Page 1 of 2 12 LastLast
Results 1 to 20 of 24

Thread: Signs of a hacker/crackers presence on a macbook pro?

  1. #1
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163

    Signs of a hacker/crackers presence on a macbook pro?

    Recently an output of netstat -a gave an output of one established ftp connection. This is weird because I do not have any ftp software installed and never use it. I have no reason to.

    The weirder part is that the connection persisted after closing down my internet connection. I could not kill the pid nor would it go away. I had to restart my system to get rid of it.

    Whats up with that??? Sound fishy to anyone? Could this be evidence of SSH tunneling or similar? I feel confident I wiped out any malware I had but my network I am not in love with. I suspect there is something lurking someplace I cannot see but not 100% on that. My suspicion comes from, among other things, the fact that if ALL computers in the house are completely off and the router is rebooted as soon as it's back online its flashing like fucking mad with wireless internet connectivity. There is also a wireless connection always present, with no computers running. Weird?

    Security- router has wpa2 with a fairly tough password, my mac i have locked down as best I can without TOO much effort. Root disabled all accounts have 8+ character passwords mixing numbers letters symbols etc, my firewall is set to deny all inbound connections and with little snitch i keep an eye on outbound. I mean what else can/should I be doing? If someone is breaking into my mac or using my network how can I find evidence of this? FWIW I tried packet capturing and was bewildered at the data I received. I have no clue what any of it means. I also have cocoa packet sniffer.

  2. #2
    Gold Bootsy Collins's Avatar
    Reputation
    162
    Join Date
    Mar 2012
    Location
    Orange County, CA
    Posts
    2,422
    Load Metric
    65638163
    Quote Originally Posted by 408Mike View Post
    Recently an output of netstat -a gave an output of one established ftp connection. This is weird because I do not have any ftp software installed and never use it. I have no reason to.

    The weirder part is that the connection persisted after closing down my internet connection. I could not kill the pid nor would it go away. I had to restart my system to get rid of it.

    Whats up with that??? Sound fishy to anyone? Could this be evidence of SSH tunneling or similar? I feel confident I wiped out any malware I had but my network I am not in love with. I suspect there is something lurking someplace I cannot see but not 100% on that. My suspicion comes from, among other things, the fact that if ALL computers in the house are completely off and the router is rebooted as soon as it's back online its flashing like fucking mad with wireless internet connectivity. There is also a wireless connection always present, with no computers running. Weird?
    Is your WIFI protected with a WEP key?
    Quote Originally Posted by RealTalk View Post
    Lol at the amount of effort that druff's friends have to exert trying to do an internet podcast without offending him.

  3. #3
    Gold Bootsy Collins's Avatar
    Reputation
    162
    Join Date
    Mar 2012
    Location
    Orange County, CA
    Posts
    2,422
    Load Metric
    65638163
    Quote Originally Posted by Bootsy Collins View Post
    Quote Originally Posted by 408Mike View Post
    Recently an output of netstat -a gave an output of one established ftp connection. This is weird because I do not have any ftp software installed and never use it. I have no reason to.

    The weirder part is that the connection persisted after closing down my internet connection. I could not kill the pid nor would it go away. I had to restart my system to get rid of it.

    Whats up with that??? Sound fishy to anyone? Could this be evidence of SSH tunneling or similar? I feel confident I wiped out any malware I had but my network I am not in love with. I suspect there is something lurking someplace I cannot see but not 100% on that. My suspicion comes from, among other things, the fact that if ALL computers in the house are completely off and the router is rebooted as soon as it's back online its flashing like fucking mad with wireless internet connectivity. There is also a wireless connection always present, with no computers running. Weird?
    Is your WIFI protected with a WEP key?
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    Quote Originally Posted by RealTalk View Post
    Lol at the amount of effort that druff's friends have to exert trying to do an internet podcast without offending him.

  4. #4
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163
    Quote Originally Posted by Bootsy Collins View Post
    Quote Originally Posted by Bootsy Collins View Post
    Quote Originally Posted by 408Mike View Post
    Recently an output of netstat -a gave an output of one established ftp connection. This is weird because I do not have any ftp software installed and never use it. I have no reason to.

    The weirder part is that the connection persisted after closing down my internet connection. I could not kill the pid nor would it go away. I had to restart my system to get rid of it.

