System Log "forensics" - Unauthorized device added - Hacked?

Discussion in 'MacBook Pro' started by Wanderpath, Nov 2, 2017.

  1. Wanderpath macrumors newbie

    Nov 2, 2017
    Macbook Pro 2011 15" OS 10.7.5

    I've had some security issues as of late. Aside from Little Snitch and Wireshark usage, I discovered that a device was added to the System Preferences => Network as a "modem" if I recall correctly (usually the left window shows WiFi, Ethernet and Firewire). I promptly removed it - it was a knee-jerk reaction. It was a Samsung something or other. Only after did I start using Little Snitch and Wireshark to see if I could locate the intrusion and potential traffic. Anyhow, to make this short, I will omit extraneous details...

    What I am wanting to do, if possible, is to search any log files, system or otherwise, to see if I could locate an instance of this intrusion, this device being added. Just in case I need proof that another device accessed my internet via illegal means, should the information they surfed online might be illegal or warrant investigation of ME.

    Thank you - please let me know if you need any other information from me.
  2. ab298 macrumors member

    Jun 18, 2017
    If a Samsung device was ever connected by cable, or perhaps even used nearby with Bluetooth active on the MBP... it might appear in the list unless
    'ask to join new networks' was checked on in Network Preferences, and Remember Networks... checked off, in ...Advanced.

    Have LS & Wireshark shown anything unexpected ?.
  3. Wanderpath thread starter macrumors newbie

    Nov 2, 2017
    Not that I am aware of, via cable. Could POSSIBLY have been done while I left the room (with guests - but that's... paranoid thinking, right?). Bluetooth... has been rarely on. All settings should be (or at least should have been) set to "ask to join..." or even OFF. Remember Networks? Hmm... now that, I thought, was more for my own wireless access points (coffee shop, home, work, hotel, etc). Hmm. So.

    Yes, since then, wireshark and LS have shown some things (after the fact - were not on during the incident, unfortunately) ... brute force, for one. I believe blocked. IP stored... but I don't think that has anything to do with this? I just basically want to know where, in the macbooks logs, I can locate that this device was added - for record purposes, mostly.
  4. BrianBaughn macrumors 603


    Feb 13, 2011
    Baltimore, Maryland
    If you're truly concerned about security you should upgrade macOS. There hasn't been a security update for 10.7.x in over three years.
  5. Wanderpath thread starter macrumors newbie

    Nov 2, 2017
    Thanks, but this does not answer my question. Do you have a solution to my question? And YEAH... I'm going to. Just backed all of my important files up. This is the LAST freakin' step before I make the jump. So please, if you have information on how I can locate the device being added in the LOG files, that would be great. Not some kind of snarky advice.

Share This Page

4 November 2, 2017