Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to tell if my machine is being watched

K

kgressm

macrumors newbie
Original poster
Feb 28, 2013
1
0
How can I tell and Stop my imac from being snooped on?

here is something i pulled up on terminal..

21:42 up 10:58, 3 users, load averages: 1.35 1.18 0.96
USER TTY FROM LOGIN@ IDLE WHAT
kgressm console - 10:44 10:57 -
kgressm s000 - 21:13 20 photorec
kgressm s001 - 21:42 - w
keith-morgans-iMac:~ kgressm$ netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.15.165.daap apple-tv.local.t.50216 ESTABLISHED
tcp4 0 0 192.168.15.165.daap apple-tv.local.t.50142 ESTABLISHED
tcp4 0 0 192.168.15.165.daap apple-tv.local.t.50139 ESTABLISHED
tcp4 0 0 localhost.26164 localhost.51229 ESTABLISHED
tcp4 0 0 localhost.51229 localhost.26164 ESTABLISHED
tcp4 0 0 192.168.15.67.49906 204.245.63.35.https CLOSE_WAIT
tcp4 0 0 192.168.15.67.49905 204.245.63.35.https CLOSE_WAIT
tcp4 0 0 192.168.15.67.49904 204.245.63.35.https CLOSE_WAIT
tcp4 0 0 192.168.15.67.49590 17.172.208.200.imaps ESTABLISHED
tcp4 0 0 192.168.15.67.49572 st11p01st-courie.5223 ESTABLISHED
tcp4 0 0 192.168.15.67.49219 17.172.34.29.imaps ESTABLISHED
tcp4 0 0 192.168.15.67.49218 17.172.34.29.imaps ESTABLISHED
tcp4 0 0 192.168.15.67.49217 17.172.34.29.imaps ESTABLISHED
tcp4 0 0 192.168.15.67.49212 sjc-not8.sjc.dro.http ESTABLISHED
udp4 0 0 *.58443 *.*
udp4 0 0 *.54340 *.*
udp4 0 0 *.54117 *.*
udp6 0 0 *.54776 *.*
udp4 0 0 *.54776 *.*
udp6 0 0 *.52610 *.*
udp4 0 0 *.52610 *.*
udp6 0 0 *.64396 *.*
udp4 0 0 *.64396 *.*
udp46 0 0 *.* *.*
udp4 0 0 all-systems.mcas.5350 *.*
udp4 0 0 192.168.15.165.16402 *.*
udp4 0 0 192.168.15.67.16402 *.*
udp6 0 0 *.53859 *.*
udp4 0 0 *.53859 *.*
udp4 0 0 *.17500 *.*
udp4 0 0 *.ssdp *.*
udp4 0 0 192.168.15.165.65055 *.*
udp4 0 0 192.168.15.67.55347 *.*
udp4 0 0 localhost.65195 *.*
udp6 0 0 *.63732 *.*
udp4 0 0 *.63732 *.*
udp6 0 0 *.37096 *.*
udp4 0 0 *.37096 *.*
udp6 0 0 *.64097 *.*
udp4 0 0 *.64097 *.*
udp4 0 0 *.* *.*
udp6 0 0 *.50138 *.*
udp4 0 0 *.50138 *.*
udp6 0 0 *.55048 *.*
udp4 0 0 *.55048 *.*
udp6 0 0 *.49602 *.*
udp4 0 0 *.49602 *.*
udp6 0 0 *.60965 *.*
udp4 0 0 *.60965 *.*
udp6 0 0 *.57861 *.*
udp4 0 0 *.57861 *.*
udp6 0 0 *.50290 *.*
udp4 0 0 *.50290 *.*
udp6 0 0 *.58797 *.*
udp4 0 0 *.58797 *.*
udp6 0 0 *.63707 *.*
udp4 0 0 *.63707 *.*
udp6 0 0 *.55924 *.*
udp4 0 0 *.55924 *.*
udp6 0 0 *.58385 *.*
udp4 0 0 *.58385 *.*
udp4 0 0 *.* *.*
udp4 0 0 *.54679 *.*
udp6 0 0 *.51818 *.*
udp4 0 0 *.51818 *.*
udp4 0 0 192.168.15.165.ntp *.*
udp6 0 0 keith-morgans-im.ntp *.*
udp4 0 0 192.168.15.67.ntp *.*
udp6 0 0 keith-morgans-im.ntp *.*
udp6 0 0 localhost.ntp *.*
udp4 0 0 localhost.ntp *.*
udp6 0 0 localhost.ntp *.*
udp6 0 0 *.ntp *.*
udp4 0 0 *.ntp *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.mdns *.*
udp46 0 0 *.* *.*
udp4 0 0 *.netbios-dgm *.*
udp4 0 0 *.netbios-ns *.*
icm4 0 0 *.* *.*
icm6 0 0 *.* *.*
icm6 0 0 *.* *.*
