Finder trying a suspicious connection via smbclient

sOwL

macrumors 6502
Original poster
Sep 25, 2007
491
5
Nerd Cave
I'm not very knowledgeable when it comes to how OSX handles network activity, but this stinks: Every time I open Finder (quitting and relaunching does it too) LittleSnitch is giving me a popup titled 'Finder via smbclient' stating that Finder is trying to connect to some external IP (25.96.233.133, somewhere in England??). I've researched about smbclient and I don't think this is normal. Someone told me to try "nmblookup -M -- -" in Terminal to check for any Windows computers in my network. That command gives this:
querying __MSBROWSE__ on 192.168.1.255
192.168.1.14 __MSBROWSE__<01>
25.96.233.133 __MSBROWSE__<01>
The first IP is indeed assigned to a Windows computer in my network, but I have no freaking idea about that second, external IP. Pinged it, it returns nothing, 100% packet loss. Did nslookup, whois, traceroute, still can't figure out what it is. Could it be some kind of malware??

EDIT: Forgot to mention, running on 10.6.8
 
Last edited:

justperry

macrumors G4
Aug 10, 2007
10,175
5,319
Home is everywhere and nowhere.
How do you know it is in England if the ping or anything else returns nothing?

I got:

Ping has started…

PING 25.96.233.133 (25.96.233.133): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
Request timeout for icmp_seq 8

--- 25.96.233.133 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss

Same with http, nothing.
 

sOwL

macrumors 6502
Original poster
Sep 25, 2007
491
5
Nerd Cave
How do you know it is in England if the ping or anything else returns nothing?

I got:

Ping has started…

PING 25.96.233.133 (25.96.233.133): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
Request timeout for icmp_seq 8

--- 25.96.233.133 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss

Same with http, nothing.
I ran a RIPE whois. For some funny reason Network utility won't work. Try this link: http://whois.net/ip-address-lookup/25.96.233.133

"netname: UK-MOD-19850128
descr: DINSA, Ministry of Defence
country: GB"

and also "org-name: DINSA, Ministry of Defence". Looks fishy tbh
 

justperry

macrumors G4
Aug 10, 2007
10,175
5,319
Home is everywhere and nowhere.

justperry

macrumors G4
Aug 10, 2007
10,175
5,319
Home is everywhere and nowhere.
Thanks, I have found that page already. Thing is, I have't got logmein on this computer, but I am using it on the windows pc. Could that be the case?
Don't know.
Read a bit more, seems to be "harmless", just make a rule in LS to always block it, if you then get problems with a certain program you know where it is coming from.
 

sOwL

macrumors 6502
Original poster
Sep 25, 2007
491
5
Nerd Cave
I will further investigate just how Logmein works on the Windows computer (It creates a virtual network adapter, so it could be acting as a new computer in the network? Not sure) and then research some more about how smbclient works on OSX. It will stay always blocked, for sure. Thanks for trying to help out bud.
 

benwiggy

macrumors 68020
Jun 15, 2012
2,186
15
I love the way that someone on the LogMeIn Community board thought the British Government was spying on them because they watched a BBC sitcom from a torrent site!

In short: the IP address doesn't go to the MoD, but is something to do with LogMeIn.

Yes another instance of Little Snitch making people worry about genuine, harmless network connections.