[Back up 15 and punt]

I've caught Apple trying to hack into my machine. Does anybody know why this is happening?javascript:smilie('')

[miykael]

Originally posted by Back up 15 and punt:
I've caught Apple trying to hack into my machine. Does anybody know why this is happening?javascript:smilie('')

Do tell how you caught Apple hacking into your machine and please be detailed, this sounds interesting.

[Bobby]

Originally posted by Back up 15 and punt:
I've caught Apple trying to hack into my machine. Does anybody know why this is happening?javascript:smilie('')

Do you know why??? Were they trying to check your porn stash? Or was it just because they accidentally deleted every copy of one of the OS X drivers, and as a result needed to connect to your system as the only means of getting this essential file???

[nsxpower]

I've caught Apple trying to hack into my machine. Does anybody know why this is happening?

You appear to be a little clueless to catch Apple 'hacking' you HaxoR BoXeN. But I think they could be looking for all that porn and warez you downloaded from LimeWire ... did you remember to delete all the secret files described in the attached *.txt files?

Nice joke anyways.

[fisherKing]

that's not funny. i have found apple employees going thru my garbage cans...
and there's a guy who looks exactly like steve j. who's been outside cleaning my window for about 3 days...

should i delete my safari v64????

[bradoesch]

Originally posted by fisherKing:
that's not funny. i have found apple employees going thru my garbage cans...
and there's a guy who looks exactly like steve j. who's been outside cleaning my window for about 3 days...

should i delete my safari v64????

I'd do whatever I could to keep Steve Jobs around my house. Especially if he's washing my windows.

[Back up 15 and punt]

Originally posted by miykael:
Do tell how you caught Apple hacking into your machine and please be detailed, this sounds interesting.

I use a hardware router that will email me everytime somebody tries to get into my system. It provides me with the IP address of the hacker and the type of intrusion. The IP address in this case is 17.250.248.32. If you type this IP address into your browser it brings up the .Mac page. As of this time I haven't contacted Apple to find out why they need to get into my system.

[quadgrande]

What port are they trying to come in on? Do you have .Mac email you're checking? Perhaps when you connect via POP3/IMAP they are trying to ident your client.

Ident is a service that you can run on your machine that listens on port 113. When you connect to a web server for example, the server then connects to your ident server. They provide a tcp port (e.g. the port you're using to connect to them) and your ident server returns a string which identifies the user making the request.

The port will identify the service they are trying to use and shed much light on the situation.

That IP resolves to this hostname:

/Users/clay-> nslookup 17.250.248.32
Server: ns1.vzavenue.net
Address: 66.171.36.251

Name: A17-250-248-32.apple.com
Address: 17.250.248.32

[quadgrande]

I don't have any apple IPs on my incoming access log, and I am a .Mac user. I both checked my email and logged in to the .Mac site.

[SirCastor]

Originally posted by bradoesch:
I'd do whatever I could to keep Steve Jobs around my house. Especially if he's washing my windows.

Y'know, I don't think Steve would be doing anything with Windows, period. I don't have it so he can't do anything to my Windows!

[Back up 15 and punt]

Originally posted by quadgrande:
What port are they trying to come in on? Do you have .Mac email you're checking? Perhaps when you connect via POP3/IMAP they are trying to ident your client.

Ident is a service that you can run on your machine that listens on port 113. When you connect to a web server for example, the server then connects to your ident server. They provide a tcp port (e.g. the port you're using to connect to them) and your ident server returns a string which identifies the user making the request.

The port will identify the service they are trying to use and shed much light on the situation.

That IP resolves to this hostname:

/Users/clay-> nslookup 17.250.248.32
Server: ns1.vzavenue.net
Address: 66.171.36.251

Name: A17-250-248-32.apple.com
Address: 17.250.248.32

The following information is part of several emal messages that I have received from my router. If I read the messages corretly they are trying to access port 80.

To:17.250.248.32 |attack |block
| 07:26:57 |TCP src port:49186 dest port:00080 |ports scan |

To:17.250.248.32 |attack |block
| 14:31:43 |TCP src port:50715 dest port:00080 |ports scan |

To:17.250.248.32 |attack |block
| 14:13:07 |TCP src port:50362 dest port:00080 |ports scan |

To:17.250.248.32 |attack |block
| 07:40:30 |TCP src port:49186 dest port:00080 |ports scan |

To:17.250.248.32 |attack |block
| 18:02:33 |TCP src port:50974 dest port:00080 |ports scan |

[stew]

Port 80 is standard for http/web servers.
You can't call entering a URL or IP into a web browser a hacking attempt.

[Back up 15 and punt]

Originally posted by stew:
Port 80 is standard for http/web servers.
You can't call entering a URL or IP into a web browser a hacking attempt.

