Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

System Log "forensics" - Unauthorized device added - Hacked?

W

Wanderpath

macrumors newbie
Original poster
Nov 2, 2017
4
0
Macbook Pro 2011 15" OS 10.7.5

I've had some security issues as of late. Aside from Little Snitch and Wireshark usage, I discovered that a device was added to the System Preferences => Network as a "modem" if I recall correctly (usually the left window shows WiFi, Ethernet and Firewire). I promptly removed it - it was a knee-jerk reaction. It was a Samsung something or other. Only after did I start using Little Snitch and Wireshark to see if I could locate the intrusion and potential traffic. Anyhow, to make this short, I will omit extraneous details...

What I am wanting to do, if possible, is to search any log files, system or otherwise, to see if I could locate an instance of this intrusion, this device being added. Just in case I need proof that another device accessed my internet via illegal means, should the information they surfed online might be illegal or warrant investigation of ME.

Thank you - please let me know if you need any other information from me.
 
If a Samsung device was ever connected by cable, or perhaps even used nearby with Bluetooth active on the MBP... it might appear in the list unless
'ask to join new networks' was checked on in Network Preferences, and Remember Networks... checked off, in ...Advanced.

Have LS & Wireshark shown anything unexpected ?.
 
Not that I am aware of, via cable. Could POSSIBLY have been done while I left the room (with guests - but that's... paranoid thinking, right?). Bluetooth... has been rarely on. All settings should be (or at least should have been) set to "ask to join..." or even OFF. Remember Networks? Hmm... now that, I thought, was more for my own wireless access points (coffee shop, home, work, hotel, etc). Hmm. So.

Yes, since then, wireshark and LS have shown some things (after the fact - were not on during the incident, unfortunately) ... brute force, for one. I believe blocked. IP stored... but I don't think that has anything to do with this? I just basically want to know where, in the macbooks logs, I can locate that this device was added - for record purposes, mostly.
 
BrianBaughn said:
If you're truly concerned about security you should upgrade macOS. There hasn't been a security update for 10.7.x in over three years.
Click to expand...
Thanks, but this does not answer my question. Do you have a solution to my question? And YEAH... I'm going to. Just backed all of my important files up. This is the LAST freakin' step before I make the jump. So please, if you have information on how I can locate the device being added in the LOG files, that would be great. Not some kind of snarky advice.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back