How to tell if my machine is being watched

Discussion in 'OS X Mountain Lion (10.8)' started by kgressm, Feb 28, 2013.

  1. kgressm, Feb 28, 2013
    Last edited: Feb 28, 2013

    macrumors newbie

    Joined:
    Feb 28, 2013
    #1
    How can I tell and Stop my imac from being snooped on?

    here is something i pulled up on terminal..

    21:42 up 10:58, 3 users, load averages: 1.35 1.18 0.96
    USER TTY FROM LOGIN@ IDLE WHAT
    kgressm console - 10:44 10:57 -
    kgressm s000 - 21:13 20 photorec
    kgressm s001 - 21:42 - w
    keith-morgans-iMac:~ kgressm$ netstat
    Active Internet connections
    Proto Recv-Q Send-Q Local Address Foreign Address (state)
    tcp4 0 0 192.168.15.165.daap apple-tv.local.t.50216 ESTABLISHED
    tcp4 0 0 192.168.15.165.daap apple-tv.local.t.50142 ESTABLISHED
    tcp4 0 0 192.168.15.165.daap apple-tv.local.t.50139 ESTABLISHED
    tcp4 0 0 localhost.26164 localhost.51229 ESTABLISHED
    tcp4 0 0 localhost.51229 localhost.26164 ESTABLISHED
    tcp4 0 0 192.168.15.67.49906 204.245.63.35.https CLOSE_WAIT
    tcp4 0 0 192.168.15.67.49905 204.245.63.35.https CLOSE_WAIT
    tcp4 0 0 192.168.15.67.49904 204.245.63.35.https CLOSE_WAIT
    tcp4 0 0 192.168.15.67.49590 17.172.208.200.imaps ESTABLISHED
    tcp4 0 0 192.168.15.67.49572 st11p01st-courie.5223 ESTABLISHED
    tcp4 0 0 192.168.15.67.49219 17.172.34.29.imaps ESTABLISHED
    tcp4 0 0 192.168.15.67.49218 17.172.34.29.imaps ESTABLISHED
    tcp4 0 0 192.168.15.67.49217 17.172.34.29.imaps ESTABLISHED
    tcp4 0 0 192.168.15.67.49212 sjc-not8.sjc.dro.http ESTABLISHED
    udp4 0 0 *.58443 *.*
    udp4 0 0 *.54340 *.*
    udp4 0 0 *.54117 *.*
    udp6 0 0 *.54776 *.*
    udp4 0 0 *.54776 *.*
    udp6 0 0 *.52610 *.*
    udp4 0 0 *.52610 *.*
    udp6 0 0 *.64396 *.*
    udp4 0 0 *.64396 *.*
    udp46 0 0 *.* *.*
    udp4 0 0 all-systems.mcas.5350 *.*
    udp4 0 0 192.168.15.165.16402 *.*
    udp4 0 0 192.168.15.67.16402 *.*
    udp6 0 0 *.53859 *.*
    udp4 0 0 *.53859 *.*
    udp4 0 0 *.17500 *.*
    udp4 0 0 *.ssdp *.*
    udp4 0 0 192.168.15.165.65055 *.*
    udp4 0 0 192.168.15.67.55347 *.*
    udp4 0 0 localhost.65195 *.*
    udp6 0 0 *.63732 *.*
    udp4 0 0 *.63732 *.*
    udp6 0 0 *.37096 *.*
    udp4 0 0 *.37096 *.*
    udp6 0 0 *.64097 *.*
    udp4 0 0 *.64097 *.*
    udp4 0 0 *.* *.*
    udp6 0 0 *.50138 *.*
    udp4 0 0 *.50138 *.*
    udp6 0 0 *.55048 *.*
    udp4 0 0 *.55048 *.*
    udp6 0 0 *.49602 *.*
    udp4 0 0 *.49602 *.*
    udp6 0 0 *.60965 *.*
    udp4 0 0 *.60965 *.*
    udp6 0 0 *.57861 *.*
    udp4 0 0 *.57861 *.*
    udp6 0 0 *.50290 *.*
    udp4 0 0 *.50290 *.*
    udp6 0 0 *.58797 *.*
    udp4 0 0 *.58797 *.*
    udp6 0 0 *.63707 *.*
    udp4 0 0 *.63707 *.*
    udp6 0 0 *.55924 *.*
    udp4 0 0 *.55924 *.*
    udp6 0 0 *.58385 *.*
    udp4 0 0 *.58385 *.*
    udp4 0 0 *.* *.*
    udp4 0 0 *.54679 *.*
    udp6 0 0 *.51818 *.*
    udp4 0 0 *.51818 *.*
    udp4 0 0 192.168.15.165.ntp *.*
    udp6 0 0 keith-morgans-im.ntp *.*
    udp4 0 0 192.168.15.67.ntp *.*
    udp6 0 0 keith-morgans-im.ntp *.*
    udp6 0 0 localhost.ntp *.*
    udp4 0 0 localhost.ntp *.*
    udp6 0 0 localhost.ntp *.*
    udp6 0 0 *.ntp *.*
    udp4 0 0 *.ntp *.*
    udp4 0 0 *.* *.*
    udp4 0 0 *.* *.*
    udp4 0 0 *.* *.*
    udp4 0 0 *.* *.*