    Whats up with that??? Sound fishy to anyone? Could this be evidence of SSH tunneling or similar? I feel confident I wiped out any malware I had but my network I am not in love with. I suspect there is something lurking someplace I cannot see but not 100% on that. My suspicion comes from, among other things, the fact that if ALL computers in the house are completely off and the router is rebooted as soon as it's back online its flashing like fucking mad with wireless internet connectivity. There is also a wireless connection always present, with no computers running. Weird?
    Is your WIFI protected with a WEP key?
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    My wifi? Do you mean the wifi on my mac or do you mean my home router?

    I wanted to set up MAC filtering but it's tough as my family aren't the most tech savvy and getting their machines mac addresses is a pain. I can do it, never felt the need. If you think it matters I will do it. Also won't mac spoofing negate the security in the first place?

    I forgot to mention I have all sharing services turned off, all plist files adjusted so that none of the sharing programs run at launch, no startup items whatsoever, my loginwindow plist is clean, my SSHD script altered for no root login, no agent forwarding all that. I have deleted telnet and remote desktop software, really anything and everything I can think of that might give connectivity I have done my best to alter in favor of total lockdown. Still not sure though. I get the feeling it's not enough..Recently did a full wipe of my hard drive, booted from usb and wiped the main drive clean including free space but still..

  5. #5
    Gold Bootsy Collins's Avatar
    Reputation
    162
    Join Date
    Mar 2012
    Location
    Orange County, CA
    Posts
    2,422
    Load Metric
    65638163
    Quote Originally Posted by 408Mike View Post
    Quote Originally Posted by Bootsy Collins View Post
    Quote Originally Posted by Bootsy Collins View Post
    Quote Originally Posted by 408Mike View Post
    Recently an output of netstat -a gave an output of one established ftp connection. This is weird because I do not have any ftp software installed and never use it. I have no reason to.

    The weirder part is that the connection persisted after closing down my internet connection. I could not kill the pid nor would it go away. I had to restart my system to get rid of it.

    Whats up with that??? Sound fishy to anyone? Could this be evidence of SSH tunneling or similar? I feel confident I wiped out any malware I had but my network I am not in love with. I suspect there is something lurking someplace I cannot see but not 100% on that. My suspicion comes from, among other things, the fact that if ALL computers in the house are completely off and the router is rebooted as soon as it's back online its flashing like fucking mad with wireless internet connectivity. There is also a wireless connection always present, with no computers running. Weird?
    Is your WIFI protected with a WEP key?
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    My wifi? Do you mean the wifi on my mac or do you mean my home router?

    I wanted to set up MAC filtering but it's tough as my family aren't the most tech savvy and getting their machines mac addresses is a pain. I can do it, never felt the need. If you think it matters I will do it. Also won't mac spoofing negate the security in the first place?

    I forgot to mention I have all sharing services turned off, all plist files adjusted so that none of the sharing programs run at launch, no startup items whatsoever, my loginwindow plist is clean, my SSHD script altered for no root login, no agent forwarding all that. I have deleted telnet and remote desktop software, really anything and everything I can think of that might give connectivity I have done my best to alter in favor of total lockdown. Still not sure though. I get the feeling it's not enough..Recently did a full wipe of my hard drive, booted from usb and wiped the main drive clean including free space but still..
    Enable MAC Filtering on the wireless router

    Getting MAC addresses is pretty simple to do. For Windows devices you just need to go to the command prompt and type in ipconfig /all. It will list the MAC addresses for both wireless and wired adapters. For Macs you just need to go to System Preferences-Network-Airport (for wireless) or Ethernet (For Wired) and Advanced- NOTE: The MAC address is listed as Airport ID in that utility. I will give you a sample 00:1f:5b:bc:d8:64

    Also I would change the admin password and possibly the SSID on your wireless router if you left it at the default it is very simple for someone to log into it.
    Quote Originally Posted by RealTalk View Post
    Lol at the amount of effort that druff's friends have to exert trying to do an internet podcast without offending him.

  6. #6
    PFA Emeritus Crowe Diddly's Avatar
    Reputation
    1954
    Join Date
    Mar 2012
    Posts
    6,682
    Load Metric
    65638163
    Quote Originally Posted by Bootsy Collins View Post
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    It really doesn't, though. Almost anyone equipped to break a WEP key can just as easily clone your MAC address, and may do it out of habit anyway just to hide their own tracks. edit:says he uses wpa2 key in OP. As long as he has a strong randomish pass, MAC filtering will only be a pain in the ass for him.
    Last edited by Crowe Diddly; 03-11-2012 at 08:39 PM.