I have done absolutley nothing. In fact, I turn my machine off at night and when I power it up in the morning I receive these occasional emails. I wonder, could these email's be a result of email rendering HTML?

[glasn0st]

When it says "TO:(apple's address)", wouldn't that mean that it is blocking a packet FROM somebody TO apple's web server?

It would make no sense for a webserver to start sending you packets. I think the firewall is misconfigured or has goofed up. Is there no config option in the firewall to have it output a more thorough report (the TCP flags, packet contents, etc)?

[brainchild2b]

It's most likely the illegal Apple software you are running, phoning home. Delete the software and your problems should go away. After it phone home they might try to check.

[Back up 15 and punt]

This has nothing to do with any illegal Apple software. I just discovered that when I open up the email from Apple containing the .Mac OS X training information that many of us received, is what is causing my router to claim an attack is in progress. It works everytime. Don't ask me why at this point but I think it needs to be further investigated. Has anybody else out there with a router that has logging experiencing the same thing?

[CharlesS]

Originally posted by Back up 15 and punt:
This has nothing to do with any illegal Apple software. I just discovered that when I open up the email from Apple containing the .Mac OS X training information that many of us received, is what is causing my router to claim an attack is in progress. It works everytime. Don't ask me why at this point but I think it needs to be further investigated. Has anybody else out there with a router that has logging experiencing the same thing?

Maybe the e-mail is in HTML and contains a graphic that is stored on that Apple server.

[DeathMan]

why would it go OUT on port 80? web browsers don't make requests out of port 80, the webserver answers them over that port.

Maybe Mail.app makes http requests over port 80. That seems kind of weird, but thats what it sounds like is happening.

[proton]

Originally posted by Back up 15 and punt:
The following information is part of several emal messages that I have received from my router. If I read the messages corretly they are trying to access port 80.

To:17.250.248.32 |attack |block
| 07:26:57 |TCP src port:49186 dest port:00080 |ports scan |

To:17.250.248.32 |attack |block
| 14:31:43 |TCP src port:50715 dest port:00080 |ports scan |

To:17.250.248.32 |attack |block
| 14:13:07 |TCP src port:50362 dest port:00080 |ports scan |

To:17.250.248.32 |attack |block
| 07:40:30 |TCP src port:49186 dest port:00080 |ports scan |

To:17.250.248.32 |attack |block
| 18:02:33 |TCP src port:50974 dest port:00080 |ports scan |

Please read this a little more carefully... that says the connections are going to Apple, not from Apple. It says the connection is coming from your machine (port 50974, dynamically allocated port), to the Apple machine on port 80 (a webserver).

It is loading the pretty images in your .Mac email from Apple's website.

Nothing suspicious at all, except that the configuration of your router is brain dead.

- proton

[Superchicken]

hahaha oh my... I needed to read a dumb post today thanks guys

[Back up 15 and punt]

Originally posted by proton:
Please read this a little more carefully... that says the connections are going to Apple, not from Apple. It says the connection is coming from your machine (port 50974, dynamically allocated port), to the Apple machine on port 80 (a webserver).

It is loading the pretty images in your .Mac email from Apple's website.

Nothing suspicious at all, except that the configuration of your router is brain dead.

- proton

Actually there is more to it than that. This only happens when I display the email in OS X Mail application. The same email does not generate this router message when displayed in Entourage. Go figure?

[cpac]

Originally posted by Back up 15 and punt:
Actually there is more to it than that. This only happens when I display the email in OS X Mail application. The same email does not generate this router message when displayed in Entourage. Go figure?

My bet? It did do it the first time you opened the message in entourage, it's just that Entourage probably cached everything a little better than Mail did, so it didn't have to look for the graphics again.

[stew]

There's nothing wrong, they're just remotely removing the debug code from your OS X installation...

[bradoesch]

Originally posted by SirCastor:
Y'know, I don't think Steve would be doing anything with Windows, period. I don't have it so he can't do anything to my Windows!

Hahaha, I never caught on to the physical windows and ms windows.

Originally posted by stew:
There's nothing wrong, they're just remotely removing the debug code from your OS X installation...

Thanks, I needed a laugh like that tonight!

[wataru]

Uh oh, this is very serious. Please make a tinfoil hat to keep Apple from monitoring your brain waves. Also, be on the look for black helicopters.

They come for you at night.

[OptimusG4]

Oh no! Spyware in OS X! Run for the hills!

[Anomalous]

Originally posted by SirCastor:
Y'know, I don't think Steve would be doing anything with Windows, period. I don't have it so he can't do anything to my Windows!

Aw, beat me to it.