PDA

View Full Version : How to tell if my machine is being watched




kgressm
Feb 28, 2013, 09:49 PM
How can I tell and Stop my imac from being snooped on?

here is something i pulled up on terminal..

21:42 up 10:58, 3 users, load averages: 1.35 1.18 0.96
USER TTY FROM LOGIN@ IDLE WHAT
kgressm console - 10:44 10:57 -
kgressm s000 - 21:13 20 photorec
kgressm s001 - 21:42 - w
keith-morgans-iMac:~ kgressm$ netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.15.165.daap apple-tv.local.t.50216 ESTABLISHED
tcp4 0 0 192.168.15.165.daap apple-tv.local.t.50142 ESTABLISHED
tcp4 0 0 192.168.15.165.daap apple-tv.local.t.50139 ESTABLISHED
tcp4 0 0 localhost.26164 localhost.51229 ESTABLISHED
tcp4 0 0 localhost.51229 localhost.26164 ESTABLISHED
tcp4 0 0 192.168.15.67.49906 204.245.63.35.https CLOSE_WAIT
tcp4 0 0 192.168.15.67.49905 204.245.63.35.https CLOSE_WAIT
tcp4 0 0 192.168.15.67.49904 204.245.63.35.https CLOSE_WAIT
tcp4 0 0 192.168.15.67.49590 17.172.208.200.imaps ESTABLISHED
tcp4 0 0 192.168.15.67.49572 st11p01st-courie.5223 ESTABLISHED
tcp4 0 0 192.168.15.67.49219 17.172.34.29.imaps ESTABLISHED
tcp4 0 0 192.168.15.67.49218 17.172.34.29.imaps ESTABLISHED
tcp4 0 0 192.168.15.67.49217 17.172.34.29.imaps ESTABLISHED
tcp4 0 0 192.168.15.67.49212 sjc-not8.sjc.dro.http ESTABLISHED
udp4 0 0 *.58443 *.*
udp4 0 0 *.54340 *.*
udp4 0 0 *.54117 *.*
udp6 0 0 *.54776 *.*
udp4 0 0 *.54776 *.*
udp6 0 0 *.52610 *.*
udp4 0 0 *.52610 *.*
udp6 0 0 *.64396 *.*
udp4 0 0 *.64396 *.*
udp46 0 0 *.* *.*
udp4 0 0 all-systems.mcas.5350 *.*
udp4 0 0 192.168.15.165.16402 *.*
udp4 0 0 192.168.15.67.16402 *.*
udp6 0 0 *.53859 *.*
udp4 0 0 *.53859 *.*
udp4 0 0 *.17500 *.*
udp4 0 0 *.ssdp *.*
udp4 0 0 192.168.15.165.65055 *.*
udp4 0 0 192.168.15.67.55347 *.*
udp4 0 0 localhost.65195 *.*
udp6 0 0 *.63732 *.*
udp4 0 0 *.63732 *.*
udp6 0 0 *.37096 *.*
udp4 0 0 *.37096 *.*
udp6 0 0 *.64097 *.*
udp4 0 0 *.64097 *.*
udp4 0 0 *.* *.*
udp6 0 0 *.50138 *.*
udp4 0 0 *.50138 *.*
udp6 0 0 *.55048 *.*
udp4 0 0 *.55048 *.*
udp6 0 0 *.49602 *.*
udp4 0 0 *.49602 *.*
udp6 0 0 *.60965 *.*
udp4 0 0 *.60965 *.*
udp6 0 0 *.57861 *.*
udp4 0 0 *.57861 *.*
udp6 0 0 *.50290 *.*
udp4 0 0 *.50290 *.*
udp6 0 0 *.58797 *.*
udp4 0 0 *.58797 *.*
udp6 0 0 *.63707 *.*
udp4 0 0 *.63707 *.*
udp6 0 0 *.55924 *.*
udp4 0 0 *.55924 *.*
udp6 0 0 *.58385 *.*
udp4 0 0 *.58385 *.*
udp4 0 0 *.* *.*
udp4 0 0 *.54679 *.*
udp6 0 0 *.51818 *.*
udp4 0 0 *.51818 *.*
udp4 0 0 192.168.15.165.ntp *.*
udp6 0 0 keith-morgans-im.ntp *.*
udp4 0 0 192.168.15.67.ntp *.*
udp6 0 0 keith-morgans-im.ntp *.*
udp6 0 0 localhost.ntp *.*
udp4 0 0 localhost.ntp *.*
udp6 0 0 localhost.ntp *.*
udp6 0 0 *.ntp *.*
udp4 0 0 *.ntp *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.mdns *.*
udp46 0 0 *.* *.*
udp4 0 0 *.netbios-dgm *.*
udp4 0 0 *.netbios-ns *.*
icm4 0 0 *.* *.*
icm6 0 0 *.* *.*
icm6 0 0 *.* *.*
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
