|
|
Apple Hack
|
|
|
|
Grizzled Veteran
Join Date: Nov 2001
Location: Seattle
Status:
Offline
|
|
I've caught Apple trying to hack into my machine. Does anybody know why this is happening?javascript :smilie(' ')
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jan 2003
Status:
Offline
|
|
Originally posted by Back up 15 and punt:
I've caught Apple trying to hack into my machine. Does anybody know why this is happening?javascript:smilie('')
Do tell how you caught Apple hacking into your machine and please be detailed, this sounds interesting.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Apr 2001
Location: Camarillo, CA
Status:
Offline
|
|
Originally posted by Back up 15 and punt:
I've caught Apple trying to hack into my machine. Does anybody know why this is happening?javascript:smilie('')
Do you know why??? Were they trying to check your porn stash? Or was it just because they accidentally deleted every copy of one of the OS X drivers, and as a result needed to connect to your system as the only means of getting this essential file???
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Nov 2002
Location: Barcelona, Spain
Status:
Offline
|
|
I've caught Apple trying to hack into my machine. Does anybody know why this is happening?
You appear to be a little clueless to catch Apple 'hacking' you HaxoR BoXeN. But I think they could be looking for all that porn and warez you downloaded from LimeWire ... did you remember to delete all the secret files described in the attached *.txt files?
Nice joke anyways.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2001
Location: brooklyn ny
Status:
Offline
|
|
that's not funny. i have found apple employees going thru my garbage cans...
and there's a guy who looks exactly like steve j. who's been outside cleaning my window for about 3 days...
should i delete my safari v64????
|
"At first, there was Nothing. Then Nothing inverted itself and became Something.
And that is what you all are: inverted Nothings...with potential" (Sun Ra)
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2000
Status:
Offline
|
|
Originally posted by fisherKing:
that's not funny. i have found apple employees going thru my garbage cans...
and there's a guy who looks exactly like steve j. who's been outside cleaning my window for about 3 days...
should i delete my safari v64????
I'd do whatever I could to keep Steve Jobs around my house. Especially if he's washing my windows.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2001
Location: Seattle
Status:
Offline
|
|
Originally posted by miykael:
Do tell how you caught Apple hacking into your machine and please be detailed, this sounds interesting.
I use a hardware router that will email me everytime somebody tries to get into my system. It provides me with the IP address of the hacker and the type of intrusion. The IP address in this case is 17.250.248.32. If you type this IP address into your browser it brings up the .Mac page. As of this time I haven't contacted Apple to find out why they need to get into my system.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2000
Location: New York, NY
Status:
Offline
|
|
What port are they trying to come in on? Do you have .Mac email you're checking? Perhaps when you connect via POP3/IMAP they are trying to ident your client.
Ident is a service that you can run on your machine that listens on port 113. When you connect to a web server for example, the server then connects to your ident server. They provide a tcp port (e.g. the port you're using to connect to them) and your ident server returns a string which identifies the user making the request.
The port will identify the service they are trying to use and shed much light on the situation.
That IP resolves to this hostname:
/Users/clay-> nslookup 17.250.248.32
Server: ns1.vzavenue.net
Address: 66.171.36.251
Name: A17-250-248-32.apple.com
Address: 17.250.248.32
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2000
Location: New York, NY
Status:
Offline
|
|
I don't have any apple IPs on my incoming access log, and I am a .Mac user. I both checked my email and logged in to the .Mac site.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2001
Location: Salt Lake City, UT USA
Status:
Offline
|
|
Originally posted by bradoesch:
I'd do whatever I could to keep Steve Jobs around my house. Especially if he's washing my windows.
Y'know, I don't think Steve would be doing anything with Windows, period. I don't have it so he can't do anything to my Windows!
|
2008 iMac 3.06 Ghz, 2GB Memory, GeForce 8800, 500GB HD, SuperDrive
8gb iPhone on Tmobile
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2001
Location: Seattle
Status:
Offline
|
|
Originally posted by quadgrande:
What port are they trying to come in on? Do you have .Mac email you're checking? Perhaps when you connect via POP3/IMAP they are trying to ident your client.
Ident is a service that you can run on your machine that listens on port 113. When you connect to a web server for example, the server then connects to your ident server. They provide a tcp port (e.g. the port you're using to connect to them) and your ident server returns a string which identifies the user making the request.
The port will identify the service they are trying to use and shed much light on the situation.
That IP resolves to this hostname:
/Users/clay-> nslookup 17.250.248.32
Server: ns1.vzavenue.net
Address: 66.171.36.251
Name: A17-250-248-32.apple.com
Address: 17.250.248.32
The following information is part of several emal messages that I have received from my router. If I read the messages corretly they are trying to access port 80.
To:17.250.248.32 |attack |block
| 07:26:57 |TCP src port:49186 dest port:00080 |ports scan |
To:17.250.248.32 |attack |block
| 14:31:43 |TCP src port:50715 dest port:00080 |ports scan |
To:17.250.248.32 |attack |block
| 14:13:07 |TCP src port:50362 dest port:00080 |ports scan |
To:17.250.248.32 |attack |block
| 07:40:30 |TCP src port:49186 dest port:00080 |ports scan |
To:17.250.248.32 |attack |block
| 18:02:33 |TCP src port:50974 dest port:00080 |ports scan |
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2001
Status:
Offline
|
|
Port 80 is standard for http/web servers.
You can't call entering a URL or IP into a web browser a hacking attempt.
|
Stink different.