  7. #7
    Gold Bootsy Collins's Avatar
    Reputation
    162
    Join Date
    Mar 2012
    Location
    Orange County, CA
    Posts
    2,422
    Load Metric
    65638163
    Quote Originally Posted by Crowe Diddly View Post
    Quote Originally Posted by Bootsy Collins View Post
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    It really doesn't, though. Almost anyone equipped to break a WEP key can just as easily clone your MAC address, and may do it out of habit anyway just to hide their own tracks. edit:says he uses wpa2 key in OP. As long as he has a strong randomish pass, MAC filtering will only be a pain in the ass for him.
    True. Another thing he can do is disable SSID broadcast. However if he is connecting a new device he would need to manually type in the SSID.
    Quote Originally Posted by RealTalk View Post
    Lol at the amount of effort that druff's friends have to exert trying to do an internet podcast without offending him.

  8. #8
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163
    Quote Originally Posted by Crowe Diddly View Post
    Quote Originally Posted by Bootsy Collins View Post
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    It really doesn't, though. Almost anyone equipped to break a WEP key can just as easily clone your MAC address, and may do it out of habit anyway just to hide their own tracks. edit:says he uses wpa2 key in OP. As long as he has a strong randomish pass, MAC filtering will only be a pain in the ass for him.
    The MAC spoofing as I understood it negates the security of using MAC addresses via the router.

    Yeah the router is secured with an administrator password (long and tough-jack the ripper would need years to crack it) and the wifi connections are secured with WPA-2 with a solid password. No passwords stored anywhere on any machine, ever.

    I think whatever malware I came in contact with is either still present or has given someone an "in" that I can't fucking get rid of despite my best efforts.

  9. #9
    Gold Bootsy Collins's Avatar
    Reputation
    162
    Join Date
    Mar 2012
    Location
    Orange County, CA
    Posts
    2,422
    Load Metric
    65638163
    Quote Originally Posted by 408Mike View Post
    Quote Originally Posted by Crowe Diddly View Post
    Quote Originally Posted by Bootsy Collins View Post
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    It really doesn't, though. Almost anyone equipped to break a WEP key can just as easily clone your MAC address, and may do it out of habit anyway just to hide their own tracks. edit:says he uses wpa2 key in OP. As long as he has a strong randomish pass, MAC filtering will only be a pain in the ass for him.
    The MAC spoofing as I understood it negates the security of using MAC addresses via the router.

    Yeah the router is secured with an administrator password (long and tough-jack the ripper would need years to crack it) and the wifi connections are secured with WPA-2 with a solid password. No passwords stored anywhere on any machine, ever.

    I think whatever malware I came in contact with is either still present or has given someone an "in" that I can't fucking get rid of despite my best efforts.
    Have you tried a cold reset?
    Quote Originally Posted by RealTalk View Post
    Lol at the amount of effort that druff's friends have to exert trying to do an internet podcast without offending him.

  10. #10
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163
    Quote Originally Posted by Bootsy Collins View Post
    Quote Originally Posted by 408Mike View Post
    Quote Originally Posted by Crowe Diddly View Post
    Quote Originally Posted by Bootsy Collins View Post
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    It really doesn't, though. Almost anyone equipped to break a WEP key can just as easily clone your MAC address, and may do it out of habit anyway just to hide their own tracks. edit:says he uses wpa2 key in OP. As long as he has a strong randomish pass, MAC filtering will only be a pain in the ass for him.
    The MAC spoofing as I understood it negates the security of using MAC addresses via the router.

    Yeah the router is secured with an administrator password (long and tough-jack the ripper would need years to crack it) and the wifi connections are secured with WPA-2 with a solid password. No passwords stored anywhere on any machine, ever.

    I think whatever malware I came in contact with is either still present or has given someone an "in" that I can't fucking get rid of despite my best efforts.
    Have you tried a cold reset?
    Never heard of the term. Do yo mean resetting the router by pushing in the little button on the side or cutting the power to it? Or do you mean my laptop?

