 |
 |
AFP problem?
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2002
Location: Oakland, CA, USA
Status:
Offline
|
|
hello-
I've been getting entries like this in my logs:
Nov 2 14:32:21 laptop mDNSResponder[236]: 8279: WARNING! Bogus client application has now registered 3 identical instances of service Da Laptop._afpovertcp._tcp.local.
anybody know what might be causing this?
I'm running 10.2.1 on an Airport-equipped Pismo, with Personal File Sharing and the built-in Firewall turned on.
thanks in advance-
Mike
|
|
|
| |
|
|
|
|
|
|
|
Administrator  Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
I've done some research on your problem, and it looks to me like you've been hacked. The scenario I see is that somebody has slipped through your firewall (maybe through your wireless network rather than your Internet connection) and has been playing with your computer. Bogus clients are a pretty good indicator that somebody's dropped a malicious payload in your computer.
Unfortunately I have no experience with cleaning a Mac running OS X of any kind. Maybe others can give you help there.
|
|
Glenn -----
OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2002
Location: Oakland, CA, USA
Status:
Offline
|
|
Originally posted by GHPorter:
I've done some research on your problem, and it looks to me like you've been hacked.
yeah, that's kind of what i thought, but i was hoping it wasn't the case. crap. i don't see anything unusal in /System/Library/StartUpItems, but i have to admit i'm no expert (obviously).
thanks for your input-
mike
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2000
Location: Brooklyn, NY, USA
Status:
Offline
|
|
I'm seeing these messages correlating (somewhat) with network connections switching from Ethernet to Airport and even from Airport hosts to other Airport hosts (manually triggered by me). This does not mean that we're not being hacked (by some Trojan) merely that the issue announces itself in the console at that time. The message I get is like:
Nov 4 04:58:41 Titan mDNSResponder[287]: 7839: WARNING! Bogus client application has now registered 4 identical instances of service Titan._afpovertcp._tcp.local.
Does anyone know if this is actually some kind of backdoor issue or merely MacOS X being stupid with a filesharing daemon's port?
How can we better track down what is happening?
TIA
Originally posted by kidfrostbite:
yeah, that's kind of what i thought, but i was hoping it wasn't the case. crap. i don't see anything unusal in /System/Library/StartUpItems, but i have to admit i'm no expert (obviously).
thanks for your input-
mike
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2002
Location: Oakland, CA, USA
Status:
Offline
|
|
I wonder if it is just rendezvous being stupid - when i shut down the other mac on my network i don't get that in my log anymore.
the weird thing is that i didn't get the same message on the other mac (which is connected by ethernet), and the laptop would get them even when the other mac was sleeping with nobody logged in.
hmmm...
mike
|
|
|
| |
|
|
|
|
|
|
|
Administrator Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
This is the confusing part-is the other computer hosed, hacked, confused, or just wierd? Is it a strange interaction between the two machines due to a Rendezvous configuration problem (or bug)? I am certainly not in a position to be able to say, but I'll bet that the other computer is where you should start investigating.
|
|
Glenn -----
OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2002
Location: Oakland, CA, USA
Status:
Offline
|
|
I think you're right, I should probably have a longer, harder look at the other mac. this is fun.
mike
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
