I have extensive Wireshark, Firewall and other logs showing unusual activity.

Enfcmedic384

Is there a place where it would be ok to post these logs or in others is it ok to post it in these forums so that everyone can take a look? This is something that I believe F-Secure would be interested in itself as a company.

Janiashvili

I think you can ask about it at weblog [@] f-secure [.] com
I think that would be good place too

Rusli

Any SSH attempts on your Mac with your firewall logs. If there is happen to be ip address.

 

See if i can do a ip address tracing.

 

It's seems like you are having the same issues as me.

 

I still have someone remotely control my computer for no utter reasons.

 

But sometimes ip address trace can lead to nowhere not unless the ISP can help you out.

 

What you need is the date, time, location of the place that happen. And the firewall logs.

 

Wow! You do wireshark.

 

Are you fimilar with Linux??

Rusli

Hi

 

If you know Wireshark.

 

Did you know anything about Etherape???

 

If you need to run that on a mac. You need Xcode and Macports.

 

If you know linux, that will be fine. As you need to download Etherape and do some analysis.

 

What ip address is going from your computer.

 

Rusli

Connects only one computer to your router.

 

This time without a harddisk inside your computer.

 

Run only Linux Live Distro like Fedora or Ubuntu via DVD drive bay.

 

Watch if anything happens.

 

If there is some activities than someone is really hacking into your computer networks.

 

If you can capture sessions on your system logs via a printer running that will be help.

 

Like dot matrix printers hook up to your computer.

 

Only one computer and one printer.  

 

And monitor.

 

Don't do anything.

Rusli

Don't go any harmfull sites.

 

Do not do any BitTorrent.

 

As these comes with malwares,viruses,trojans.

 

I have the gut feeling that someone must have gain access to your computer physically.

 

And mess up your things.

 

I have the similar problems like Brian Krebs the security guru.

 

Rusli

Try the Who's There.

 

Check to see if any one connect your Mac via SSH Tcp port 22.

 

From there you will know who is the joker been accessing your computer remotely.

 

 

Rusli

Read this.

 

http://reviews.cnet.com/8301-13727_7-57418163-263/luxembourg-circ-develops-launchagent-monitoring-tool-for-os-x/

 

http://reviews.cnet.com/8301-13727_7-57570155-263/apple-issues-java-update-after-security-breach/

 

http://reviews.cnet.com/8301-13727_7-57570100-263/new-mac-malware-opens-secure-reverse-shell/

 

http://www.circl.lu/pub/tr-08/

Rusli

Just to let you know that Apple to been hacked into.

 

http://news.cnet.com/8301-1009_3-57570194-83/apple-facebook-twitter-hacks-said-to-hail-from-eastern-europe/

 

http://news.cnet.com/8301-1009_3-57570096-83/apple-employee-computers-were-targeted-in-hack-attack/

 

So be wary of this infos that I gave it to you.

 

There is another one.

 

Which you need to know.

 

http://news.cnet.com/8301-1009_3-57569983-83/chinese-army-linked-to-hacks-of-u.s-companies-agencies/

 

http://news.cnet.com/8301-1009_3-57570078-83/google-warns-of-an-increase-in-attempted-account-hijackings/