Incoming IP address accessing my iMac

Discussion in 'Mac Basics and Help' started by dcloud4, Nov 12, 2014.

  1. dcloud4 macrumors newbie

    Joined:
    Nov 12, 2014
    #1
    So recently I have had a few issues with my iMac desktop supposedly being hacked into. I did take it to an Apple Store where they had fixed the problem I thought (was quite detailed). I recently returned from having my iMac fixed and free of spyware with Yosemite installed. Last night I had been reinstalling wow onto my Mac with my firewall enabled and a secure wpa2 wireless hidden address with Mac address requirements for connection only enabled.

    Then out of the blue I get a prompt message on my Mac asking me to approve of an IP address connection through my network. Thinking it was something to do with my wow download I clicked accept - it was an IP address. However I have recently opened console on my iMac and thought many commands on the framework looked odd. I feel that something is also leeching my network speed. Could someone please help me in deleting this IP address from my firewall or deleting it from accessing my computer. Will reinstalling and deleting the operating system erase the IP address from my computer and firewall. It does not look to be showing up on the firewall. :(
     
  2. inscrewtable macrumors 68000

    inscrewtable

    Joined:
    Oct 9, 2010
    Location:
    Australia
    #2
    Maybe safer to make a boot installer on a usb or SD card and reformat your drive and do a clean install, that will definitely get rid of anything.
     
  3. dcloud4, Nov 13, 2014
    Last edited: Nov 13, 2014

    dcloud4 thread starter macrumors newbie

    Joined:
    Nov 12, 2014
    #3
    Thanks :)

    Please help my stupidity.

    :(

    Question - if I do a reinstall for OS X by making a copy of my current OS X will the firewall and incoming/outgoing network connections be saved onto the copy also? Will any spyware/key-logging be copied from the OS X if it is now in the framework, could it be in the framework?

    And - If I end up doing a reinstall completely by download will any spyware/key-logging or incoming/outgoing unauthorised connection be able to take place on my computer while the download is downloading? Will the firewall be down during the download could any attack continue while downloading the OS X?

    I had a feeling somehow spyware was getting into my mac through posing as an apple server port or bonjour. Maybe I am just paranoid actually paying attention to the commands in the framework for the first time. :confused:

    Reformatting the HDD drive will essentially be erasing it is that correct? :cool:

    P.S
    I have recently installed 'Little Snitch' program which has helped a lot if not ease my conscience.
     
  4. dcloud4, Nov 13, 2014
    Last edited by a moderator: Nov 14, 2014

    dcloud4 thread starter macrumors newbie

    Joined:
    Nov 12, 2014
    #4
    Code:
    13/11/2014 9:14:05.298 pm sharingd[212]: 21:14:05.298 : Stopping Handoff advertising
    13/11/2014 9:14:12.558 pm com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.
    13/11/2014 9:14:12.895 pm com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.
    13/11/2014 9:14:13.331 pm sharingd[212]: 21: : Stopping Handoff advertising
    13/11/2014 9:14:13.377 pm com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.
    13/11/2014 9:14:15.334 pm sharingd[212]: 21:14:15.334 : Stopping Handoff advertising
    13/11/2014 9:14:15.934 pm com.apple.xpc.launchd[1]: (com.apple.WebKit.Networking.0B48EFAE-B1C4-D8669]) Service exited with abnormal code: 1
    13/11/2014 9:14:19.920 pm sharingd[212]: 2919 : Stopping Handoff advertising
    