  11. #11
    Gold Bootsy Collins's Avatar
    Reputation
    162
    Join Date
    Mar 2012
    Location
    Orange County, CA
    Posts
    2,422
    Load Metric
    65638163
    Quote Originally Posted by 408Mike View Post
    Quote Originally Posted by Bootsy Collins View Post
    Quote Originally Posted by 408Mike View Post
    Quote Originally Posted by Crowe Diddly View Post
    Quote Originally Posted by Bootsy Collins View Post
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    It really doesn't, though. Almost anyone equipped to break a WEP key can just as easily clone your MAC address, and may do it out of habit anyway just to hide their own tracks. edit:says he uses wpa2 key in OP. As long as he has a strong randomish pass, MAC filtering will only be a pain in the ass for him.
    The MAC spoofing as I understood it negates the security of using MAC addresses via the router.

    Yeah the router is secured with an administrator password (long and tough-jack the ripper would need years to crack it) and the wifi connections are secured with WPA-2 with a solid password. No passwords stored anywhere on any machine, ever.

    I think whatever malware I came in contact with is either still present or has given someone an "in" that I can't fucking get rid of despite my best efforts.
    Have you tried a cold reset?
    Never heard of the term. Do yo mean resetting the router by pushing in the little button on the side or cutting the power to it? Or do you mean my laptop?
    I believe it is by pushing the little button so that it resets the router to factory defaults. If you formatted your hard drive that should have wiped away the malware.
    Quote Originally Posted by RealTalk View Post
    Lol at the amount of effort that druff's friends have to exert trying to do an internet podcast without offending him.

  12. #12
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163
    Quote Originally Posted by Bootsy Collins View Post
    Quote Originally Posted by 408Mike View Post
    Quote Originally Posted by Bootsy Collins View Post
    Quote Originally Posted by 408Mike View Post
    Quote Originally Posted by Crowe Diddly View Post
    Quote Originally Posted by Bootsy Collins View Post
    What I have recommended in the past is to enable MAC filtering on your wireless router. It gives you an added layer of security.
    It really doesn't, though. Almost anyone equipped to break a WEP key can just as easily clone your MAC address, and may do it out of habit anyway just to hide their own tracks. edit:says he uses wpa2 key in OP. As long as he has a strong randomish pass, MAC filtering will only be a pain in the ass for him.
    The MAC spoofing as I understood it negates the security of using MAC addresses via the router.

    Yeah the router is secured with an administrator password (long and tough-jack the ripper would need years to crack it) and the wifi connections are secured with WPA-2 with a solid password. No passwords stored anywhere on any machine, ever.

    I think whatever malware I came in contact with is either still present or has given someone an "in" that I can't fucking get rid of despite my best efforts.
    Have you tried a cold reset?
    Never heard of the term. Do yo mean resetting the router by pushing in the little button on the side or cutting the power to it? Or do you mean my laptop?
    I believe it is by pushing the little button so that it resets the router to factory defaults. If you formatted your hard drive that should have wiped away the malware.
    After a reformat again I feel the problem is gone and it's making me very suspicious that there is either something so low level on my machine I cannot ever hope to get rid of it or it's living on my network and re-infecting my comp over and over again. *Sigh* sadly troubleshooting electronics is not my forte.

  13. #13
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163
    More weirdness- I installed and ran two programs to scan for LAN and network devices and both showed some weird device connected to my mac I do not recognize.

    Using IP scanner, it shows a Windows device but weirdly enough it has no name, it does have a MAC address and it's listed as connected on port 103. Port 103 shows up as possibly a port used by trojans...Weird?

    It does say that the device manufacturer is "Elite COmputer System CO" but not sure how relevant that is. I might think it's another computer here at the house, but nothing is on right now I checked. Not sure about that...

    Can anyone track a MAC address? Says 00:0A:E6: DE :50:E0

  14. #14
    Silver
    Reputation
    390
    Join Date
    Mar 2012
    Posts
    857
    Load Metric
    65638163
    Quote Originally Posted by 408Mike View Post
    More weirdness- I installed and ran two programs to scan for LAN and network devices and both showed some weird device connected to my mac I do not recognize.

    Using IP scanner, it shows a Windows device but weirdly enough it has no name, it does have a MAC address and it's listed as connected on port 103. Port 103 shows up as possibly a port used by trojans...Weird?

    It does say that the device manufacturer is "Elite COmputer System CO" but not sure how relevant that is. I might think it's another computer here at the house, but nothing is on right now I checked. Not sure about that...

    Can anyone track a MAC address? Says 00:0A:E6: DE :50:E0
    I was able to track that MAC address. Pretty weird, possibly looks like Russian work.

