Incoming IP address accessing my iMac

[dcloud4]

So recently I have had a few issues with my iMac desktop supposedly being hacked into. I did take it to an Apple Store where they had fixed the problem I thought (was quite detailed). I recently returned from having my iMac fixed and free of spyware with Yosemite installed. Last night I had been reinstalling wow onto my Mac with my firewall enabled and a secure wpa2 wireless hidden address with Mac address requirements for connection only enabled.

Then out of the blue I get a prompt message on my Mac asking me to approve of an IP address connection through my network. Thinking it was something to do with my wow download I clicked accept - it was an IP address. However I have recently opened console on my iMac and thought many commands on the framework looked odd. I feel that something is also leeching my network speed. Could someone please help me in deleting this IP address from my firewall or deleting it from accessing my computer. Will reinstalling and deleting the operating system erase the IP address from my computer and firewall. It does not look to be showing up on the firewall.

 

[inscrewtable]

snip

Maybe safer to make a boot installer on a usb or SD card and reformat your drive and do a clean install, that will definitely get rid of anything.

 

[dcloud4]

Thanks

Please help my stupidity.



Question - if I do a reinstall for OS X by making a copy of my current OS X will the firewall and incoming/outgoing network connections be saved onto the copy also? Will any spyware/key-logging be copied from the OS X if it is now in the framework, could it be in the framework?

And - If I end up doing a reinstall completely by download will any spyware/key-logging or incoming/outgoing unauthorised connection be able to take place on my computer while the download is downloading? Will the firewall be down during the download could any attack continue while downloading the OS X?

I had a feeling somehow spyware was getting into my mac through posing as an apple server port or bonjour. Maybe I am just paranoid actually paying attention to the commands in the framework for the first time.

Reformatting the HDD drive will essentially be erasing it is that correct?

P.S
I have recently installed 'Little Snitch' program which has helped a lot if not ease my conscience.

 

[dcloud4]

13/11/2014 9:14:05.298 pm sharingd[212]: 21:14:05.298 : Stopping Handoff advertising
13/11/2014 9:14:12.558 pm com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.
13/11/2014 9:14:12.895 pm com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.
13/11/2014 9:14:13.331 pm sharingd[212]: 21: : Stopping Handoff advertising
13/11/2014 9:14:13.377 pm com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.
13/11/2014 9:14:15.334 pm sharingd[212]: 21:14:15.334 : Stopping Handoff advertising
13/11/2014 9:14:15.934 pm com.apple.xpc.launchd[1]: (com.apple.WebKit.Networking.0B48EFAE-B1C4-D8669]) Service exited with abnormal code: 1
13/11/2014 9:14:19.920 pm sharingd[212]: 2919 : Stopping Handoff advertising