    udp4 0 0 *.* *.*
    udp4 0 0 *.* *.*
    udp6 0 0 *.mdns *.*
    udp4 0 0 *.mdns *.*
    udp46 0 0 *.* *.*
    udp4 0 0 *.netbios-dgm *.*
    udp4 0 0 *.netbios-ns *.*
    icm4 0 0 *.* *.*
    icm6 0 0 *.* *.*
    icm6 0 0 *.* *.*
    Active LOCAL (UNIX) domain sockets
    Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
    b3c15d8b76710dcd stream 0 0 0 b3c15d8b7670f405 0 0 /var/run/mDNSResponder
    b3c15d8b7670f405 stream 0 0 0 b3c15d8b76710dcd 0 0
    b3c15d8b6873ce95 stream 0 0 0 b3c15d8b687dd345 0 0
    b3c15d8b687dd345 stream 0 0 0 b3c15d8b6873ce95 0 0
    b3c15d8b6b7481ad stream 0 0 0 b3c15d8b687dcc3d 0 0
    b3c15d8b687dcc3d stream 0 0 0 b3c15d8b6b7481ad 0 0
    b3c15d8b7676e27d stream 0 0 0 b3c15d8b687dc78d 0 0
    b3c15d8b687dc78d stream 0 0 0 b3c15d8b7676e27d 0 0
    b3c15d8b7670ecfd stream 0 0 0 b3c15d8b6b748275 0 0
    b3c15d8b6b748275 stream 0 0 0 b3c15d8b7670ecfd 0 0
    b3c15d8b767103a5 stream 0 0 0 b3c15d8b76711025 0 0
    b3c15d8b76711025 stream 0 0 0 b3c15d8b767103a5 0 0
    b3c15d8b7670e465 stream 0 0 0 b3c15d8b767105fd 0 0
    b3c15d8b767105fd stream 0 0 0 b3c15d8b7670e465 0 0
    b3c15d8b76710855 stream 0 0 0 b3c15d8b6a67a725 0 0
    b3c15d8b6a67a725 stream 0 0 0 b3c15d8b76710855 0 0
    b3c15d8b6ef944cd stream 0 0 0 b3c15d8b76710e95 0 0
    b3c15d8b76710e95 stream 0 0 0 b3c15d8b6ef944cd 0 0
    b3c15d8b6ef94fbd stream 0 0 0 b3c15d8b687da915 0 0
    b3c15d8b687da915 stream 0 0 0 b3c15d8b6ef94fbd 0 0
    b3c15d8b7676e0ed stream 0 0 0 b3c15d8b6ef955fd 0 0
    b3c15d8b6ef955fd stream 0 0 0 b3c15d8b7676e0ed 0 0
    b3c15d8b6ef94a45 stream 0 0 0 b3c15d8b7670ee8d 0 0
    b3c15d8b7670ee8d stream 0 0 0 b3c15d8b6ef94a45 0 0
    b3c15d8b7676e025 stream 0 0 0 b3c15d8b6ef95215 0 0
    b3c15d8b6ef95215 stream 0 0 0 b3c15d8b7676e025 0 0
    b3c15d8b687dbb0d stream 0 0 0 b3c15d8b6873bfbd 0 0
    b3c15d8b6873bfbd stream 0 0 0 b3c15d8b687dbb0d 0 0
    b3c15d8b6ef940e5 stream 0 0 0 b3c15d8b687dacfd 0 0
    b3c15d8b687dacfd stream 0 0 0 b3c15d8b6ef940e5 0 0
    b3c15d8b6b7480e5 stream 0 0 0 b3c15d8b7670f33d 0 0
    b3c15d8b7670f33d stream 0 0 0 b3c15d8b6b7480e5 0 0
    b3c15d8b6b748725 stream 0 0 0 b3c15d8b7670f7ed 0 0 /tmp/launchd-145.Yhw72a/sock
    b3c15d8b7670f7ed stream 0 0 0 b3c15d8b6b748725 0 0
    b3c15d8b6a6796bd stream 0 0 0 b3c15d8b6ef94b0d 0 0
    b3c15d8b6ef94b0d stream 0 0 0 b3c15d8b6a6796bd 0 0
    b3c15d8b7670eaa5 stream 0 0 0 b3c15d8b76710085 0 0
    b3c15d8b76710085 stream 0 0 0 b3c15d8b7670eaa5 0 0
    b3c15d8b6b749085 stream 0 0 0 b3c15d8b6a67952d 0 0 /var/run/usbmuxd
    b3c15d8b6a67952d stream 0 0 0 b3c15d8b6b749085 0 0
    b3c15d8b7670eb6d stream 0 0 0 b3c15d8b6ef95b75 0 0 /var/run/mDNSResponder
    b3c15d8b6ef95b75 stream 0 0 0 b3c15d8b7670eb6d 0 0
    b3c15d8b6ef952dd stream 0 0 0 b3c15d8b6ef94c9d 0 0 /var/run/mDNSResponder
    b3c15d8b6ef94c9d stream 0 0 0 b3c15d8b6ef952dd 0 0
    b3c15d8b6ef94bd5 stream 0 0 0 b3c15d8b6a67a7ed 0 0 /var/run/mDNSResponder
    b3c15d8b6a67a7ed stream 0 0 0 b3c15d8b6ef94bd5 0 0
    b3c15d8b7676e1b5 stream 0 0 0 b3c15d8b6ef94d65 0 0 /var/run/mDNSResponder
    b3c15d8b6ef94d65 stream 0 0 0 b3c15d8b7676e1b5 0 0
    b3c15d8b687dcaad stream 0 0 0 b3c15d8b6873cb75 0 0 /var/run/mDNSResponder
    b3c15d8b6873cb75 stream 0 0 0 b3c15d8b687dcaad 0 0