b3c15d8b76710dcd stream 0 0 0 b3c15d8b7670f405 0 0 /var/run/mDNSResponder
b3c15d8b7670f405 stream 0 0 0 b3c15d8b76710dcd 0 0
b3c15d8b6873ce95 stream 0 0 0 b3c15d8b687dd345 0 0
b3c15d8b687dd345 stream 0 0 0 b3c15d8b6873ce95 0 0
b3c15d8b6b7481ad stream 0 0 0 b3c15d8b687dcc3d 0 0
b3c15d8b687dcc3d stream 0 0 0 b3c15d8b6b7481ad 0 0
b3c15d8b7676e27d stream 0 0 0 b3c15d8b687dc78d 0 0
b3c15d8b687dc78d stream 0 0 0 b3c15d8b7676e27d 0 0
b3c15d8b7670ecfd stream 0 0 0 b3c15d8b6b748275 0 0
b3c15d8b6b748275 stream 0 0 0 b3c15d8b7670ecfd 0 0
b3c15d8b767103a5 stream 0 0 0 b3c15d8b76711025 0 0
b3c15d8b76711025 stream 0 0 0 b3c15d8b767103a5 0 0
b3c15d8b7670e465 stream 0 0 0 b3c15d8b767105fd 0 0
b3c15d8b767105fd stream 0 0 0 b3c15d8b7670e465 0 0
b3c15d8b76710855 stream 0 0 0 b3c15d8b6a67a725 0 0
b3c15d8b6a67a725 stream 0 0 0 b3c15d8b76710855 0 0
b3c15d8b6ef944cd stream 0 0 0 b3c15d8b76710e95 0 0
b3c15d8b76710e95 stream 0 0 0 b3c15d8b6ef944cd 0 0
b3c15d8b6ef94fbd stream 0 0 0 b3c15d8b687da915 0 0
b3c15d8b687da915 stream 0 0 0 b3c15d8b6ef94fbd 0 0
b3c15d8b7676e0ed stream 0 0 0 b3c15d8b6ef955fd 0 0
b3c15d8b6ef955fd stream 0 0 0 b3c15d8b7676e0ed 0 0
b3c15d8b6ef94a45 stream 0 0 0 b3c15d8b7670ee8d 0 0
b3c15d8b7670ee8d stream 0 0 0 b3c15d8b6ef94a45 0 0
b3c15d8b7676e025 stream 0 0 0 b3c15d8b6ef95215 0 0
b3c15d8b6ef95215 stream 0 0 0 b3c15d8b7676e025 0 0
b3c15d8b687dbb0d stream 0 0 0 b3c15d8b6873bfbd 0 0
b3c15d8b6873bfbd stream 0 0 0 b3c15d8b687dbb0d 0 0
b3c15d8b6ef940e5 stream 0 0 0 b3c15d8b687dacfd 0 0
b3c15d8b687dacfd stream 0 0 0 b3c15d8b6ef940e5 0 0
b3c15d8b6b7480e5 stream 0 0 0 b3c15d8b7670f33d 0 0
b3c15d8b7670f33d stream 0 0 0 b3c15d8b6b7480e5 0 0
b3c15d8b6b748725 stream 0 0 0 b3c15d8b7670f7ed 0 0 /tmp/launchd-145.Yhw72a/sock
b3c15d8b7670f7ed stream 0 0 0 b3c15d8b6b748725 0 0
b3c15d8b6a6796bd stream 0 0 0 b3c15d8b6ef94b0d 0 0
b3c15d8b6ef94b0d stream 0 0 0 b3c15d8b6a6796bd 0 0
b3c15d8b7670eaa5 stream 0 0 0 b3c15d8b76710085 0 0
b3c15d8b76710085 stream 0 0 0 b3c15d8b7670eaa5 0 0
b3c15d8b6b749085 stream 0 0 0 b3c15d8b6a67952d 0 0 /var/run/usbmuxd
b3c15d8b6a67952d stream 0 0 0 b3c15d8b6b749085 0 0
b3c15d8b7670eb6d stream 0 0 0 b3c15d8b6ef95b75 0 0 /var/run/mDNSResponder
b3c15d8b6ef95b75 stream 0 0 0 b3c15d8b7670eb6d 0 0
b3c15d8b6ef952dd stream 0 0 0 b3c15d8b6ef94c9d 0 0 /var/run/mDNSResponder
b3c15d8b6ef94c9d stream 0 0 0 b3c15d8b6ef952dd 0 0
b3c15d8b6ef94bd5 stream 0 0 0 b3c15d8b6a67a7ed 0 0 /var/run/mDNSResponder
b3c15d8b6a67a7ed stream 0 0 0 b3c15d8b6ef94bd5 0 0
b3c15d8b7676e1b5 stream 0 0 0 b3c15d8b6ef94d65 0 0 /var/run/mDNSResponder
b3c15d8b6ef94d65 stream 0 0 0 b3c15d8b7676e1b5 0 0
b3c15d8b687dcaad stream 0 0 0 b3c15d8b6873cb75 0 0 /var/run/mDNSResponder
b3c15d8b6873cb75 stream 0 0 0 b3c15d8b687dcaad 0 0
b3c15d8b7670f595 stream 0 0 0 b3c15d8b6ef9384d 0 0 /var/run/mDNSResponder
b3c15d8b6ef9384d stream 0 0 0 b3c15d8b7670f595 0 0
b3c15d8b6a67a33d stream 0 0 0 b3c15d8b6ef93aa5 0 0
