usr/sbin/racoon --> EXPLOITED?

Discussion in 'macOS' started by macnovice27, Sep 28, 2010.

  1. macnovice27 macrumors newbie

    Joined:
    Sep 28, 2010
    #1
    [​IMG]
    [​IMG]
    [​IMG]
    hello all.
    for various reasons i believe a former co-worker may have comprimised my machine.
    im running the latest version of OSX on a MBP.
    i have the entire norton suite running(firewall, antivirus, etc..)
    everytime i switch internet connections from home to office or anywhere, norton blocks a few processes. one of them is usr/sbin/racoon.
    it sometimes blocks cupsd as well but it ONLY blocks racoon when i come to my office. should i be concerned?
    im not a novice but i can pull up logs and furnish any type of outputs in terminal.
    i can also provide screenshots.
    appreciate the help in advance.
    thanks
     
  2. talmy macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #2
    Racoon and krb5kdc are system security programs and launchctl is the program launcher. They shouldn't be blocked. IMHO a good reason not to be using Norton -- the built-in firewall is fine and virus protection isn't needed or useful.
     
  3. unowen macrumors newbie

    unowen

    Joined:
    Oct 2, 2011
    Location:
    NYC, Eliz. Bay, NSW, and 'Hell-A'
    #3
    Yes, I know this is 6 years, after the fact, but, the 'root' of what you ask still remains (sadly).

    First; Macs are not/do not run/work like PCs.

    It's numbing to see how many people - who really have little, if any experience with Macs (more-than-likely, they've 'experience' with PCs - and all the problems associated with them), and think; 'I'll just poke around, and find 'something' amiss'.

    W-R-O-N-G.

    Macs can take care of themselves.

    Very rarely do you - a novice - need to root around.

    So many …not very bright people - are constantly dong this, and (much worse), utter berks give them 'advice' (and when they do, they never mention that, they, as well, are not Mac-experienced, not Mac experts - by far), and it's doing this, which leads to actual problems.

    Second;related to the first, is - unlike PC's, you don't need to run anti-malware, virus, etc., as long as you have a brain.

    What do I mean by this?

    The companies which make this garbage want you to shell out money, but, even some of the best companies, which do nothing else but scan the web for bad stuff (companies, such as Kapersky), will tell you that the current software approach - which is to ship out stuff, and then, update it, if something else has been found, is counter-productive, and will always be 'behind-the-8-ball'.

    It's 'retro-active', not 'pro-active'.

    Big difference.

    Why?

    Because, by this method, you're not protected from getting something, you're only protected after-the-fact.

    I've owned (only) Macs since …well, a long time.

    I've never - ever had any virus, infection, etc. software on my machines, and I've never got ANYthing.

    By following common sense.

    I don't read e-mails, but, many people do. You NEVER open ANYthing sent to you, by someone you don't recognise, nor should you open anything you weren't expecting.

    (emails can be spoofed, so something might appear to be from someone you know, but, it's not).

    - You never go to sites which don't have the little (green) lock icon.

    - Download software only from either the App Store, or the company's website, and NEVER from download sites, such as CNet, Download.com, etc.

    - Something everyone should read regularly, is The Safe Mac (available on Malware Bytes at blog.malwarebytes.com). IT's a terrific, well-known blog, which stays on top of what's 'out there', regarding macs, and it's written by someone with much experience, and knowledge, but, in a way which is open to all - and he (Mr. Reed) wants you to feel comfortable, both with The Safe Mac, and your Mac.

    - Don't listen to 'advice' from someone who's not either professionally or, expertly - verifiably - proficient with Macs (none of those idiots on Apple's forums should ever be listened to!)

    Some things to remember; there've been VERY few VERY bad things on Macs. That's for several reasons, including the OS itself, and the stringent - built-in - protection each-and-every ma has, but, also for such reasons as it's more economically advantageous to target PCs.

    The vast amount of bad stuff for macs, are things like malware, PUPs (Potentially Unwanted Programmes), Viruses, trojans, worms, spyware, adware.

    These programs may harass you, degrade your system’s performance and stability, and even get you to spend money on something that you didn’t really need, but by definition, they’re not doing anything outright malicious.

    Things which come inside trojans include Genieo, which is a PUP, that installs - and changes settings - of your browser.

    There's the ever annoying MacKeeper, which isn't bad - but, it's not good, not necessary. It's only purpose is for you to PAY for it.

    Don't use (torrent) downloads - not only because they can be rife with bad stuff, but - some of it (games, movies, etc) are there - posed by law enforcement types, who want to entrap you, and come after you legally.