  15. #15
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163
    Quote Originally Posted by hutmaster View Post
    Quote Originally Posted by 408Mike View Post
    More weirdness- I installed and ran two programs to scan for LAN and network devices and both showed some weird device connected to my mac I do not recognize.

    Using IP scanner, it shows a Windows device but weirdly enough it has no name, it does have a MAC address and it's listed as connected on port 103. Port 103 shows up as possibly a port used by trojans...Weird?

    It does say that the device manufacturer is "Elite COmputer System CO" but not sure how relevant that is. I might think it's another computer here at the house, but nothing is on right now I checked. Not sure about that...

    Can anyone track a MAC address? Says 00:0A:E6: DE :50:E0
    I was able to track that MAC address. Pretty weird, possibly looks like Russian work.
    I am savvy enough to check the address for any links you might try to bait me with bruh. I just want to know WHY or HOW would you even know to find that damn site? So filthy...Heeb may as well be dead now, he's a memory in the making, why you gotta drudge up the past like that holmes?

  16. #16
    Bronze Cupid Stunt's Avatar
    Reputation
    42
    Join Date
    Mar 2012
    Posts
    150
    Load Metric
    65638163
    Quote Originally Posted by 408Mike View Post
    More weirdness- I installed and ran two programs to scan for LAN and network devices and both showed some weird device connected to my mac I do not recognize.

    Using IP scanner, it shows a Windows device but weirdly enough it has no name, it does have a MAC address and it's listed as connected on port 103. Port 103 shows up as possibly a port used by trojans...Weird?

    It does say that the device manufacturer is "Elite COmputer System CO" but not sure how relevant that is. I might think it's another computer here at the house, but nothing is on right now I checked. Not sure about that...
    Can anyone track a MAC address? Says 00:0A:E6: DE :50:E0
    Not 100%, but something tells me this is the Wireless/Network card in another one of the PC's at your place. Even if the computer is off, the wireless card in some PC's are powered (as long as plugged in obv) as there is a feature where you can remotely turn the machine on for IT purposes. This is usually always turned on in branded PC's that are usually used in the office (Dell etc) for if some suit needs to boot up remotely. It can be disabled in the bios of the offending machine, but I wouldn't think this has anything to do with the problems you are having, so wouldn't bother.

    Try unplugging all PC's from your place, then scan. If it's gone, you know you are good.

    Other than that, if you are sure it's a Windows device, then maybe, a WP7 phone?

  17. #17
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163
    Quote Originally Posted by Cupid Stunt View Post
    Quote Originally Posted by 408Mike View Post
    More weirdness- I installed and ran two programs to scan for LAN and network devices and both showed some weird device connected to my mac I do not recognize.

    Using IP scanner, it shows a Windows device but weirdly enough it has no name, it does have a MAC address and it's listed as connected on port 103. Port 103 shows up as possibly a port used by trojans...Weird?

    It does say that the device manufacturer is "Elite COmputer System CO" but not sure how relevant that is. I might think it's another computer here at the house, but nothing is on right now I checked. Not sure about that...
    Can anyone track a MAC address? Says 00:0A:E6: DE :50:E0
    Not 100%, but something tells me this is the Wireless/Network card in another one of the PC's at your place. Even if the computer is off, the wireless card in some PC's are powered (as long as plugged in obv) as there is a feature where you can remotely turn the machine on for IT purposes. This is usually always turned on in branded PC's that are usually used in the office (Dell etc) for if some suit needs to boot up remotely. It can be disabled in the bios of the offending machine, but I wouldn't think this has anything to do with the problems you are having, so wouldn't bother.

    Try unplugging all PC's from your place, then scan. If it's gone, you know you are good.

    Other than that, if you are sure it's a Windows device, then maybe, a WP7 phone?
    I determined the rogue computer to actually be my fucking router...I wasn't gonna say anything either and let it die but I appreciate you taking the time to help.

  18. #18
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163
    It is definitely a trojan, I surprised it yesterday after my laptop had been sleeping and a netstat -a yielded an https: transfer connection. Needless to say I hit the ip address into google and the first few hits came up from malware reporting sites. Most pointed to the flashback trojan, I immed deleted the partition and restored from backup but sadly that hasn't done the trick.