b3c15d8b6ef93aa5 stream 0 0 0 b3c15d8b6a67a33d 0 0
b3c15d8b7670f4cd stream 0 0 0 b3c15d8b6873c78d 0 0
b3c15d8b6873c78d stream 0 0 0 b3c15d8b7670f4cd 0 0
b3c15d8b6ef94e2d stream 0 0 0 b3c15d8b6ef94ef5 0 0
b3c15d8b6ef94ef5 stream 0 0 0 b3c15d8b6ef94e2d 0 0
b3c15d8b7670f725 stream 0 0 0 b3c15d8b7670ec35 0 0 /var/run/mDNSResponder
b3c15d8b7670ec35 stream 0 0 0 b3c15d8b7670f725 0 0
b3c15d8b6a67ab0d stream 0 0 0 b3c15d8b76710f5d 0 0 /var/run/mDNSResponder
b3c15d8b76710f5d stream 0 0 0 b3c15d8b6a67ab0d 0 0
b3c15d8b6ef9546d stream 0 0 0 b3c15d8b680802dd 0 0
b3c15d8b680802dd stream 0 0 0 b3c15d8b6ef9546d 0 0
b3c15d8b6a67a65d stream 0 0 0 b3c15d8b6a67a0e5 0 0
b3c15d8b6a67a0e5 stream 0 0 0 b3c15d8b6a67a65d 0 0
b3c15d8b6873c3a5 stream 0 0 0 b3c15d8b6b747915 0 0
b3c15d8b6b747915 stream 0 0 0 b3c15d8b6873c3a5 0 0
b3c15d8b6b7493a5 stream 0 0 0 b3c15d8b68080085 0 0
b3c15d8b68080085 stream 0 0 0 b3c15d8b6b7493a5 0 0
b3c15d8b687dc215 stream 0 0 0 b3c15d8b687dc14d 0 0
b3c15d8b687dc14d stream 0 0 0 b3c15d8b687dc215 0 0
b3c15d8b687dcd05 stream 0 0 0 b3c15d8b6b74865d 0 0
b3c15d8b6b74865d stream 0 0 0 b3c15d8b687dcd05 0 0
b3c15d8b6b7488b5 stream 0 0 0 b3c15d8b6a679465 0 0 /var/run/mDNSResponder
b3c15d8b6a679465 stream 0 0 0 b3c15d8b6b7488b5 0 0
b3c15d8b6b748595 stream 0 0 0 b3c15d8b6b747785 0 0
b3c15d8b6b747785 stream 0 0 0 b3c15d8b6b748595 0 0
b3c15d8b6873d345 stream 0 0 0 b3c15d8b6807e465 0 0 /tmp/launchd-145.Yhw72a/sock
b3c15d8b6807e465 stream 0 0 0 b3c15d8b6873d345 0 0
b3c15d8b6a67abd5 stream 0 0 0 b3c15d8b6a67bdcd 0 0
b3c15d8b6a67bdcd stream 0 0 0 b3c15d8b6a67abd5 0 0
b3c15d8b6a67a405 stream 0 0 0 b3c15d8b6a67a275 0 0
b3c15d8b6a67a275 stream 0 0 0 b3c15d8b6a67a405 0 0
b3c15d8b6873af55 stream 0 0 0 b3c15d8b6873b01d 0 0 /var/run/mDNSResponder
b3c15d8b6873b01d stream 0 0 0 b3c15d8b6873af55 0 0
b3c15d8b6873c5fd stream 0 0 0 b3c15d8b6873b65d 0 0 /var/run/mDNSResponder
b3c15d8b6873b65d stream 0 0 0 b3c15d8b6873c5fd 0 0
b3c15d8b6873ae8d stream 0 0 0 b3c15d8b6ef95dcd 0 0
b3c15d8b6ef95dcd stream 0 0 0 b3c15d8b6873ae8d 0 0
b3c15d8b6873b8b5 stream 0 0 0 b3c15d8b6b747465 0 0
b3c15d8b6b747465 stream 0 0 0 b3c15d8b6873b8b5 0 0
b3c15d8b6873adc5 stream 0 0 b3c15d8b6e1e83e5 0 0 0 /tmp/launchd-257.WzJbCU/sock
b3c15d8b6ef95855 stream 0 0 b3c15d8b6fcad4dd 0 0 0 /var/folders/96/y4g4nzwj76n8_2x76vlr83rw0000gn/T/ics251
b3c15d8b6ef95aad stream 0 0 0 b3c15d8b6ef9591d 0 0 /var/run/mDNSResponder
b3c15d8b6ef9591d stream 0 0 0 b3c15d8b6ef95aad 0 0
b3c15d8b687db405 stream 0 0 0 b3c15d8b687db0e5 0 0 /var/run/mDNSResponder
b3c15d8b687db0e5 stream 0 0 0 b3c15d8b687db405 0 0
b3c15d8b6b74a1b5 stream 0 0 0 b3c15d8b6a6799dd 0 0 /var/run/mDNSResponder
b3c15d8b6a6799dd stream 0 0 0 b3c15d8b6b74a1b5 0 0
b3c15d8b6b74a345 stream 0 0 0 b3c15d8b6a679785 0 0 /var/run/mDNSResponder
b3c15d8b6a679785 stream 0 0 0 b3c15d8b6b74a345 0 0
b3c15d8b6b747c35 stream 0 0 0 b3c15d8b6b747f55 0 0 /var/run/mDNSResponder
b3c15d8b6b747f55 stream 0 0