13/11/2014 9:01:46.582 pm discoveryd[49]: Basic Bonjour,Warn Warning: IPv6 listener multicast send failed en1, 49
13/11/2014 9:01:46.582 pm discoveryd[49]: Basic Bonjour,Warn Warning: IPv6 listener multicast send failed en1, 49
13/11/2014 9:01:46.587 pm identityservicesd[217]: <IMMacNotificationCenterManager: "">: notification observer: com.apple.iChat   notification: __CFNotification " {name = _NSDoNotDisturbDisabledNotification}
13/11/2014 9:01:46.595 pm identityservicesd[217]: <IMMacNotificationCenterManager: ">:    NC Disabled: NO
13/11/2014 9:01:46.602 pm identityservicesd[217]: <IMMacNotificationCenterManager: ">:   DND Enabled: NO
13/11/2014 9:01:46.602 pm identityservicesd[217]: <IMMacNotificationCenterManager: ">: Updating enabled: YES   (Topics: (
))
13/11/2014 9:01:46.000 pm kernel[0]: ARPT: " MacAuthEvent en1   Auth result for:---7c:13  MAC AUTH succeeded
13/11/2014 9:01:46.000 pm kernel[0]: AirPort: Link Up on en1
13/11/2014 9:01:46.000 pm kernel[0]: en1: BSSID changed to :fb:7c
13/11/2014 9:01:46.000 pm kernel[0]: en1::IO80211Interface::postMessage bssid changed
13/11/2014 9:01:46.000 pm kernel[0]: AirPort: RSN handshake complete on en1
13/11/2014 9:01:46.907 pm hidd[69]: MultitouchHID: device bootloaded
13/11/2014 9:01:47.374 pm sharingd[212]: "73 : Stopping Handoff advertising
13/11/2014 9:01:48.642 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '4imac' Advertising service started
13/11/2014 9:01:48.642 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '4mac' Advertising service started
13/11/2014 9:01:48.643 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '648d17efffd13c4000000000000008efip6arpa' Advertising service started
13/11/2014 9:01:48.651 pm networkd[129]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache
13/11/2014 9:01:48.651 pm UserEventAgent[16]: Captive: [CNInfoNetworkActive:1709] en1: SSID 'ems' making interface primary (cache indicates network not captive)
13/11/2014 9:01:48.651 pm configd[25]: network changed: DNS* Proxy
13/11/2014 9:01:48.651 pm UserEventAgent[16]: Captive: CNPluginHandler en1: Evaluating
13/11/2014 9:01:48.652 pm UserEventAgent[16]: Captive: en1: Not probing 'ems' (cache indicates not captive)
13/11/2014 9:01:48.652 pm UserEventAgent[16]: Captive: CNPluginHandler en1: Authenticated
13/11/2014 9:01:48.656 pm networkd[129]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache
13/11/2014 9:01:54.000 pm kernel[0]: ARPT: ": AirPort_Brcm43xx::powerChange: System Wake - Full Wake/ Dark Wake / Maintenance wake
13/11/2014 9:01:54.897 pm configd[25]: network changed: v4(en1!:1) DNS+ Proxy+ SMB
13/11/2014 9:01:54.914 pm discoveryd[49]: Basic DNSResolver UDNSServer:: PowerState is Wakeup
13/11/2014 9:01:54.000 pm kernel[0]: en1: BSSID changed to f"
13/11/2014 9:01:54.917 pm sharingd[212]: 26 : SDStatusMonitor::kStatusWirelessPowerChanged
13/11/2014 9:01:54.920 pm watchdogd[183]: [watchdog_daemon] @(         pm_callback) - ref=0x0 msg_type=0xe0000300 msg=0x0
13/11/2014 9:01:54.921 pm sharingd[212]: 21:01:54.920 : Stopping Handoff scanning
13/11/2014 9:01:54.921 pm sharingd[212]: 21:01:54.920 : Starting AirDrop server for user 501 on wake
13/11/2014 9:01:54.921 pm coreaudiod[199]: 2014-11-13 09:0112 PM [AirPlay] Power: SystemHasPoweredOn
13/11/2014 9:01:54.921 pm coreaudiod[199]: 2014-11-13 09:01:5302 PM [AirPlay] BTLE client starting to browse for AirPlay Solo Target Presence.
13/11/2014 9:01:54.925 pm coreaudiod[199]: 2014-11-13 09:01:6 PM [AirPlay] BTLE client started to browse for AirPlay Solo Target Presence.
13/11/2014 9:01:55.000 pm kernel[0]: IO80211AWDLPeerManager::setAwdlOperatingMode Setting the AWDL operation mode from SUSPENDED to AUTO
13/11/2014 9:01:55.000 pm kernel[0]: IO80211AWDLPeerManager::setAwdlAutoMode Resuming AWDL
13/11/2014 9:01:55.000 pm ntpd[148]: wake time set -0.424781 s