    Crafty bit of malware really, what i am miffed about is that, at the time this happened, the only sites i had up were tube8.com and fadpu.com. Both are free tube porn type sites, but I was not watching anything at the time, and also I was never asked to download anything and my downloads history showed nothing, logs showed nothing, so what gives? I thought trojans had to be manually approved for installation and what have you, now it seems to me like just visiting the wrong sites will poss download a trojan right to you?

    Oh and I did hunt around for the crafty pos and I found it under a few spots, it tried to pass itself off in a number of places including input sources, dictionaries, also Lion has something called "saved application states" and under textedit there is a library where I found some foreign files. I lost the fight unfortunately as the malware detects file deletion and respawns the damn files with launchd. I tried for two hours to just manually delete it and couldn't come close.

  19. #19
    Gold 408Mike's Avatar
    Reputation
    7
    Join Date
    Mar 2012
    Location
    Own a dying world
    Posts
    2,333
    Load Metric
    65638163
    I must just be paranoid...


    $ sudo lsof -nP | grep UDP
    launchd 1 root 12u IPv4 0xffffff800bc1fdd8 0t0 UDP *:137
    launchd 1 root 13u IPv4 0xffffff800bc1fc60 0t0 UDP *:138
    UserEvent 11 root 4u IPv4 0xffffff800bc1d7a8 0t0 UDP *:*
    ntpd 15 root 20u IPv4 0xffffff800d1907a8 0t0 UDP *:123
    ntpd 15 root 21u IPv6 0xffffff800d190630 0t0 UDP *:123
    ntpd 15 root 22u IPv6 0xffffff800d190340 0t0 UDP [fe80:1::1]:123
    ntpd 15 root 23u IPv4 0xffffff800d1901c8 0t0 UDP 127.0.0.1:123
    ntpd 15 root 24u IPv6 0xffffff800d190050 0t0 UDP [::1]:123
    syslogd 20 root 19u IPv4 0xffffff800eb5e1c8 0t0 UDP *:49626
    mDNSRespo 32 _mdnsresponder 8u IPv4 0xffffff800bc1f218 0t0 UDP *:5353
    mDNSRespo 32 _mdnsresponder 9u IPv6 0xffffff800bc1f0a0 0t0 UDP *:5353
    mDNSRespo 32 _mdnsresponder 11u IPv4 0xffffff800bc1f508 0t0 UDP *:55985
    mDNSRespo 32 _mdnsresponder 14u IPv6 0xffffff800eb5c468 0t0 UDP *:55985
    mDNSRespo 32 _mdnsresponder 16u IPv4 0xffffff800d190a98 0t0 UDP *:54274
    mDNSRespo 32 _mdnsresponder 18u IPv6 0xffffff800eb294e0 0t0 UDP *:54274
    mDNSRespo 32 _mdnsresponder 19u IPv4 0xffffff800d190920 0t0 UDP *:52290
    mDNSRespo 32 _mdnsresponder 20u IPv6 0xffffff800bc1fae8 0t0 UDP *:52290
    mDNSRespo 32 _mdnsresponder 21u IPv4 0xffffff800bc1c608 0t0 UDP *:59803
    mDNSRespo 32 _mdnsresponder 22u IPv6 0xffffff800eb29368 0t0 UDP *:59803
    mDNSRespo 32 _mdnsresponder 23u IPv4 0xffffff800bc1bd38 0t0 UDP *:59911
    mDNSRespo 32 _mdnsresponder 24u IPv6 0xffffff800bc1ced8 0t0 UDP *:59911
    mDNSRespo 32 _mdnsresponder 25u IPv4 0xffffff800eb29c38 0t0 UDP *:55401
    mDNSRespo 32 _mdnsresponder 26u IPv6 0xffffff800bc1c028 0t0 UDP *:55401
    mDNSRespo 32 _mdnsresponder 27u IPv4 0xffffff800eb60390 0t0 UDP *:58160
    mDNSRespo 32 _mdnsresponder 28u IPv6 0xffffff800eb29658 0t0 UDP *:58160
    mDNSRespo 32 _mdnsresponder 29u IPv4 0xffffff800bc1d1c8 0t0 UDP *:61032
    mDNSRespo 32 _mdnsresponder 30u IPv6 0xffffff800eb2a680 0t0 UDP *:61032
    mDNSRespo 32 _mdnsresponder 31u IPv4 0xffffff800bc1d340 0t0 UDP *:63088
    mDNSRespo 32 _mdnsresponder 32u IPv6 0xffffff800d191078 0t0 UDP *:63088
    mDNSRespo 32 _mdnsresponder 33u IPv4 0xffffff800ed1fd88 0t0 UDP *:63074
    mDNSRespo 32 _mdnsresponder 34u IPv6 0xffffff800d18f780 0t0 UDP *:63074
    mDNSRespo 32 _mdnsresponder 35u IPv4 0xffffff800d18f608 0t0 UDP *:62918
    mDNSRespo 32 _mdnsresponder 36u IPv6 0xffffff800eb5ea98 0t0 UDP *:62918
    mDNSRespo 32 _mdnsresponder 37u IPv4 0xffffff800bc1ef28 0t0 UDP *:62362
    mDNSRespo 32 _mdnsresponder 38u IPv6 0xffffff800d191f28 0t0 UDP *:62362
    mDNSRespo 32 _mdnsresponder 39u IPv4 0xffffff800d18e000 0t0 UDP *:52496
    mDNSRespo 32 _mdnsresponder 40u IPv6 0xffffff800eb5ff28 0t0 UDP *:52496
    mDNSRespo 32 _mdnsresponder 41u IPv4 0xffffff800d18f8f8 0t0 UDP *:58971
    mDNSRespo 32 _mdnsresponder 42u IPv6 0xffffff800d18fa70 0t0 UDP *:58971
    mDNSRespo 32 _mdnsresponder 43u IPv4 0xffffff800eb2a7f8 0t0 UDP *:49348
    mDNSRespo 32 _mdnsresponder 44u IPv6 0xffffff800bc1b178 0t0 UDP *:49348
    configd 45 root 10u IPv6 0xffffff800bc1f680 0t0 UDP *:*
    configd 45 root 16u IPv4 0xffffff800bc1f970 0t0 UDP *:*
    configd 45 root 21u IPv4 0xffffff800bc1dd88 0t0 UDP *:*
    configd 45 root 23u IPv4 0xffffff800bc1dc10 0t0 UDP *:*
    configd 45 root 25u IPv4 0xffffff800bc1da98 0t0 UDP *:*
    netbiosd 142 _netbios 3u IPv4 0xffffff800bc1fc60 0t0 UDP *:138
    netbiosd 142 _netbios 4u IPv4 0xffffff800bc1fdd8 0t0 UDP *:137
    SystemUIS 2386 me 10u IPv4 0xffffff800eb2ac60 0t0 UDP *:*
    Finder 2387 me 13u IPv4 0xffffff800eb281c8 0t0 UDP *:*
    readconfi 2516 root 4u IPv4 0xffffff800d1914e0 0t0 UDP *:972
    readconfi 2516 root 7u IPv4 0xffffff800fb29db0 0t0 UDP *:804
    readconfi 2516 root 8u IPv4 0xffffff800fb29c38 0t0 UDP *:666
    readconfi 2516 root 9u IPv4 0xffffff800fb29ac0 0t0 UDP *:968

