MacBook Pro hacked by Folx(?)

Discussion in 'macOS' started by frogman5, Apr 14, 2012.

  1. frogman5, Apr 14, 2012
    Last edited: Apr 14, 2012

    frogman5 macrumors newbie

    Apr 14, 2012
    Found multiple entries in log that appear/read as just "suspicious;" Yes, I use FOLX. Maybe not the brightest of activities, I agree, but the thought of good free documents proved too tempting.
    The following are only a few of the weirdest ones. I wish I knew more but I am not certain how to go about finding and then sifting through the infinite minutiae of it all.

    "4/14/12 8:49:47 AM Firewall[67] GoogleTalkPlugin is listening from proto=6

    4/12/12 7:03:05 AM Firewall[68] krb5kdc is listening from proto=6

    4/13/12 7:21:56 AM Firewall[68] cupsd is listening from proto=6

    4/12/12 3:27:19 PM ntpd[34] time reset -0.657606 s

    4/12/12 9:27:53 PM Firewall[71] Deny configd data in from to port 68 proto=17

    4/12/12 9:55:19 PM loginwindow[48] in pam_sm_authenticate(): Failed to determine Kerberos principal name."

    Became a bit paranoid when I booted and saw the time changed and date set back to 2000.
    Are ANY of these at all suspect? Not at all able to decipher this stuff, where can I read about the codes I am seeing without bothering everyone here?

  2. Ccrew macrumors 68020

    Feb 28, 2011
    Nothing I see there out of line. three services allowed to talk by the firewall are the first three lines. 4th line is a time reset based on an NTP request. last two are failed authentications for a configuration update (looks like you may have uPnP turned on on your router?) and the machine unable to verify a kerberos ticked which is simply a SPN error (Service Principal Name)

    All in all pretty benign, and certainly nothing to panic over.

Share This Page