PDA

View Full Version : SSL connection to Apples network




macmacr
Sep 7, 2013, 05:45 PM
For some reason my Moountain Lion continually tries to connect to 17.x.x.x. It is not trying to get updates as I have it turned off. This connection is encrypted.

Eliminated



1) Updates I have turned off automatic updates and updates can only performed manually.

2) Time and DNS are easily identified and are not encrypted. DNS should not be going to Apple in any case as that is a specfic network setting.

3) Xprotect is a malware incoroprated into the OS and the TSL encrypted infomration I am view is occurring ever few minutes I would say at least every 5 minutes. There is no way Xprotect is expecting updates that often.

4) I do not use Safari so that application is not running


why is there encrypted traffic going to Apples network?



Intell
Sep 7, 2013, 05:50 PM
iCloud, generic anonymous system reporting, iapd (push notifications).

macmacr
Sep 9, 2013, 07:52 PM
i do not use Icloud.

Here is a netstat

netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 10.3.1.108.53132 qa-in-f109.1e100.imaps SYN_SENT
tcp4 0 0 10.3.1.108.53131 qa-in-f108.1e100.imaps SYN_SENT
tcp4 0 0 10.3.1.108.53130 qa-in-f109.1e100.imaps SYN_SENT
tcp4 0 0 10.3.1.108.53129 qa-in-f109.1e100.imaps SYN_SENT
tcp4 0 0 10.3.1.108.53128 qa-in-f109.1e100.imaps SYN_SENT
tcp4 0 0 10.3.1.108.53126 qa-in-f108.1e100.imaps SYN_SENT
tcp4 0 0 10.3.1.108.53125 qa-in-f108.1e100.imaps SYN_SENT
tcp4 0 0 10.3.1.108.53124 qa-in-f108.1e100.imaps SYN_SENT
tcp4 0 0 10.3.1.108.52132 17.149.32.35.https ESTABLISHED
tcp4 0 0 10.3.1.108.52001 209.107.220.175.https ESTABLISHED
tcp4 195960 0 10.3.1.108.50715 72.26.204.62.http ESTABLISHED
tcp4 0 0 10.3.1.108.50091 17.172.238.205.https ESTABLISHED

Intell
Sep 9, 2013, 08:11 PM
Just because you don't use iCloud, doesn't mean Mac OS X doesn't connect to Apple's iCloud servers.