    b3c15d8b7670f595 stream 0 0 0 b3c15d8b6ef9384d 0 0 /var/run/mDNSResponder
    b3c15d8b6ef9384d stream 0 0 0 b3c15d8b7670f595 0 0
    b3c15d8b6a67a33d stream 0 0 0 b3c15d8b6ef93aa5 0 0
    b3c15d8b6ef93aa5 stream 0 0 0 b3c15d8b6a67a33d 0 0
    b3c15d8b7670f4cd stream 0 0 0 b3c15d8b6873c78d 0 0
    b3c15d8b6873c78d stream 0 0 0 b3c15d8b7670f4cd 0 0
    b3c15d8b6ef94e2d stream 0 0 0 b3c15d8b6ef94ef5 0 0
    b3c15d8b6ef94ef5 stream 0 0 0 b3c15d8b6ef94e2d 0 0
    b3c15d8b7670f725 stream 0 0 0 b3c15d8b7670ec35 0 0 /var/run/mDNSResponder
    b3c15d8b7670ec35 stream 0 0 0 b3c15d8b7670f725 0 0
    b3c15d8b6a67ab0d stream 0 0 0 b3c15d8b76710f5d 0 0 /var/run/mDNSResponder
    b3c15d8b76710f5d stream 0 0 0 b3c15d8b6a67ab0d 0 0
    b3c15d8b6ef9546d stream 0 0 0 b3c15d8b680802dd 0 0
    b3c15d8b680802dd stream 0 0 0 b3c15d8b6ef9546d 0 0
    b3c15d8b6a67a65d stream 0 0 0 b3c15d8b6a67a0e5 0 0
    b3c15d8b6a67a0e5 stream 0 0 0 b3c15d8b6a67a65d 0 0
    b3c15d8b6873c3a5 stream 0 0 0 b3c15d8b6b747915 0 0
    b3c15d8b6b747915 stream 0 0 0 b3c15d8b6873c3a5 0 0
    b3c15d8b6b7493a5 stream 0 0 0 b3c15d8b68080085 0 0
    b3c15d8b68080085 stream 0 0 0 b3c15d8b6b7493a5 0 0
    b3c15d8b687dc215 stream 0 0 0 b3c15d8b687dc14d 0 0
    b3c15d8b687dc14d stream 0 0 0 b3c15d8b687dc215 0 0
    b3c15d8b687dcd05 stream 0 0 0 b3c15d8b6b74865d 0 0
    b3c15d8b6b74865d stream 0 0 0 b3c15d8b687dcd05 0 0
    b3c15d8b6b7488b5 stream 0 0 0 b3c15d8b6a679465 0 0 /var/run/mDNSResponder
    b3c15d8b6a679465 stream 0 0 0 b3c15d8b6b7488b5 0 0
    b3c15d8b6b748595 stream 0 0 0 b3c15d8b6b747785 0 0
    b3c15d8b6b747785 stream 0 0 0 b3c15d8b6b748595 0 0
    b3c15d8b6873d345 stream 0 0 0 b3c15d8b6807e465 0 0 /tmp/launchd-145.Yhw72a/sock
    b3c15d8b6807e465 stream 0 0 0 b3c15d8b6873d345 0 0
    b3c15d8b6a67abd5 stream 0 0 0 b3c15d8b6a67bdcd 0 0
    b3c15d8b6a67bdcd stream 0 0 0 b3c15d8b6a67abd5 0 0
    b3c15d8b6a67a405 stream 0 0 0 b3c15d8b6a67a275 0 0
    b3c15d8b6a67a275 stream 0 0 0 b3c15d8b6a67a405 0 0
    b3c15d8b6873af55 stream 0 0 0 b3c15d8b6873b01d 0 0 /var/run/mDNSResponder
    b3c15d8b6873b01d stream 0 0 0 b3c15d8b6873af55 0 0
    b3c15d8b6873c5fd stream 0 0 0 b3c15d8b6873b65d 0 0 /var/run/mDNSResponder
    b3c15d8b6873b65d stream 0 0 0 b3c15d8b6873c5fd 0 0
    b3c15d8b6873ae8d stream 0 0 0 b3c15d8b6ef95dcd 0 0
    b3c15d8b6ef95dcd stream 0 0 0 b3c15d8b6873ae8d 0 0
    b3c15d8b6873b8b5 stream 0 0 0 b3c15d8b6b747465 0 0
    b3c15d8b6b747465 stream 0 0 0 b3c15d8b6873b8b5 0 0
    b3c15d8b6873adc5 stream 0 0 b3c15d8b6e1e83e5 0 0 0 /tmp/launchd-257.WzJbCU/sock
    b3c15d8b6ef95855 stream 0 0 b3c15d8b6fcad4dd 0 0 0 /var/folders/96/y4g4nzwj76n8_2x76vlr83rw0000gn/T/ics251
    b3c15d8b6ef95aad stream 0 0 0 b3c15d8b6ef9591d 0 0 /var/run/mDNSResponder
    b3c15d8b6ef9591d stream 0 0 0 b3c15d8b6ef95aad 0 0
    b3c15d8b687db405 stream 0 0 0 b3c15d8b687db0e5 0 0 /var/run/mDNSResponder
    b3c15d8b687db0e5 stream 0 0 0 b3c15d8b687db405 0 0
    b3c15d8b6b74a1b5 stream 0 0 0 b3c15d8b6a6799dd 0 0 /var/run/mDNSResponder
    b3c15d8b6a6799dd stream 0 0 0 b3c15d8b6b74a1b5 0 0
    b3c15d8b6b74a345 stream 0 0 0 b3c15d8b6a679785 0 0 /var/run/mDNSResponder
    b3c15d8b6a679785 stream 0 0 0 b3c15d8b6b74a345 0 0
    b3c15d8b6b747c35 stream 0 0 0 b3c15d8b6b747f55 0 0 /var/run/mDNSResponder
    b3c15d8b6b747f55 stream 0 0

