Welcome to the MacNN Forums.

Sage · Dec 21, 2007, 12:47 AM

I’m at my parents’ house – I only have my power cable and Apple modem hooked into my computer (we can only get dial-up here). Airport and Bluetooth are off. So, what’s this?

When I click on it, nothing happens.

I don’t know if this is related in any way at all, but about a week ago I tried to connect to my work’s LAN, and now about once a day DirectoryServices spirals out of control (CPU activity hits about 190%) and I have to force shut down my MacBook.

(BTW, I don’t know anything about networking, so use dumb language please.)

mduell · Dec 21, 2007, 01:17 AM

Given the hostname it's probably some machine at your ISP. I wouldn't worry about it.

Sage · Dec 21, 2007, 11:39 PM

Okay, thank you!

hwojtek · Dec 22, 2007, 11:56 AM

I would say it is a major privacy bug. And I mean major.
This has never happened to me when using Tiger. Now all my Leopards Macs keep showing Macs from all around my ISP's network. It's insane.
The same thing goes for iTunes. I can actually play back other people's libraries, and their computers are remote (not on my internal 192.168.0.x network I have at home). They are connected to the Internet and have public IP addresses. I thought this "feature" of sharing iTunes' libraries over the Internet is long gone, from about iTunes2.

I am too scared to turn on iPhoto at all. It won't take long to recognize my wife, my cars and my house, so somebody would just drop in to check if my $10k home cinema setup is still available for pickup - while I am away.

I don't want anybody to even know my computers are turned on, not to mention lurk into my Libraries or have my full name and IP address easily available with a few clicks.

However, I do really need Apple sharing turned on in my network. How do I prevent Bonjour propagation, so it computer names will not spread beyond my 192.168.0.x internal network?

Damn, an out-of-the-box Windows PC is more stealth to it's Windows brothers than a brand new, Leopard-equipped Mac to another of its' kind.

mduell · Dec 22, 2007, 09:42 PM

If you have a private IP space (like 192.168), nobody outside your router is going to see your shares. The only shares you see on your ISP's network are people who are plugged right into their modems.

Big Mac · Dec 22, 2007, 10:13 PM

Network used to show your own Mac to you for some reason. That also may be what you're seeing. If you open Terminal you'll probably find that 64.0.0.0.ptr.us.xo.net is listed at the prompt instead of your usual computer name. That seems to happen at times with direct connections.

mduell · Dec 22, 2007, 10:54 PM

Originally Posted by Big Mac

Network used to show your own Mac to you for some reason. That also may be what you're seeing. If you open Terminal you'll probably find that 64.0.0.0.ptr.us.xo.net is listed at the prompt instead of your usual computer name. That seems to happen at times with direct connections.

That's a good point, although I'd expect his hostname to be more like 64.123.45.67.ptr.us.xo.net.

Tomchu · Dec 23, 2007, 03:19 AM

hwojtek: I call bullshit. Bonjour doesn't (or at least isn't configured by default to) work over WANs.

hwojtek · 10:04 AM

I know it. But I am pretty sure, there is a bug in Leopard implementation of Bonjour:

The highlighted area shows two libraries (!!!) available to me. Limewire, AFAIK, uses Bonjour as well as iTunes do. However:
- I do not know any of the two girls who own these libraries,
- their computers are not connected to my home network (but to my ISPs network) - and I am really, really sure of this,
- if they are hooked up to the Internet directly, I shouldn't be seeing their Bonjour-shared libraries at all, right?

Well, I do.

OK. Maybe they cannot see me. But I can see them. Isn't it a privacy issue?
All my three default installations of Leopard (erase & install) show the same thing. At home, at hotspots, at airports. I didn't do anything with my network settings and go automatic all the way. I don't know if anybody has been hit by this thing, but I think yes. And I do think this is really a serious issue.

ghporter · Dec 23, 2007, 10:32 AM

The only time I've ever seen other people's libraries in iTunes is when we're both on the same LAN-like the wireless LAN at school. I've seen one just disappear as another person packed up his computer too. Whether this has to do with Bonjour or something else, shared iTunes libraries are a different animal from other resources on your computer, and as far as I know not a security threat in any way.

So hwojtek, what is your LAN IP? Are you 100% certain that you're not on someone else's wireless LAN? That NOBODY else is on your wireless LAN? I would not be at all concerned about the privacy issue involved in shared iTunes libraries until I was completely satisfied that there was no mixing of LANs going on-which IS a serious security threat.

mduell · Dec 23, 2007, 01:31 PM

Looks like an ISP issue... some ISPs use private network spaces for their DSL/cable modems and don't block internal traffic.

ghporter · Dec 23, 2007, 05:51 PM

Originally Posted by mduell

Looks like an ISP issue... some ISPs use private network spaces for their DSL/cable modems and don't block internal traffic.