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
b3c15d8b76710dcd stream 0 0 0 b3c15d8b7670f405 0 0 /var/run/mDNSResponder
b3c15d8b7670f405 stream 0 0 0 b3c15d8b76710dcd 0 0
b3c15d8b6873ce95 stream 0 0 0 b3c15d8b687dd345 0 0
b3c15d8b687dd345 stream 0 0 0 b3c15d8b6873ce95 0 0
b3c15d8b6b7481ad stream 0 0 0 b3c15d8b687dcc3d 0 0
b3c15d8b687dcc3d stream 0 0 0 b3c15d8b6b7481ad 0 0
b3c15d8b7676e27d stream 0 0 0 b3c15d8b687dc78d 0 0
b3c15d8b687dc78d stream 0 0 0 b3c15d8b7676e27d 0 0
b3c15d8b7670ecfd stream 0 0 0 b3c15d8b6b748275 0 0
b3c15d8b6b748275 stream 0 0 0 b3c15d8b7670ecfd 0 0
b3c15d8b767103a5 stream 0 0 0 b3c15d8b76711025 0 0
b3c15d8b76711025 stream 0 0 0 b3c15d8b767103a5 0 0
b3c15d8b7670e465 stream 0 0 0 b3c15d8b767105fd 0 0
b3c15d8b767105fd stream 0 0 0 b3c15d8b7670e465 0 0
b3c15d8b76710855 stream 0 0 0 b3c15d8b6a67a725 0 0
b3c15d8b6a67a725 stream 0 0 0 b3c15d8b76710855 0 0
b3c15d8b6ef944cd stream 0 0 0 b3c15d8b76710e95 0 0
b3c15d8b76710e95 stream 0 0 0 b3c15d8b6ef944cd 0 0
b3c15d8b6ef94fbd stream 0 0 0 b3c15d8b687da915 0 0
b3c15d8b687da915 stream 0 0 0 b3c15d8b6ef94fbd 0 0
b3c15d8b7676e0ed stream 0 0 0 b3c15d8b6ef955fd 0 0
b3c15d8b6ef955fd stream 0 0 0 b3c15d8b7676e0ed 0 0
b3c15d8b6ef94a45 stream 0 0 0 b3c15d8b7670ee8d 0 0
b3c15d8b7670ee8d stream 0 0 0 b3c15d8b6ef94a45 0 0
b3c15d8b7676e025 stream 0 0 0 b3c15d8b6ef95215 0 0
b3c15d8b6ef95215 stream 0 0 0 b3c15d8b7676e025 0 0
b3c15d8b687dbb0d stream 0 0 0 b3c15d8b6873bfbd 0 0
b3c15d8b6873bfbd stream 0 0 0 b3c15d8b687dbb0d 0 0
b3c15d8b6ef940e5 stream 0 0 0 b3c15d8b687dacfd 0 0
b3c15d8b687dacfd stream 0 0 0 b3c15d8b6ef940e5 0 0
b3c15d8b6b7480e5 stream 0 0 0 b3c15d8b7670f33d 0 0
b3c15d8b7670f33d stream 0 0 0 b3c15d8b6b7480e5 0 0
b3c15d8b6b748725 stream 0 0 0 b3c15d8b7670f7ed 0 0 /tmp/launchd-145.Yhw72a/sock
b3c15d8b7670f7ed stream 0 0 0 b3c15d8b6b748725 0 0
b3c15d8b6a6796bd stream 0 0 0 b3c15d8b6ef94b0d 0 0
b3c15d8b6ef94b0d stream 0 0 0 b3c15d8b6a6796bd 0 0
b3c15d8b7670eaa5 stream 0 0 0 b3c15d8b76710085 0 0
b3c15d8b76710085 stream 0 0 0 b3c15d8b7670eaa5 0 0
b3c15d8b6b749085 stream 0 0 0 b3c15d8b6a67952d 0 0 /var/run/usbmuxd
b3c15d8b6a67952d stream 0 0 0 b3c15d8b6b749085 0 0
b3c15d8b7670eb6d stream 0 0 0 b3c15d8b6ef95b75 0 0 /var/run/mDNSResponder
b3c15d8b6ef95b75 stream 0 0 0 b3c15d8b7670eb6d 0 0
b3c15d8b6ef952dd stream 0 0 0 b3c15d8b6ef94c9d 0 0 /var/run/mDNSResponder
b3c15d8b6ef94c9d stream 0 0 0 b3c15d8b6ef952dd 0 0
b3c15d8b6ef94bd5 stream 0 0 0 b3c15d8b6a67a7ed 0 0 /var/run/mDNSResponder
b3c15d8b6a67a7ed stream 0 0 0 b3c15d8b6ef94bd5 0 0
b3c15d8b7676e1b5 stream 0 0 0 b3c15d8b6ef94d65 0 0 /var/run/mDNSResponder
b3c15d8b6ef94d65 stream 0 0 0 b3c15d8b7676e1b5 0 0
b3c15d8b687dcaad stream 0 0 0 b3c15d8b6873cb75 0 0 /var/run/mDNSResponder
b3c15d8b6873cb75 stream 0 0 0 b3c15d8b687dcaad 0 0
b3c15d8b7670f595 stream 0 0 0 b3c15d8b6ef9384d 0 0 /var/run/mDNSResponder
b3c15d8b6ef9384d stream 0 0 0 b3c15d8b7670f595 0 0
b3c15d8b6a67a33d stream 0 0 0 b3c15d8b6ef93aa5 0 0
