Mysterious Telnet Address

Discussion in 'MacBook Pro' started by Scott Elder, Feb 18, 2017.

  1. Scott Elder macrumors newbie

    Scott Elder

    Joined:
    Feb 18, 2017
    #1
    Using my 2012 Macbook Pro with Sierra, I tried to telnet into a 2014 Mac Mini inside my home. Both computers are on the NAT home-side of my Time Capsule router. For a while I was receiving a very mysterious IP address response back. Hopefully someone can help me understand why.

    I have the Mac Mini setup as a triple boot with Mac OS X, Windows 8, and Ubuntu 16.04 LTS. My problem was evident when the Mac Mini was booted with Ubuntu.

    I was able to telnet successfully a few times as shown below. But then yesterday the telnet response suggested that I was trying to connect to an address I did not specify. I listed the example below. I changed my local IP address numbers to "x" for obvious reasons. The non-x IP address is the actual unknown address reply back.

    Here is what happens when I am successful:

    Scotts-MacBook-Pro:~ scotty$ telnet xx.x.x.xx 5901
    Trying xx.x.x.xx...
    Connected to xx.x.x.xx.
    Escape character is '^]'.
    RFB 003.008

    But yesterday this was the reply for the same address above, but a different port (i.e. 5901 vs. 5900):

    Scotts-MacBook-Pro:~ scotty$ telnet xx.x.x.xx 5900
    Trying 92.242.140.2...

    The connection never happened and I eventually control-C out.

    Can someone help me understand what has happened. I panicked a bit thinking I had been hacked and started to rip apart my Airport Express extenders which didn't fix anything. I eventually rebooted the Mac Mini, started no processes, and the mysterious response went away.
     
  2. dyn macrumors 68030

    Joined:
    Aug 8, 2009
    Location:
    .nl
    #2
    Port 5900 and 5901 are VNC ports. Apparently there was a VNC instance running on port 5901 but not on 5900. From what you posted here I can only say that you tried to connect to a VNC instance on the Mac mini which is running on port 5901 and not on 5901.

    The IP address belongs to a company called "BAREFRUIT-ERRORHANDLING". When I search for that I find a company that offers a service to ISPs that allow them to catch all domain names and IP addresses that do not exist and re-route to some "this does not exist" page or some advertisement (check out their homepage). Verizon does something like that too. Not everybody likes this: DNS Hijacking via Barefruit Talktalk and Others. I tend to agree with this: the web already handles these kind of things, services like this is just hijacking traffic. I'm not even sure this is even within EU regulations (the current net "neutrality" regulation in particular) because this is just messing with certain kind of internet traffic. The UK is still in the EU and thus still has to follow the regulations.
     

Share This Page