I apologize in advance for the length of this post, but I need advice and help to resolve a security/privacy issue that is driving me crazy.
I have been using NextDNS for a long time to filter and control outgoing connections from my devices. My iPhone, iPad, and iMac (2019) use a DNS configuration profile, and the router is also configured to use NextDNS via DoT.
For the past few days, around the same time each day, there have been "ghost" connections to Russian tracking sites, gambling sites, or adult sites, which are correctly identified and blocked by NextDNS. In the NextDNS logs, these connections appear to be coming from the router, not from any Apple device with a configuration profile. So, I installed Pi-hole on an old laptop running Ubuntu and, to my surprise, I noticed that these connections were actually coming from my iMac.
At this point, without losing hope, I removed the configuration profile and installed Little Snitch, confident that I would find the culprit, but so far I haven't had any success: tonight, NextDNS recorded the same connections highlighted in the screenshot (which, by the way, are always the same, in the same sequence, for days), even though these connections don't appear in Little Snitch.
To clarify, I am using Sequoia 15.1, which was a fresh install made about a month ago after wiping the entire disk. All installed applications are from the App Store or identified developers, and all software on the Mac is 100% legitimately purchased.
To summarize, there is something on my iMac that is able to:
Make connections to potentially dangerous sites
Bypass the DNS filter from the configuration profile
Not be identified by Little Snitch
Any ideas? Suggestions?
I have been using NextDNS for a long time to filter and control outgoing connections from my devices. My iPhone, iPad, and iMac (2019) use a DNS configuration profile, and the router is also configured to use NextDNS via DoT.
For the past few days, around the same time each day, there have been "ghost" connections to Russian tracking sites, gambling sites, or adult sites, which are correctly identified and blocked by NextDNS. In the NextDNS logs, these connections appear to be coming from the router, not from any Apple device with a configuration profile. So, I installed Pi-hole on an old laptop running Ubuntu and, to my surprise, I noticed that these connections were actually coming from my iMac.
At this point, without losing hope, I removed the configuration profile and installed Little Snitch, confident that I would find the culprit, but so far I haven't had any success: tonight, NextDNS recorded the same connections highlighted in the screenshot (which, by the way, are always the same, in the same sequence, for days), even though these connections don't appear in Little Snitch.
To clarify, I am using Sequoia 15.1, which was a fresh install made about a month ago after wiping the entire disk. All installed applications are from the App Store or identified developers, and all software on the Mac is 100% legitimately purchased.
To summarize, there is something on my iMac that is able to:
Make connections to potentially dangerous sites
Bypass the DNS filter from the configuration profile
Not be identified by Little Snitch
Any ideas? Suggestions?