<<<< it goes on forever, but too many characters to post>>>



Zwhaler
Feb 28, 2013, 09:51 PM
Close your blinds. Disconnect your internet if you want to be sure no one is snooping via the web

Slix
Feb 28, 2013, 09:51 PM
Don't give anyone your password or access to Back to My Mac or Remote Desktop and you shouldn't have anything to worry about. Unless I'm misunderstanding.

Spink10
Feb 28, 2013, 09:52 PM
Close your blinds. Disconnect your internet if you want to be sure no one is snooping via the web

Great advice

Ccrew
Mar 1, 2013, 04:12 AM
Great advice

Yeah, but he forgot about the tinfoil hat.

Macsonic
Mar 1, 2013, 05:22 AM
I invest in an anti-malware and anti-port scan software. Port scan is when someone from a remote ip address is peeking into your computer.

benwiggy
Mar 1, 2013, 08:12 AM
Port scan is when someone from a remote ip address is peeking into your computer.
Most Internet routers close all ports unless you open them, so port scanning from outside your local network won't achieve anything.

If you think your Mac has been compromised, reinstall the OS and change all your passwords.

Macsonic
Mar 1, 2013, 08:43 AM
Most Internet routers close all ports unless you open them, so port scanning from outside your local network won't achieve anything.

If you think your Mac has been compromised, reinstall the OS and change all your passwords.

Thanks for the tip. I'll keep this in mind. I don't feel comfortable even though the port scanning seems harmless.

oldhifi
Mar 1, 2013, 09:31 AM
try Shields up at: grc.com

click test all ports

benwiggy
Mar 1, 2013, 09:37 AM
try Shields up at: grc.com

click test all ports
"THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!"
I would anticipate most computers behind NAT routers would get the same results.