Why is this showing up in my finder?

Discussion in 'macOS' started by lamemodem, Apr 22, 2008.

  1. lamemodem macrumors member


    Apr 5, 2005
    The "Shared" option keeps appearing in my sidebar when I connect to the internet. I've attached a screen shot so you can see, but basically some sort of network/neighborhood called "accp.citistreet.net" keeps appearing.

    I have DSL and plug an ethernet cable directly into my 24" Alu iMac running 10.5.2. I have no wireless routers in my house. My AirPort, internet sharing, and file sharing are all turned off. I've checked and rechecked them.

    The "Shared" option won't appear if I unplug my iMac from the internet and start it up. But as soon as I plug in the ethernet cable it will pop up. I've gone to citistreet.net and it appears to be a Citi bank web site. I do not have an account with Citi, nor do I visit their web sites. If I click on it it opens like a folder with nothing inside. If I select it and Get Info it says "Kind: Neighborhood."

    Obviously I'm worried someone could gain access to my computer. Is there a way to disconnect this network/neighborhood? Anyone know what it is?

    Attached Files:

  2. netnothing macrumors 68040


    Mar 13, 2007
    First off, please tell me you have your firewall turned on if your not using an type of router?

    Second....get a router ;)

    Are you in Quincy, MA?


    Maybe somehow this company is leaking a server out onto the net and you are seeing it?

    How long has it been happening?

  3. lamemodem thread starter macrumors member


    Apr 5, 2005
    My firewall is on and I'm not in MA.

    It was happening for a day or so. It's gone now and that doesn't seem to be because of anything I did.
  4. lamemodem thread starter macrumors member


    Apr 5, 2005
    Well, it's back again, if anyone has any ideas or thoughts on this.
  5. xraydoc macrumors demi-god


    Oct 9, 2005
    Its entirely possible that somewhere your ISP is running a machine with AppleShare turned on. Or one of your direct neighbors is. Are you certain that one of your neighbors isn't "borrowing" your internet connection?
  6. lamemodem thread starter macrumors member


    Apr 5, 2005
    I'm not 100% sure that one of my neighbor isn't "borrowing" my internet connection, but I'd be shocked. I don't know how'd they'd do it. I've got Verizon DSL coming into the house through the phone line, which hasn't been hacked or tapped outside, and the ethernet cable plugs directly into my iMac.
  7. Cromulent macrumors 603


    Oct 2, 2006
    The Land of Hope and Glory
    Then they can't borrow your internet connection unless they hack your machine.
  8. dejo Moderator


    Staff Member

    Sep 2, 2004
    The Centennial State
    Someone named "accp.citistreet.net" on the same subdomain of the ISP as you has their sharing turned on. They are at risk (since you can access their shared info), not you.
  9. lamemodem thread starter macrumors member


    Apr 5, 2005
    Interesting. Is there any way for me to block or disconnect them?
  10. EDWW macrumors member

    May 1, 2008
    It just started showing up today on my computer and it is just the same as described by lamemodem.It also seems to show up only on one of my accounts but not the other.I'm not sure what to do about it or if I'm at any risk.

  11. GGarbo macrumors newbie

    May 3, 2008
    unwanted citistreet file-share

    This same file-share showed up today just as lamemodem described; only difference is I'm using dial-up connection. Firewall zipped up tight, no shares.

    I've tried rebooting: the share disappears. Then tried connecting to ISP via modem, and used an SSH terminal session to read mail. The share showed up again.

    I wonder if the three of those reporting so far are using the same ISP? Mine is in the state of WA.
  12. puckhead193 macrumors G3


    May 25, 2004
  13. bankshot macrumors 65816


    Jan 23, 2003
    Southern California
    One way is to get a wired router (if you're absolutely sure you'll never want wireless) and put it between your Mac and the DSL line. I'm pretty happy with this one.

    To add to the above, you can determine if this is a computer near you by opening Terminal and doing traceroute accp.citystreet.net. If it's close by (in terms of network hops), there should be few or no routers between you and it. If there are several, then I'm stumped! :confused:
  14. GGarbo macrumors newbie

    May 3, 2008
    Unwanted share with accp.citistreet.net

    My ISP support had never heard of this one, but did say the Apple firewall is leaky, especially with AppleShares.

    He recommended a $25 shareware Leopard-compatible application called Little Snitch, which works with the firewall and guards all data leaving your machine. You have control, it appears of everything. It's a free download with three-hour free uses, then if you buy they send you a code to enter and activate it.

    I tried this, and the share went away. The URL is:

    Unless you're familiar with ports and services, you will probably need some help configuring Little Snitch to avoid turning off all communication. Again, my ISP was very helpful.
  15. tickell macrumors newbie

    May 5, 2008
    Problem (mostly) resolved.

    Disclaimer: I work for CitiStreet.

    First off, thank you to everyone who helped us debug this issue. We appreciate the time and effort to provide raw data and insight to us for analysis.

    The issue is not with a share named "accp.citistreet.net" actually existing but rather with the manner in which OS X is looking for services in DNS (http://www.dns-sd.org).

    Some systems decide to look for services advertised in the network space. It does this by looking for dns-sd PTR records (b._dns-sd._udp.0.0.72.in-addr.arpa).


    1) CitiStreet, owns (actually, we own

    No one who has seen this icon is related to Citistreet or on the Citistreet network, so I may only speculate as to why OS X is looking for services on this network.

    2) We use PTR records only to point IP addresses to host names.

    To this end, we mapped any unused IP to the same place holder, “accp.citistreet.net” (in the space).

    OS X saw this common response for the requested PTR, decided there was a valid share, and then displayed the icon.

    Thus, this was not an issue of leaked information or malicious activity. It was a strange confluence of events whereby OS X looked for advertised services in the wrong place and found something that it interpreted as a valid response.

    We are still trying to determine why Leopard looked to our network space for services. If it appears, in the end, to be an error, we’ll open a defect with Apple. Until that time, we have removed the common entry from our PTR records and the icon should stop appearing.

    Please feel free to send me any questions or comments.

    Thank you.

Share This Page