b3c15d8b6ef93aa5 stream 0 0 0 b3c15d8b6a67a33d 0 0
b3c15d8b7670f4cd stream 0 0 0 b3c15d8b6873c78d 0 0
b3c15d8b6873c78d stream 0 0 0 b3c15d8b7670f4cd 0 0
b3c15d8b6ef94e2d stream 0 0 0 b3c15d8b6ef94ef5 0 0
b3c15d8b6ef94ef5 stream 0 0 0 b3c15d8b6ef94e2d 0 0
b3c15d8b7670f725 stream 0 0 0 b3c15d8b7670ec35 0 0 /var/run/mDNSResponder
b3c15d8b7670ec35 stream 0 0 0 b3c15d8b7670f725 0 0
b3c15d8b6a67ab0d stream 0 0 0 b3c15d8b76710f5d 0 0 /var/run/mDNSResponder
b3c15d8b76710f5d stream 0 0 0 b3c15d8b6a67ab0d 0 0
b3c15d8b6ef9546d stream 0 0 0 b3c15d8b680802dd 0 0
b3c15d8b680802dd stream 0 0 0 b3c15d8b6ef9546d 0 0
b3c15d8b6a67a65d stream 0 0 0 b3c15d8b6a67a0e5 0 0
b3c15d8b6a67a0e5 stream 0 0 0 b3c15d8b6a67a65d 0 0
b3c15d8b6873c3a5 stream 0 0 0 b3c15d8b6b747915 0 0
b3c15d8b6b747915 stream 0 0 0 b3c15d8b6873c3a5 0 0
b3c15d8b6b7493a5 stream 0 0 0 b3c15d8b68080085 0 0
b3c15d8b68080085 stream 0 0 0 b3c15d8b6b7493a5 0 0
b3c15d8b687dc215 stream 0 0 0 b3c15d8b687dc14d 0 0
b3c15d8b687dc14d stream 0 0 0 b3c15d8b687dc215 0 0
b3c15d8b687dcd05 stream 0 0 0 b3c15d8b6b74865d 0 0
b3c15d8b6b74865d stream 0 0 0 b3c15d8b687dcd05 0 0
b3c15d8b6b7488b5 stream 0 0 0 b3c15d8b6a679465 0 0 /var/run/mDNSResponder
b3c15d8b6a679465 stream 0 0 0 b3c15d8b6b7488b5 0 0
b3c15d8b6b748595 stream 0 0 0 b3c15d8b6b747785 0 0
b3c15d8b6b747785 stream 0 0 0 b3c15d8b6b748595 0 0
b3c15d8b6873d345 stream 0 0 0 b3c15d8b6807e465 0 0 /tmp/launchd-145.Yhw72a/sock
b3c15d8b6807e465 stream 0 0 0 b3c15d8b6873d345 0 0
b3c15d8b6a67abd5 stream 0 0 0 b3c15d8b6a67bdcd 0 0
b3c15d8b6a67bdcd stream 0 0 0 b3c15d8b6a67abd5 0 0
b3c15d8b6a67a405 stream 0 0 0 b3c15d8b6a67a275 0 0
b3c15d8b6a67a275 stream 0 0 0 b3c15d8b6a67a405 0 0
b3c15d8b6873af55 stream 0 0 0 b3c15d8b6873b01d 0 0 /var/run/mDNSResponder
b3c15d8b6873b01d stream 0 0 0 b3c15d8b6873af55 0 0
b3c15d8b6873c5fd stream 0 0 0 b3c15d8b6873b65d 0 0 /var/run/mDNSResponder
b3c15d8b6873b65d stream 0 0 0 b3c15d8b6873c5fd 0 0
b3c15d8b6873ae8d stream 0 0 0 b3c15d8b6ef95dcd 0 0
b3c15d8b6ef95dcd stream 0 0 0 b3c15d8b6873ae8d 0 0
b3c15d8b6873b8b5 stream 0 0 0 b3c15d8b6b747465 0 0
b3c15d8b6b747465 stream 0 0 0 b3c15d8b6873b8b5 0 0
b3c15d8b6873adc5 stream 0 0 b3c15d8b6e1e83e5 0 0 0 /tmp/launchd-257.WzJbCU/sock
b3c15d8b6ef95855 stream 0 0 b3c15d8b6fcad4dd 0 0 0 /var/folders/96/y4g4nzwj76n8_2x76vlr83rw0000gn/T/ics251
b3c15d8b6ef95aad stream 0 0 0 b3c15d8b6ef9591d 0 0 /var/run/mDNSResponder
b3c15d8b6ef9591d stream 0 0 0 b3c15d8b6ef95aad 0 0
b3c15d8b687db405 stream 0 0 0 b3c15d8b687db0e5 0 0 /var/run/mDNSResponder
b3c15d8b687db0e5 stream 0 0 0 b3c15d8b687db405 0 0
b3c15d8b6b74a1b5 stream 0 0 0 b3c15d8b6a6799dd 0 0 /var/run/mDNSResponder
b3c15d8b6a6799dd stream 0 0 0 b3c15d8b6b74a1b5 0 0
b3c15d8b6b74a345 stream 0 0 0 b3c15d8b6a679785 0 0 /var/run/mDNSResponder
b3c15d8b6a679785 stream 0 0 0 b3c15d8b6b74a345 0 0
b3c15d8b6b747c35 stream 0 0 0 b3c15d8b6b747f55 0 0 /var/run/mDNSResponder
b3c15d8b6b747f55 stream 0 0