    A god thing - in fact, something which is now a necessity - is to use a VPN (Virtual Private Network). Yes, there are free ones, but, as the saying goes, you get what you pay for, and in (at least) one case - that of HOLA, it can be VERY dangerous to use (if you currently, or formally have used HOLA, read this; http://adios-hola.org/)

    Personally, I use ExpressVPN (no, I'm not an employee, just a highly cautious, security-minded person, and find them to be excellent. One other added benefit (of most of the top VPNs) is, once you join their service, you're able to secure not only your home computer, but, your portables - iPhones, iPads, as well as Android devices - all for a low, monthly price. Once you do this, you can walk down the street, like I - and know with confidence, no one - absolutely no one (not law enforcement, government, etc.) can 'tap' into you(r device, communications), you can use public WiFi, and know there's no chance your data's being compromised.

    Your Mac is the best-operating machine out there. Think of it as an automobile. Many people drive them, but, not everyone's a mechanic, much less, a race car mechanic.

    Use your mac propitiously - and it will serve you very well.

    Just like you wouldn't take your car, and drive it off a cliff, THINK, before you do something you're not familiar with.

    If you do run into a problem, get an expert's opinion/help, and not some anonymous idiot. You wouldn't turn your valuable car over to someone you don't know, don't know the rep of, so, why do people stupidly do as much with their computers?!?!?

    Cheers, and all good wishes.
     
  4. talmy macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #4
    Might fall on deaf ears. The OP posted this 6 years ago and hasn't logged back in since then.

    Hint -- click on the OPs name to get their stats. Don't waste your time with a screed if they aren't around.
     
  5. Gwenog macrumors newbie

    Gwenog

    Joined:
    Oct 8, 2012
    Location:
    Tokyo, Japan
    #5
    This, unowen, definitely has NOT fallen on deaf ears. Last week's Wanna Cry virus and a huge recees cup holding paid lackey attacking Net Neutrality demonstrates just how important all you have said up in here is.

    Here in Japan where Wanna Cry hit hard, people are just coming to realize how hard they've been hoodwinked with all the PC stuff and 'anti-virus' stuff they've paid dearly for all these decades. Nobody in my Mac users group has been victimized and none of us has any of that 'anti-virus' stuff. We do as you said, use lots of common sense especially concerning emails, and we do updates whenever they come out. That 'green check' was new to me though, that's really good advice I'm sharing.

    Hola VPN was recommended to me about four years ago by a good friend, I used it a lot for about a year or two as I am in Japan and needed to connect with US stuff. I stopped using it about two years ago, not because I'd heard anything about it but because I naturally gravitated to Apple TV and, for better or worse, all the election related stuff going on my net subscriptions. About a month ago I recommended it to guys in my group looking to connect with stuff going on in countries like France and England where their relatives or friends are or their interests lie. They complained the free app kept asking them to pay after a week or so. They tried reinstalling it and the same thing happened after a few days so they asked me to research it. I usually go to Macrumors first, so I did and saw your piece up in here. I immediately uninstalled Hola and had my guys do so as well. This is a good lesson on keeping up with tech changes, none of us should expect things to remain the same longer than six months, we need to be vigilant about all we use even though it's our lovely, tough and integrated Macs, iPads and iPhones.

    So how is your experience with ExpressVPN going? I notice it's about $10 per month, a bit pricey so I'd like your update before I try that one. They have a 30 day money back guarantee it seems.

    Thanks again!
     
  6. decuser, Jul 3, 2017
    Last edited: Jul 3, 2017

    decuser macrumors newbie

    Joined:
    May 30, 2011
    #6
    Second;related to the first, is - unlike PC's, you don't need to run anti-malware, virus, etc., as long as you have a brain.

    Your assessment is somewhat correct. Novices do not need to be rooting and worrying about viruses. Malware is another story. You seem to want to define malware as software designed with malicious intent. However, in this day and age of surveillance and spyware, this might be naive...

    I run LittleSnitch and you'd be astounded how much Mac software is phoning home, or who knows where, and for what reason - Acrobat, MS Office, and so on and so forth are dialing out often and regularly. Office 365, in particular tries about a dozen times every times it's opened. Contrary to MS assurances that you don't "need" to be connected for the software to work (technically, legally accurate statement, but if you are connected, MS will gladly dial out many times per use).

    Racoon - which is a system process and the subject of the original question, is alive and well in 2017, and no - it really shouldn't be needing to be pinged from an external server every 5 minutes while you are connected to a VPN, but that said, here's what raccoon is - don't block it unless you have to. It is your Mac's IKE Daemon, IKE stands for Internet Key Exchange and is part of IPsec (Internet Protocol Security), it's basically the key exchanger. Although it's a dated protocol it's what you got.
     

Share This Page