TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] How to detect unwelcome visitors on my macbook?

Date: Tue, 06 Sep 2011 17:33:44 +0200

From: Ulrike Schmidt <ulrike.schmidt@example.com>

Subject: Re: [tlug] How to detect unwelcome visitors on my macbook?

References: <CABY1ArHuoPCD9htk5dGb_+dA4BfZkrAtY6kma+XZJ6==EpNjKQ@example.com>

User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
Am 06.09.11 17:02, schrieb Bkay:
What services are running/accessible to the outside world?
The current status, after I switched on the firewall this morning (itwas off before, :() is:
$ netstat -an | grep LISTEN
tcp4       0      0  127.0.0.1.8600         *.*                    LISTEN
tcp4       0      0  127.0.0.1.8500         *.*                    LISTEN
tcp46      0      0  *.9980                 *.*                    LISTEN
tcp4       0      0  127.0.0.1.26164        *.*                    LISTEN
tcp4       0      0  *.17500                *.*                    LISTEN
tcp46      0      0  *.80                   *.*                    LISTEN
tcp6       0      0  fe80::1%lo0.49218      *.*                    LISTEN
tcp4       0      0  *.1715                 *.*                    LISTEN
tcp4       0      0  127.0.0.1.6969         *.*                    LISTEN
tcp4       0      0  127.0.0.1.64022        *.*                    LISTEN
tcp4       0      0  127.0.0.1.6970         *.*                    LISTEN
tcp4       0      0  127.0.0.1.12311        *.*                    LISTEN
tcp4       0      0  127.0.0.1.6968         *.*                    LISTEN
tcp4       0      0  *.12346                *.*                    LISTEN
tcp4       0      0  *.12345                *.*                    LISTEN
tcp4       0      0  *.10022                *.*                    LISTEN
tcp4       0      0  127.0.0.1.631          *.*                    LISTEN
tcp6       0      0  ::1.631                *.*                    LISTEN

Is that ok?
I am currently using something vnc like to troubleshoot a vserver as Iposted a few minutes ago.
Make sure your firewall is up and running....here is a good guide tosecure your Macbook and how to check for this
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#AppleMac
If no services are accessible from the outside (you can always checkby running NMAP from another system on the LAN), it will be hard foranyone to take over control of your Macbook....
There are always "dial-home" baddies or reverse connections.... forthe paranoid I can recommend Little Snitch.
http://www.obdev.at/products/littlesnitch/index.html
Hope this can give some piece of mind. I'm curious to see if you'discover' anything. I'm familiar with forensics on Linux and Windowsbut not so much MacOS although some principles/tools also apply I guess.
Feel free to ping me if you need more help.
Thanks a lot, I will work through this and report!

Uli
References:

Re: [tlug] How to detect unwelcome visitors on my macbook?
From: Bkay

Prev by Date: Re: [tlug] How to detect unwelcome visitors on my macbook?

Next by Date: Re: [tlug] How to detect unwelcome visitors on my macbook?

Previous by thread: Re: [tlug] How to detect unwelcome visitors on my macbook?

Next by thread: Re: [tlug] How to detect unwelcome visitors on my macbook?

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links