Hello,
Not sure if I am posting this in the right place but I am relatively new to the mac world and want to make sure my computer is secure. Using netstat output, what exactly would one look for to see if there are any intruders on the system? Here is the current output:
I have taken all the normal precautions, firewall on stealth mode, all services off etc. Do you see anything that is not supposed to be there?
I am primarily concerned with security against remote attacks.
Thanks
Not sure if I am posting this in the right place but I am relatively new to the mac world and want to make sure my computer is secure. Using netstat output, what exactly would one look for to see if there are any intruders on the system? Here is the current output:
PHP:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.1.100.49235 173.194.8.27.http ESTABLISHED
tcp4 0 0 192.168.1.100.49231 iw-in-f139.1e100.http ESTABLISHED
tcp4 0 0 localhost.ipp *.* LISTEN
tcp4 0 0 localhost.netinfo-loca localhost.1017 ESTABLISHED
tcp4 0 0 localhost.1017 localhost.netinfo-loca ESTABLISHED
tcp4 0 0 localhost.netinfo-loca localhost.1021 ESTABLISHED
tcp4 0 0 localhost.1021 localhost.netinfo-loca ESTABLISHED
tcp4 0 0 localhost.netinfo-loca *.* LISTEN
udp4 0 0 *.ipp *.*
udp4 0 0 localhost.49156 localhost.1022
udp4 0 0 localhost.49155 localhost.1022
udp4 0 0 localhost.1022 *.*
udp4 0 0 localhost.49154 localhost.1023
udp4 0 0 localhost.1023 *.*
udp4 0 0 192.168.1.100.ntp *.*
udp4 0 0 localhost.ntp *.*
udp4 0 0 *.ntp *.*
udp4 0 0 *.* *.*
udp4 0 0 localhost.netinfo-loca *.*
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
1ffc3b8 stream 0 0 24aff78 0 0 0 /private/var/run/cupsd
1ffc770 stream 0 0 23496b4 0 0 0 /var/run/pppconfd
1ffce58 stream 0 0 0 1ffcdd0 0 0 /var/run/asl_input
1ffcdd0 stream 0 0 0 1ffce58 0 0
1ffca18 stream 0 0 226b630 0 0 0 /var/run/asl_input
1ffcee0 stream 0 0 226bbdc 0 0 0 /var/run/portmap.socket
1ffcf68 stream 0 0 1ff1420 0 0 0 /var/launchd/0/sock
1ffc5d8 dgram 0 0 0 1ffc2a8 1ffc2a8 0
1ffc2a8 dgram 0 0 0 1ffc5d8 1ffc5d8 0
1ffc440 dgram 0 0 0 1ffc990 0 1ffc4c8
1ffc4c8 dgram 0 0 0 1ffc990 0 1ffc550
1ffc550 dgram 0 0 0 1ffc990 0 1ffc660
1ffc660 dgram 0 0 0 1ffc990 0 1ffc6e8
1ffc6e8 dgram 0 0 0 1ffc990 0 1ffc7f8
1ffc7f8 dgram 0 0 0 1ffc990 0 1ffcbb0
1ffcbb0 dgram 0 0 0 1ffc990 0 1ffc880
1ffc880 dgram 0 0 0 1ffc990 0 1ffcc38
1ffc908 dgram 0 0 0 1ffcaa0 1ffcaa0 0
1ffcaa0 dgram 0 0 0 1ffc908 1ffc908 0
1ffcc38 dgram 0 0 0 1ffc990 0 1ffccc0
1ffccc0 dgram 0 0 0 1ffc990 0 1ffcb28
1ffcb28 dgram 0 0 0 1ffc990 0 1ffcd48
1ffcd48 dgram 0 0 0 1ffc990 0 0
1ffc990 dgram 0 0 226b528 0 1ffc440 0 /var/run/syslogI have taken all the normal precautions, firewall on stealth mode, all services off etc. Do you see anything that is not supposed to be there?
I am primarily concerned with security against remote attacks.
Thanks
