Help, my Mac is under attack!
Though not a tinfoil hat type, I do take reasonable security precautions on my Mac. That is, in addition to running ClamXav, OS X’s Firewall and Stealth mode are active, while automatic login is turned off.
Thereupon, ClamXav finished its daily scheduled run the other night and I’ve set it up so that Console (Applications > Utilities) launches automatically to report what if anything has been found — nothing, occasionally a phishing heuristic shows up in Mail. However, for whatever reason (it seems to be related to Boxee Media Manager), Console also spawned a network monitoring window displaying a scrolling list of notifications (shown above).
Holy cow! Someone’s polling ports on my Mac, looking for a way in — I’m under attack!
Well, kind of…
This Apple Support Forum Thread has a rather reasonable explanation of where this “unsolicited” network traffic is coming from:
What usually generates these is the action of navigating away from a site while that site is attempting to communicate with your browser. This can be anything from clicking on a link before the page is finished loading to navigating away while a banner ad or other animation is running.
If you do a reverse DNS lookup on some of your addresses you’ll come up with sites like Google and doubleclick.net…
In short, don’t be concerned about them.
And, for what it’s worth, the IP address in the screen cap directs to google.com.
Your clicks give you away
If you make OS X Stealth Mode active, it will block unsolicited networking connections. You can see the advertisers, data miners and trackers trying to work their voodoo in Console. If Stealth Mode is turned off, these connections will be successful — you can see that in Console, too.
In other words, people you don’t know monitoring you can’t be a good thing — turn on OS X’s Stealth mode. Be informed, take reasonable precautions and be well…
What’s your take?