    
    13/11/2014 9:01:46.582 pm discoveryd[49]: Basic Bonjour,Warn Warning: IPv6 listener multicast send failed en1, 49
    13/11/2014 9:01:46.582 pm discoveryd[49]: Basic Bonjour,Warn Warning: IPv6 listener multicast send failed en1, 49
    13/11/2014 9:01:46.587 pm identityservicesd[217]: <IMMacNotificationCenterManager: "">: notification observer: com.apple.iChat   notification: __CFNotification " {name = _NSDoNotDisturbDisabledNotification}
    13/11/2014 9:01:46.595 pm identityservicesd[217]: <IMMacNotificationCenterManager: ">:    NC Disabled: NO
    13/11/2014 9:01:46.602 pm identityservicesd[217]: <IMMacNotificationCenterManager: ">:   DND Enabled: NO
    13/11/2014 9:01:46.602 pm identityservicesd[217]: <IMMacNotificationCenterManager: ">: Updating enabled: YES   (Topics: (
    ))
    13/11/2014 9:01:46.000 pm kernel[0]: ARPT: " MacAuthEvent en1   Auth result for:---7c:13  MAC AUTH succeeded
    13/11/2014 9:01:46.000 pm kernel[0]: AirPort: Link Up on en1
    13/11/2014 9:01:46.000 pm kernel[0]: en1: BSSID changed to :fb:7c
    13/11/2014 9:01:46.000 pm kernel[0]: en1::IO80211Interface::postMessage bssid changed
    13/11/2014 9:01:46.000 pm kernel[0]: AirPort: RSN handshake complete on en1
    13/11/2014 9:01:46.907 pm hidd[69]: MultitouchHID: device bootloaded
    13/11/2014 9:01:47.374 pm sharingd[212]: "73 : Stopping Handoff advertising
    13/11/2014 9:01:48.642 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '4imac' Advertising service started
    13/11/2014 9:01:48.642 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '4mac' Advertising service started
    13/11/2014 9:01:48.643 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '648d17efffd13c4000000000000008efip6arpa' Advertising service started
    13/11/2014 9:01:48.651 pm networkd[129]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache
    13/11/2014 9:01:48.651 pm UserEventAgent[16]: Captive: [CNInfoNetworkActive:1709] en1: SSID 'ems' making interface primary (cache indicates network not captive)
    13/11/2014 9:01:48.651 pm configd[25]: network changed: DNS* Proxy
    13/11/2014 9:01:48.651 pm UserEventAgent[16]: Captive: CNPluginHandler en1: Evaluating
    13/11/2014 9:01:48.652 pm UserEventAgent[16]: Captive: en1: Not probing 'ems' (cache indicates not captive)
    13/11/2014 9:01:48.652 pm UserEventAgent[16]: Captive: CNPluginHandler en1: Authenticated
    13/11/2014 9:01:48.656 pm networkd[129]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache
    13/11/2014 9:01:54.000 pm kernel[0]: ARPT: ": AirPort_Brcm43xx::powerChange: System Wake - Full Wake/ Dark Wake / Maintenance wake
    13/11/2014 9:01:54.897 pm configd[25]: network changed: v4(en1!:1) DNS+ Proxy+ SMB
    13/11/2014 9:01:54.914 pm discoveryd[49]: Basic DNSResolver UDNSServer:: PowerState is Wakeup
    13/11/2014 9:01:54.000 pm kernel[0]: en1: BSSID changed to f"
    13/11/2014 9:01:54.917 pm sharingd[212]: 26 : SDStatusMonitor::kStatusWirelessPowerChanged
    13/11/2014 9:01:54.920 pm watchdogd[183]: [watchdog_daemon] @(         pm_callback) - ref=0x0 msg_type=0xe0000300 msg=0x0
    13/11/2014 9:01:54.921 pm sharingd[212]: 21:01:54.920 : Stopping Handoff scanning
    13/11/2014 9:01:54.921 pm sharingd[212]: 21:01:54.920 : Starting AirDrop server for user 501 on wake
    13/11/2014 9:01:54.921 pm coreaudiod[199]: 2014-11-13 09:0112 PM [AirPlay] Power: SystemHasPoweredOn
    13/11/2014 9:01:54.921 pm coreaudiod[199]: 2014-11-13 09:01:5302 PM [AirPlay] BTLE client starting to browse for AirPlay Solo Target Presence.
    13/11/2014 9:01:54.925 pm coreaudiod[199]: 2014-11-13 09:01:6 PM [AirPlay] BTLE client started to browse for AirPlay Solo Target Presence.
    13/11/2014 9:01:55.000 pm kernel[0]: IO80211AWDLPeerManager::setAwdlOperatingMode Setting the AWDL operation mode from SUSPENDED to AUTO
    13/11/2014 9:01:55.000 pm kernel[0]: IO80211AWDLPeerManager::setAwdlAutoMode Resuming AWDL
    13/11/2014 9:01:55.000 pm ntpd[148]: wake time set -0.424781 s
    