13/11/2014 5:56:19.655 pm com.apple.xpc.launchd[1]: (com.apple.WebKit.Networking.19-AFD3B[561]) Service exited with abnormal code: 1
13/11/2014 5:56:25.743 pm sharingd[212]: 17:56:25.743 : Stopping Handoff advertising
13/11/2014 5:56:26.000 pm sharingd[212]: 17:56:26.000 : Stopping Handoff advertising
13/11/2014 5:56:28.002 pm sharingd[212]: 17:56:28.001 : Stopping Handoff advertising
13/11/2014 5:56:30.741 pm sharingd[212]: 17:56:30.741 : Stopping Handoff advertising
13/11/2014 5:56:40.238 pm sharingd[212]: 17:56:40.238 : Stopping Handoff advertising
13/11/2014 5:57:11.150 pm sharingd[212]: 17:57:11.149 : Stopping Handoff advertising
13/11/2014 5:57:20.631 pm sharingd[212]: 17:57:20.630 : Stopping Handoff advertising
13/11/2014 5:57:21.456 pm sharingd[212]: 17:57:21.455 : Stopping Handoff advertising
13/11/2014 5:57:23.064 pm sharingd[212]: 17:57:23.064 : Stopping Handoff advertising
13/11/2014 5:57:32.039 pm sharingd[212]: 17:57:32.038 : Stopping Handoff advertising
13/11/2014 5:57:41.003 pm sharingd[212]: 17:57:41.003 : Stopping Handoff advertising
13/11/2014 5:57:50.410 pm sharingd[212]: 17:57:50.409 : Stopping Handoff advertising

13/11/2014 5:55:08.000 pm kernel[0]: ARPT: 7944: MacAuthEvent en1   Auth result for: """:fb::13  MAC AUTH succeeded
13/11/2014 5:55:08.000 pm kernel[0]: AirPort: Link Up on en1
13/11/2014 5:55:08.000 pm kernel[0]: en1: BSSID changed to "
13/11/2014 5:55:08.000 pm kernel[0]: en1::IO80211Interface::postMessage bssid changed
13/11/2014 5:55:08.000 pm kernel[0]: AirPort: RSN handshake complete on en1
13/11/2014 5:55:08.937 pm hidd[69]: MultitouchHID: device bootloaded
13/11/2014 5:55:10.125 pm networkd[129]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache
13/11/2014 5:55:10.126 pm configd[25]: network changed: DNS* Proxy
13/11/2014 5:55:10.126 pm UserEventAgent[16]: Captive: [CNInfoNetworkActive:1709] en1: SSID 's' making interface primary (cache indicates network not captive)
13/11/2014 5:55:10.126 pm UserEventAgent[16]: Captive: CNPluginHandler en1: Evaluating
13/11/2014 5:55:10.126 pm UserEventAgent[16]: Captive: en1: Not probing 's' (cache indicates not captive)
13/11/2014 5:55:10.126 pm UserEventAgent[16]: Captive: CNPluginHandler en1: Authenticated
13/11/2014 5:55:10.127 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: 'mac' Advertising service started
13/11/2014 5:55:10.127 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '-imac' Advertising service started
13/11/2014 5:55:10.128 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '648d1arpa' Advertising service started
13/11/2014 5:55:10.132 pm networkd[129]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache

 

[joshlalonde]

Hmmm, I have no clue...
Something about handoff and Airdrop... But I'm not sure what the point of these logs are? Where'd you get them from? It's networking stuff, that much is obvious

 

[inscrewtable]

Thanks


Question - if I do a reinstall for OS X by making a copy of my current OS X

What you want to do is download a new copy of OS X from the app store but do not install it. It will then be in your Applications folder. Then get yourself a USB Stick that holds at least 8GB. Then download a copy of DiskMaker and run it. It will then find the OSX install you just downloaded and load it onto the USB stick and prepare it so you can boot from it.

Then when you boot into the installer you will see Utilities in the menu, from there you can run Disk Utility and reformat your HDD. This will erase EVERYTHING on the HDD then continue with the Installer which will then install a fresh copy of OS X.

Naturally you will need to back up all your documents before erasing your HDD. Then reinstall all your apps.

Whether you need to do all this or not, I don't know because I don't understand what the logs you posted mean. But you will have a completely clean system for sure. You should not need to play around with your firewall.