That is the same sort of thing that cost a lot of cable ISPs business. Seeing your neighbor's hard drive kind of tells you he can see yours (and only a few years ago it was the default for Windows machines to be visible...). My DSL ISP is AT&T, and even back when I signed up (2000) they were very good about isolating customers from each other. But if there is some sort of "slop over" at the ISP level, that opens THEM up for some pretty nasty lawsuits. Privacy invasion, enabling identity thieves, etc. Not good for them.

Tomchu · Dec 23, 2007, 10:45 PM

You would "see" your neighbour's hard drive (and vice-versa) only if your neighbour was sharing it without any kind of protection. In that case, your neighbour (or you, in the vice-versa case) is an idiot. :-P

As long as customers aren't seeing each other's traffic (and they wouldn't on any typical Cable/DSL connection), it doesn't matter what IP space ISPs assign to their customers. It's no different getting a 192.168.XXX.XXX IP from your ISP that is translated somewhere upstream than getting a direct Internet IP. From the point of convenience for power users, it sucks, but security-wise, there is no difference.

As for the guy above seeing other people's iTunes libraries ... I'd say someone's on your wireless, or you're on someone else's. :-P Figure out the IPs of those shared resources -- that'll tell you more.

hwojtek · Dec 24, 2007, 10:12 AM

The point is, my wireless is totally immune. Nobody on my WiFi, I can guarantee that. I can turn it off anyway and go wired - same thing happens. My private address space at home is 192.168.0.x - quite usual a setup, in fact. However, my router acquires IP address from my ISP and it's 85.221.176.x ;-) - so you see, a totally "public", Internet IP address.

Also, I'm not on somebody elses WiFi - unless somebody else got a hidden (no SSID) network named exactly as mine and used an exactly the same WPA2 password - but mine is machine-generated and 32-chars long. That would be a miracle and I should be called a saint.
OK, kidding - there is no wireless network around here except for mine. Netstumbler doesn't show any activity except my own network. And my router doesn't show more than 5 of my wireless machines as the clients as I type.

But the main concern I got is that it's not only happening at home. I could see a lot of Macs in my Finder last Sunday on Frankfurt/Main Airport (no pun intended). Same thing happened in Munich on Wednesday night. And I was using T-Mobile's hotspot, and I got an IP address of 172.x.x.something.

And... it has NEVER happened with Tiger.

I need explanations. Help me.

Big Mac · Dec 24, 2007, 12:53 PM

If others on the same local network have file sharing turned on, you'll see what they're sharing. The iTunes shares you're seeing on your private line are more difficult to explain.

mduell · Dec 24, 2007, 01:09 PM

Your router may get a public IP from the cable/DSL modem, but the cable/DSL modem may still have a private IP from your ISP.

Jesus On Cheese · Dec 25, 2007, 09:46 PM

This is awesome. You should take full advantage. But first turn off all your sharings, and enable the firewall. The download one of those programs that lets you copy music that's shared with iTunes. Hopefully, they will share their movies and p0rn libraries, too

PS. IANAL, but this might be illegal.

hwojtek · Dec 25, 2007, 10:34 PM

Originally Posted by mduell

Your router may get a public IP from the cable/DSL modem, but the cable/DSL modem may still have a private IP from your ISP.

I don't get it, would this mean my modem (all modems of my ISP) have private IP(s)?
My knowledge of IP routing (and I do have a router, not a bridge) says, that I will not be able to see this layer, since all the trafiic from my internal network (private IPs) has been routed into public network.
To get back into another private network, I my traffic would need to be routed back into it, and still I would only be able to see a modem - not a shared library or computer in Finder.

Anyway - as I've written before, it is not only happening on my ISPs network. I've tried it in 4 countries and countless hotspots.

seanc · Dec 26, 2007, 08:42 PM

I can understand it happening on wireless hotspots and on LANs, happens all the time at college when I'm on the LAN running iTunes.

But if this really is somehow happening over the internet, that's a problem. Is your ISP a big brand or a small local one?

hwojtek · Dec 27, 2007, 09:00 AM

AFAIK they got about 100k customers in western Poland. Rather a smaller provider I'd say.

I will take one of my computers to my friends house and check on his DSL.

hwojtek · Jan 1, 2008, 12:30 PM

OK, I'm gettin' sick of it.