<<<< it goes on forever, but too many characters to post>>>
 
Last edited:
Z

Zwhaler

macrumors 604
Jun 10, 2006
7,090
1,564
Close your blinds. Disconnect your internet if you want to be sure no one is snooping via the web
 
Slix

Slix

macrumors 65816
Mar 24, 2010
1,441
1,989
Don't give anyone your password or access to Back to My Mac or Remote Desktop and you shouldn't have anything to worry about. Unless I'm misunderstanding.
 
Macsonic

Macsonic

macrumors 68000
Sep 6, 2009
1,706
97
I invest in an anti-malware and anti-port scan software. Port scan is when someone from a remote ip address is peeking into your computer.
 
B

benwiggy

macrumors 68020
Jun 15, 2012
2,382
196
Macsonic said:
Port scan is when someone from a remote ip address is peeking into your computer.
Click to expand...
Most Internet routers close all ports unless you open them, so port scanning from outside your local network won't achieve anything.

If you think your Mac has been compromised, reinstall the OS and change all your passwords.
 
Macsonic

Macsonic

macrumors 68000
Sep 6, 2009
1,706
97
benwiggy said:
Most Internet routers close all ports unless you open them, so port scanning from outside your local network won't achieve anything.

If you think your Mac has been compromised, reinstall the OS and change all your passwords.
Click to expand...

Thanks for the tip. I'll keep this in mind. I don't feel comfortable even though the port scanning seems harmless.
 
B

benwiggy

macrumors 68020
Jun 15, 2012
2,382
196
oldhifi said:
try Shields up at: grc.com

click test all ports
Click to expand...
"THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!"
I would anticipate most computers behind NAT routers would get the same results.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom