me know how that works out for you.

 

[fiveightandten]

You don't have anything plugged into the ethernet port?!?!

Nothing. The only time i've ever had anything connected to that port was when I was setting up my router to configure it. I run wireless, always.

reinstalling OSX will not really help being that whatever security issue will still be present. For starters for protect your information i would turn file vault on( which encrypts your files) which can be found in your preferences by clicking on the apple, if someone is relaly accessing your system that will make it much harder for them to actually get anything of use.

Another way to really lock your computer down( will be at the cost of some extra work by you) is to set the firewall to only connections which you allow. You will have to look through your apps and see which programs will need to make outgoing connections, By doing this you are not allowing anything not on that list to even be visible to someone from the outside.

Just to be safe i would reconfigure your router's security parameters, whoever is doing this could be accessing a port on your router and making the system think he is connected to the router( hence you get the ethernet notification).

Let me know how that works out for you.

Thanks man. I'll turn on file vault. But it's a little disconcerting that I have no idea how long this has been going on.

I'll definitely look into reconfiguring the firewall as well. I changed the admin password after I deleted the port configuration. And i'll do a factory reset on my router and change all the security. One thing I did noticed was that if I connected to a different network, the connection status (screen shot above) would change to indicate the IP that I was connected through.

I'm at a loss as to how this could've happened. I don't visit any questionable websites or anything. My girlfriend does use it to chat via Yahoo and AIM sometimes. Any chance someone could have gained access using one of those programs?

-Nick

 

[imnothardcore]

My girlfriend does use it to chat via Yahoo and AIM sometimes. Any chance someone could have gained access using one of those programs?

-Nick

id like to think she'd have to be chatting in some questionable chat rooms or whatever for this to realistically happen.

 

[macgig]

I would log into your router and check security settings there, and change the password to something difficult to figure out or guess.

 

[JohnTheMacGeek]

Change your router's password and make sure you've enabled WPA or WPA2. The intruder has to get through it before he can get to your computer.

 

[imnothardcore]

I would log into your router and check security settings there, and change the password to something difficult to figure out or guess.

yeah definitly a good idea.

i would set the password to log into the router and, WEP or what have you.

the people that moved in above me are loud and always doing dumb crap, and harass my girlfriend, anyway, they didn't set a password to their router so i logged in as admin and now i have admin rights.

i turn it off and filter websites time to time.

.......idiots.

 

[akj27]

yeah definitly a good idea.

i would set the password to log into the router and, WEP or what have you.

the people that moved in above me are loud and always doing dumb crap, and harass my girlfriend, anyway, they didn't set a password to their router so i logged in as admin and now i have admin rights.

i turn it off and filter websites time to time.

.......idiots.

No offense but that's pretty low of you.

 

[imnothardcore]

No offense but that's pretty low of you.

perhaps, but when they are vomiting on the side walk in front of my house as well as leaving trash everywhere. and playing loud music at 3am on a weeknight with 30+ people over it annoys me.

I went off last night, and it started again like 30 minutes later.

I dont care how low.

its the small victories that matter.

i sound like a grumpy old man but im only 23......hah

i have a baby on the way and dont need to deal with this crap from them

 

[fiveightandten]

id like to think she'd have to be chatting in some questionable chat rooms or whatever for this to realistically happen.

Well, not chat rooms. AIM and yahoo. But i'm not sure she knows every single person she chats with personally. Just wondering if it's possible.

I would log into your router and check security settings there, and change the password to something difficult to figure out or guess.

I'll definitely do that when I get home. The password wasn't very easy to begin with though.

Change your router's password and make sure you've enabled WPA or WPA2. The intruder has to get through it before he can get to your computer.

Thanks. Yeah, I had WPA enabled. I'll factory reset and reconfigure the WPA security.



Here's another issue. Filevault won't let me turn it on!

Needs 4000GB of free space? There's over 30GB free on my HD. WTH is that all about?

 

[fiveightandten]

Another thing. I turned on Firewall logging. Silly question, is it normal to have connection attempts like this like 20 times a minute which stop...then start again from a different IP?

I got a bunch of these:

Sep 17 11:14:00 XXXXXXX-computer-2 ipfw: Stealth Mode connection attempt to TCP XXX.XX.XXX.XXX from 74.125.242.24:80

And a bunch of these:
Sep 17 10:18:57 XXXXXXX-computer-2 ipfw: Stealth Mode connection attempt to UDP XXX.XX.XXX.XXX from 216.47.160.12:53

Then it just stopped. What's the difference between TCP and UDP?

-Nick

 

[DrEwTiMe42o]

TCP and UDP are methong of communication through the use of your routers ports..

Not sure what to make of that, it could be legit programs comminicating with its home information and that place is trying to send info back to it. Or it could be exactly what it looks like..
In either case if you take these procautions you will make it a **** of a lot harder for whoever that is to get through.

 

[mikesmith2]

Another thing. I turned on Firewall logging. Silly question, is it normal to have connection attempts like this like 20 times a minute which stop...then start again from a different IP?

I got a bunch of these:

Sep 17 11:14:00 XXXXXXX-computer-2 ipfw: Stealth Mode connection attempt to TCP XXX.XX.XXX.XXX from 74.125.242.24:80

And a bunch of these:
Sep 17 10:18:57 XXXXXXX-computer-2 ipfw: Stealth Mode connection attempt to UDP XXX.XX.XXX.XXX from 216.47.160.12:53

Then it just stopped. What's the difference between TCP and UDP?

-Nick

If you trace it back , you will probably find it's your isp checking the connection status etc.

I get them all the time from mine.

 

[fiveightandten]

TCP and UDP are methong of communication through the use of your routers ports..

Not sure what to make of that, it could be legit programs comminicating with its home information and that place is trying to send info back to it. Or it could be exactly what it looks like..
In either case if you take these procautions you will make it a **** of a lot harder for whoever that is to get through.

Well, I have all sharing services disabled. The firewall is running and logging is enabled, stealth mode is enabled. I reset my router and changed the WPA password, and admin login password. I changed the admin password on my computer.

However, I still can't get file vault to work.

If you trace it back , you will probably find it's your isp checking the connection status etc.

I get them all the time from mine.

I looked up the IP's and they're located clear across the country from me. They're all from the same area, in CA.

-Nick