    13/11/2014 5:56:19.655 pm com.apple.xpc.launchd[1]: (com.apple.WebKit.Networking.19-AFD3B[561]) Service exited with abnormal code: 1
    13/11/2014 5:56:25.743 pm sharingd[212]: 17:56:25.743 : Stopping Handoff advertising
    13/11/2014 5:56:26.000 pm sharingd[212]: 17:56:26.000 : Stopping Handoff advertising
    13/11/2014 5:56:28.002 pm sharingd[212]: 17:56:28.001 : Stopping Handoff advertising
    13/11/2014 5:56:30.741 pm sharingd[212]: 17:56:30.741 : Stopping Handoff advertising
    13/11/2014 5:56:40.238 pm sharingd[212]: 17:56:40.238 : Stopping Handoff advertising
    13/11/2014 5:57:11.150 pm sharingd[212]: 17:57:11.149 : Stopping Handoff advertising
    13/11/2014 5:57:20.631 pm sharingd[212]: 17:57:20.630 : Stopping Handoff advertising
    13/11/2014 5:57:21.456 pm sharingd[212]: 17:57:21.455 : Stopping Handoff advertising
    13/11/2014 5:57:23.064 pm sharingd[212]: 17:57:23.064 : Stopping Handoff advertising
    13/11/2014 5:57:32.039 pm sharingd[212]: 17:57:32.038 : Stopping Handoff advertising
    13/11/2014 5:57:41.003 pm sharingd[212]: 17:57:41.003 : Stopping Handoff advertising
    13/11/2014 5:57:50.410 pm sharingd[212]: 17:57:50.409 : Stopping Handoff advertising
    
    13/11/2014 5:55:08.000 pm kernel[0]: ARPT: 7944: MacAuthEvent en1   Auth result for: """:fb::13  MAC AUTH succeeded
    13/11/2014 5:55:08.000 pm kernel[0]: AirPort: Link Up on en1
    13/11/2014 5:55:08.000 pm kernel[0]: en1: BSSID changed to "
    13/11/2014 5:55:08.000 pm kernel[0]: en1::IO80211Interface::postMessage bssid changed
    13/11/2014 5:55:08.000 pm kernel[0]: AirPort: RSN handshake complete on en1
    13/11/2014 5:55:08.937 pm hidd[69]: MultitouchHID: device bootloaded
    13/11/2014 5:55:10.125 pm networkd[129]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache
    13/11/2014 5:55:10.126 pm configd[25]: network changed: DNS* Proxy
    13/11/2014 5:55:10.126 pm UserEventAgent[16]: Captive: [CNInfoNetworkActive:1709] en1: SSID 's' making interface primary (cache indicates network not captive)
    13/11/2014 5:55:10.126 pm UserEventAgent[16]: Captive: CNPluginHandler en1: Evaluating
    13/11/2014 5:55:10.126 pm UserEventAgent[16]: Captive: en1: Not probing 's' (cache indicates not captive)
    13/11/2014 5:55:10.126 pm UserEventAgent[16]: Captive: CNPluginHandler en1: Authenticated
    13/11/2014 5:55:10.127 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: 'mac' Advertising service started
    13/11/2014 5:55:10.127 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '-imac' Advertising service started
    13/11/2014 5:55:10.128 pm discoveryd[49]: AwdlD2d AwdlD2dStartAdvertisingPair: '648d1arpa' Advertising service started
    13/11/2014 5:55:10.132 pm networkd[129]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache
     
  5. joshlalonde, Nov 13, 2014
    Last edited: Nov 13, 2014

    joshlalonde macrumors 6502

    joshlalonde

    Joined:
    Jul 12, 2014
    Location:
    Canada
    #5
    Hmmm, I have no clue...
    Something about handoff and Airdrop... But I'm not sure what the point of these logs are? Where'd you get them from? It's networking stuff, that much is obvious
     
  6. inscrewtable macrumors 68000

    inscrewtable

    Joined:
    Oct 9, 2010
    Location:
    Australia
    #6
    What you want to do is download a new copy of OS X from the app store but do not install it. It will then be in your Applications folder. Then get yourself a USB Stick that holds at least 8GB. Then download a copy of DiskMaker and run it. It will then find the OSX install you just downloaded and load it onto the USB stick and prepare it so you can boot from it.

    Then when you boot into the installer you will see Utilities in the menu, from there you can run Disk Utility and reformat your HDD. This will erase EVERYTHING on the HDD then continue with the Installer which will then install a fresh copy of OS X.

    Naturally you will need to back up all your documents before erasing your HDD. Then reinstall all your apps.

    Whether you need to do all this or not, I don't know because I don't understand what the logs you posted mean. But you will have a completely clean system for sure. You should not need to play around with your firewall.
     

Share This Page