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2001
Location: Seattle
Status:
Offline
|
|
Originally posted by stew:
Port 80 is standard for http/web servers.
You can't call entering a URL or IP into a web browser a hacking attempt.
I have done absolutley nothing. In fact, I turn my machine off at night and when I power it up in the morning I receive these occasional emails. I wonder, could these email's be a result of email rendering HTML?
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jan 2003
Status:
Offline
|
|
When it says "TO:(apple's address)", wouldn't that mean that it is blocking a packet FROM somebody TO apple's web server?
It would make no sense for a webserver to start sending you packets. I think the firewall is misconfigured or has goofed up. Is there no config option in the firewall to have it output a more thorough report (the TCP flags, packet contents, etc)?
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 2000
Location: The Basement
Status:
Offline
|
|
It's most likely the illegal Apple software you are running, phoning home. Delete the software and your problems should go away. After it phone home they might try to check.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2001
Location: Seattle
Status:
Offline
|
|
This has nothing to do with any illegal Apple software. I just discovered that when I open up the email from Apple containing the .Mac OS X training information that many of us received, is what is causing my router to claim an attack is in progress. It works everytime. Don't ask me why at this point but I think it needs to be further investigated. Has anybody else out there with a router that has logging experiencing the same thing?
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Originally posted by Back up 15 and punt:
This has nothing to do with any illegal Apple software. I just discovered that when I open up the email from Apple containing the .Mac OS X training information that many of us received, is what is causing my router to claim an attack is in progress. It works everytime. Don't ask me why at this point but I think it needs to be further investigated. Has anybody else out there with a router that has logging experiencing the same thing?
Maybe the e-mail is in HTML and contains a graphic that is stored on that Apple server.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Capitol City
Status:
Offline
|
|
why would it go OUT on port 80? web browsers don't make requests out of port 80, the webserver answers them over that port.
Maybe Mail.app makes http requests over port 80. That seems kind of weird, but thats what it sounds like is happening.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2000
Status:
Offline
|
|
Originally posted by Back up 15 and punt:
The following information is part of several emal messages that I have received from my router. If I read the messages corretly they are trying to access port 80.
To:17.250.248.32 |attack |block
| 07:26:57 |TCP src port:49186 dest port:00080 |ports scan |
To:17.250.248.32 |attack |block
| 14:31:43 |TCP src port:50715 dest port:00080 |ports scan |
To:17.250.248.32 |attack |block
| 14:13:07 |TCP src port:50362 dest port:00080 |ports scan |
To:17.250.248.32 |attack |block
| 07:40:30 |TCP src port:49186 dest port:00080 |ports scan |
To:17.250.248.32 |attack |block
| 18:02:33 |TCP src port:50974 dest port:00080 |ports scan |
Please read this a little more carefully... that says the connections are going to Apple, not from Apple. It says the connection is coming from your machine (port 50974, dynamically allocated port), to the Apple machine on port 80 (a webserver).
It is loading the pretty images in your .Mac email from Apple's website.
Nothing suspicious at all, except that the configuration of your router is brain dead.
- proton
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2002
Location: Winnipeg
Status:
Offline
|
|
hahaha oh my... I needed to read a dumb post today thanks guys
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2001
Location: Seattle
Status:
Offline
|
|
Originally posted by proton:
Please read this a little more carefully... that says the connections are going to Apple, not from Apple. It says the connection is coming from your machine (port 50974, dynamically allocated port), to the Apple machine on port 80 (a webserver).
It is loading the pretty images in your .Mac email from Apple's website.
Nothing suspicious at all, except that the configuration of your router is brain dead.
- proton
Actually there is more to it than that. This only happens when I display the email in OS X Mail application. The same email does not generate this router message when displayed in Entourage. Go figure?
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jul 2001
Location: New York, NY
Status:
Offline
|
|
Originally posted by Back up 15 and punt:
Actually there is more to it than that. This only happens when I display the email in OS X Mail application. The same email does not generate this router message when displayed in Entourage. Go figure?
My bet? It did do it the first time you opened the message in entourage, it's just that Entourage probably cached everything a little better than Mail did, so it didn't have to look for the graphics again.
|
cpac
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2001
Status:
Offline
|
|
There's nothing wrong, they're just remotely removing the debug code from your OS X installation...
|
Stink different.
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2000
Status:
Offline
|
|
Originally posted by SirCastor:
Y'know, I don't think Steve would be doing anything with Windows, period. I don't have it so he can't do anything to my Windows!
Hahaha, I never caught on to the physical windows and ms windows.
Originally posted by stew:
There's nothing wrong, they're just remotely removing the debug code from your OS X installation...
Thanks, I needed a laugh like that tonight!
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Yokohama, Japan
Status:
Offline
|
|
Uh oh, this is very serious. Please make a tinfoil hat to keep Apple from monitoring your brain waves. Also, be on the look for black helicopters.
They come for you at night.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Feb 2003
Location: columbus, oh
Status:
Offline
|
|
Oh no! Spyware in OS X! Run for the hills!
|
"Another classic science-fiction show cancelled before its time" ~ Bender
15.2" PowerBook 1.25GHz, 80GB HD, 768MB RAM, SuperDrive
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2002
Location: Right Here
Status:
Offline
|
|
Originally posted by SirCastor:
Y'know, I don't think Steve would be doing anything with Windows, period. I don't have it so he can't do anything to my Windows!
Aw, beat me to it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|