On this picture you can see myself connecting to a remote library. By remote I mean it is not on my LAN and (as far as I am concerned) the sole IP address that links me to the outside world is my WAN, Internet IP:

Still nobody on my WiFi, for sure (I kept checking my router while actually playing things from this guys' library!)
If it has any meaning, I've found that if I unplug the cable from my modem, it announces 192.168.100.x as the WAN address to the router... And my internal network is 192.168.0.x, so maybe this is the reason? Is it possible for a cable modem to have TWO addresses at the same time?
Still, I don't know how it was not happening in Tiger and it now happens in Leopard.

Anybody so kind to point me to Apple, Inc. Network Complaints Department?

ghporter · Jan 1, 2008, 12:52 PM

Open System Preferences and select "Sharing." Click on the "Firewall" button. Start the firewall and make sure the "iTunes Music Sharing" checkbox is NOT checked. You're done. That should completely block iTunes from sharing out your library or finding other people's.

I'm still not sure how it's weaseling it's way out (or in), but that should help a bit.

hwojtek · Jan 1, 2008, 04:52 PM

Yhm, on Leopard there's no "Firewall" in Sharing, it has been moved to "Security". Also, it doesn't work as you've described when started from there either, but anyway... I want to share my Libraries among my computers in my home network. :-)
Turning of a feature in order to get it working properly would be a typically Microsoftish solution.

And what it would do, it would black all the traffic on the ports used by Bonjour, right? OK, I've done it on my router.

dimmer · Jan 5, 2008, 01:29 AM

I'll bet the systems you are seeing are on the same subnet as you are, and with the changes to Bonjour to support Wide Area Bonjour in Leopard it's just becoming noticeable.

For a little more detail: your home network is using a private, non-routable IP subnet (192.168.x.x) -- everything you communicate with outside of your home network is done via your public IP address (the outbound IP address on your router). It's highly likely that your ISP hasn't given you your own public subnet (of four addresses minimum), but rather has assigned you a single IP address from a larger subnet (from a class C for example).

Previous versions of Bonjour, I assume, didn't know how to handle NAT'ed addressing correctly: so if you had a subnet of your own and used NAT on one of those addresses to support more systems than you had addresses for you were SOL if you wanted to stream from a system behind the NAT device to one outwith it. A bad thing.

Now, Bonjour appears to work as it should behind NAT: using the public, routable addresses (via UPnP?) to advertise shared services. A good thing.

So, you will "see" and be able to connect to other users assigned addresses from your ISP to other customers in the same subnet. Note that these users are NOT sharing your bandwidth, just an IP space: other than being on the same sub, they are just the same as any other system on the internet. So your ISP should NOT be doing any "filtering" or "firewalling" between the two: your ISP is delivering a connection and that's it.

In effect, everything is working just as it should. No reason to complain to Apple or your ISP. If you don't want folks on the internet to be able to see your photos or share your music go ahead and turn off those ports of your router (note that blocking Bonjour isn't really shutting down access to these shares, just making them harder to discover - and blocking Bonjour will make your use of "Back to my Mac" not work. The port addresses used by each Apple service are well documented on Apple's support site and elsewhere on the internet.

Is this a "security issue"? Not really. If anything it's letting you know what services you are pushing out to the internet, and allowing you to accommodate for that as you see fit.

Hope this helps...

hwojtek · Jan 5, 2008, 12:32 PM

Dimmer - I owe you one. Claim your water/milk/beer/whisky whenever you hit continental Europe.

nrg5698 · Jan 9, 2008, 02:51 PM

It does look like a Bonjour thing. I could see different Airport base stations using the Airport utility. The IP's for the devices were only on a 66.66.x.x subnet, probably all of my neighbors on the same subnet from our ISP. It really freaked me out, but in the next week they all dissapeared, it may be something I changed while at work, something that affected Bonjour.

hwojtek · Jan 9, 2008, 07:38 PM

I am in SAS Radisson hotel in Frankfurt, Germany, connected to WiFi, available to hotel customers.
As you can see below, I can put pretty anything I want into a computer that has appeared in my 'Shared' section of the Finder:

Anything I could have dropped on this computer might be used as evidence in court. This IS a serious privacy issue.

ghporter · Jan 10, 2008, 12:21 AM

I agree that this is a problem, but the default dropbox that is what anyone who has enabled sharing has visible is probably not going to be very useful in court. It's gotta be something to do with Bonjour, but I haven't been able to find out how to manage what Bonjour does.