    <<<< it goes on forever, but too many characters to post>>>
     
  2. macrumors demi-god

    Zwhaler

    Joined:
    Jun 10, 2006
    #2
    Close your blinds. Disconnect your internet if you want to be sure no one is snooping via the web
     
  3. macrumors 6502a

    Slix

    Joined:
    Mar 24, 2010
    #3
    Don't give anyone your password or access to Back to My Mac or Remote Desktop and you shouldn't have anything to worry about. Unless I'm misunderstanding.
     
  4. macrumors 68030

    Spink10

    Joined:
    Nov 3, 2011
    #4
    Great advice
     
  5. macrumors 68020

    Joined:
    Feb 28, 2011
    #5
    Yeah, but he forgot about the tinfoil hat.
     
  6. macrumors 65816

    Macsonic

    Joined:
    Sep 6, 2009
    Location:
    Earth
    #6
    I invest in an anti-malware and anti-port scan software. Port scan is when someone from a remote ip address is peeking into your computer.
     
  7. macrumors 68020

    Joined:
    Jun 15, 2012
    #7
    Most Internet routers close all ports unless you open them, so port scanning from outside your local network won't achieve anything.

    If you think your Mac has been compromised, reinstall the OS and change all your passwords.
     
  8. macrumors 65816

    Macsonic

    Joined:
    Sep 6, 2009
    Location:
    Earth
    #8
    Thanks for the tip. I'll keep this in mind. I don't feel comfortable even though the port scanning seems harmless.
     
  9. macrumors 6502a

    oldhifi

    Joined:
    Jan 12, 2013
    Location:
    USA
    #9
    try Shields up at: grc.com

    click test all ports
     
  10. macrumors 68020

    Joined:
    Jun 15, 2012
    #10
    "THE EQUIPMENT AT THE TARGET IP ADDRESS
    DID NOT RESPOND TO OUR UPnP PROBES!"
    I would anticipate most computers behind NAT routers would get the same results.
     

Share This Page