Urgent: netstat -a results contain 'Listen'

Discussion in 'macOS' started by MacBoobsPro, May 9, 2007.

  1. MacBoobsPro macrumors 603

    MacBoobsPro

    Joined:
    Jan 10, 2006
    #1
    Hopefully with that title I will get a educated response.

    My internet speeds have slowed to a crawl recently and after many an hour on the phone to Virgin Media I have given up and will be cancelling my subscription after 5 years of being a loyal customer. Anyhoo... thats another story.

    I managed to get something out of them after they told me they dont support 10.4 (for them to fix my problem I would have to downgrade to 10.3). They said open terminal and type 'netstat -a' "this will check for spyware" they said. I was confident there would be none but ran it anyway. The results came up 'listen' on many of listings. But they couldnt help me any further because "we dont support 10.4".

    So does this mean I have Spyware blocking my bandwidth or what? I fecking hope not but just incase whats the best way to remove said stuff i.e. which program, and is this the first known case of spyware on OSX?

    Please help ASAP. If I dont have Spyware I will be cancelling my subscription with Virgin because they are again trying to fob me off with idiotic information.

    Thanks guys.

    EDIT: I have turned on Firewall Logging to see whats happening and have

    'Mar 19 17:49:15 G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.2:49876 from 195.173.72.67:80' this listed again and again. Is some bastard trying to hack my mac and has somehow got spyware on my machine?
     
  2. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #2
    Did you check what was listening and on what port? I got ssh, netinfo, and Apple Remote Desktop.
     
  3. MacBoobsPro thread starter macrumors 603

    MacBoobsPro

    Joined:
    Jan 10, 2006
    #3
    Its all a bit alien to me but this is part of what i got:

    Active Internet connections (including servers)
    Proto Recv-Q Send-Q Local Address Foreign Address (state)
    tcp4 0 0 *.* *.* CLOSED
    tcp4 0 0 *.* *.* CLOSED
    tcp4 0 0 *.* *.* CLOSED
    tcp4 0 0 *.svrloc *.* LISTEN
    tcp4 0 0 *.* *.* CLOSED
    tcp4 0 0 *.afpovertcp *.* LISTEN
    tcp46 0 0 *.afpovertcp *.* LISTEN
    tcp4 0 0 *.ipp *.* LISTEN
    tcp4 0 0 localhost.netinfo-loca localhost.1017 ESTABLISHED
    tcp4 0 0 localhost.1017 localhost.netinfo-loca ESTABLISHED
    tcp4 0 0 localhost.netinfo-loca localhost.1021 ESTABLISHED
    tcp4 0 0 localhost.1021 localhost.netinfo-loca ESTABLISHED
    tcp4 0 0 localhost.netinfo-loca *.* LISTEN
    tcp4 0 0 *.printer *.* LISTEN
    tcp6 0 0 *.515 *.* LISTEN
    udp4 0 0 *.* *.*
     
  4. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #4
    afpovertcp = Apple File Protocol over TCP
    ipp = Internet Printing Protocol
    printer = Probably Line Printer Daemon
    svrloc = Service Location Protocol (Sounds like Bonjour)
    netinfo = Netinfo
     
  5. MacBoobsPro thread starter macrumors 603

    MacBoobsPro

    Joined:
    Jan 10, 2006
    #5
    So you are not sure about .515? :(
     
  6. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #6
  7. MacBoobsPro thread starter macrumors 603

    MacBoobsPro

    Joined:
    Jan 10, 2006
    #7
    And whats all this crap in my firewall log?

    I have stealthmode on.


    Mar 19 19:16:19 G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.2:50892 from 80.67.87.6:80
    Mar 19 19:16:57 G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.2:50892 from 80.67.87.6:80
    Mar 19 19:18:38 G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.2:50976 from 66.98.218.12:80
    Mar 19 19:18:38 G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.2:50977 from 66.98.218.12:80
    Mar 19 19:18:41 G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.2:50976 from 66.9
     
  8. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #8
    External connection attempts from outside and the IP addresses that they came from via port 80.
     
  9. MacBoobsPro thread starter macrumors 603

    MacBoobsPro

    Joined:
    Jan 10, 2006
    #9
    Ok thanks for your kind help. Have 100s and 100s of these attempts popping up every minute. Could this be whats slowing down my connection and how can I attempt to put stop to it?
     
  10. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #10
    Sticking behind your firewall and/or router is the best you can do for that. The internet is crawling with background noise (a.k.a. internet background radiation) from zombie computers and machines trying to make connections. Those connections to your machine are being denied a reply since you're in stealth mode.

    The only real option is not to connect at all if you don't want the random noise.
     
  11. Mr.Texor macrumors regular

    Joined:
    Apr 20, 2007
    #11
    There's nothing you can do about those... every computer connected to the internet is being hammered constantly by worms, hackers, etc.. It's just stupid :(
     
  12. MacBoobsPro thread starter macrumors 603

    MacBoobsPro

    Joined:
    Jan 10, 2006
    #12
    Yes but Im paying £30 a month for 4mb broadband and only getting speeds of 20kbs.
     
  13. apfhex macrumors 68030

    apfhex

    Joined:
    Aug 8, 2006
    Location:
    Northern California
    #13
    No, that's normal (unfortunately).

    Sounds like that's the case. I guess if you really wanted to prove it wasn't your Mac, you'd have to get one running 10.3.x and see if nothing changes with your connection. But I think it's them.
     
  14. Mr.Texor macrumors regular

    Joined:
    Apr 20, 2007
    #14
    are you using a cable conection? if yes.. check your power level, signal to nose ratio, etc. To do so, you have to connect to your modem. Usually, the modem will be running on these addresses: 192.168.100.1 , 192.168.1.1 or 192.168.0.1

    then compare the signal values with those in here
     
  15. savar macrumors 68000

    savar

    Joined:
    Jun 6, 2003
    Location:
    District of Columbia
    #15
    Nothing to worry about. Stealth mode doesn't produce these messages, this is a different thing. One of those IPs belongs to interfacelift.com, the other one I couldn't find. But sporadic messages like this are pretty common. Nothing to worry about if they are each spaced out a few seconds or so.
     
  16. savar macrumors 68000

    savar

    Joined:
    Jun 6, 2003
    Location:
    District of Columbia
    #16
    Can you borrow a friend's laptop? Or install 10.3 onto a spare hard drive? Or just switch ISPs?
     
  17. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #17
    Which one is related to InterfaceLIFT?
     
  18. MacBoobsPro thread starter macrumors 603

    MacBoobsPro

    Joined:
    Jan 10, 2006
    #18
    I remembered I could use my MB to check too and get the same slow net speeds. Using both wireless and wired connections so its defo something to do with ISP.

    Ive had to stop now because im too busy so I am h=going to have to carry on with this crap on Friday as Thursday is a crazy ass 14 hour print deadline day for me.

    :mad: Im very pissed off right now!

    Thanks for the help and input guys. I may return with an update depending on what bullsh*t they feed me.
     

Share This Page