    Only 30 some odd MDNSResponders listening nothing to see here move on.
    Oh wait, I just remembered configuring IPV6 to OFF now isn't that something..

  20. #20
    Cubic Zirconia
    Reputation
    10
    Join Date
    Apr 2012
    Posts
    44
    Load Metric
    65638163
    Unknown language...terrifying everyone...pretty sure this article was written by you mikey, but if not you should check it out.

    There's a new Mac trojan that's been floating around, and it's terrifying everyone. It's written in an unknown language, doesn't even need your password to compromise you, and now it's apparently infected 600,000 users.
    http://gizmodo.com/5899352/mac-flash...00000-infected

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 4
    Last Post: 08-14-2012, 06:37 PM
  2. Anyone check the hacker forum still?
    By 408Mike in forum Flying Stupidity
    Replies: 3
    Last Post: 07-09-2012, 07:04 AM
  3. Trick shot QB signs with the Chiefs
    By Hugh Chardon in forum Flying Stupidity
    Replies: 0
    Last Post: 06-05-2012, 02:00 PM
  4. Annette Obrestad signs with Lock Poker
    By Dan Druff in forum Flying Stupidity
    Replies: 8
    Last Post: 04-26-2012, 01:41 PM
  5. Welcome to The Hacker's Delight
    By Dan Druff in forum The Hacker's Delight
    Replies: 0
    Last Post: 03-10-2012, 03:45 AM