[OS X TeX] OT: effective Macintosh Trojan in the wild

Claus Gerhardt gerhardt at math.uni-heidelberg.de
Thu May 5 13:23:27 CEST 2005


I noticed these attempts too. From the ip addresses I can tell that  
they are from my internet provider. If they are legitimate or not and  
don't know, but the connection isn't affected by my stealth settings.

With regard to antivirus software. I use Sophos Anti Virus and  
recommend it strongly. Though I guess individual licenses aren't  
possible. I am getting it under our university site license.

Claus


On May 5, 2005, at 9:07, Bruno Voisin wrote:

> Be it connected or not, since activating, in Tiger, firewall  
> logging and stealth mode, I'm now seeing bursts of port scanning  
> now and then, whether I'm at home on an AirPort network or (what's  
> more worrying) at work protected in principle by several layers of  
> university firewalls. ipfw.log contains many bursts of lines like  
> (10.0.1.2 is an address on my AirPort network, and I'm hiding the  
> other IPs to not get a poor guy's address showing up on Google) :
>
> May  5 08:32:29 Portable-de-Bruno ipfw: Stealth Mode connection  
> attempt to TCP 10.0.1.2:49987 from [...].73.26:80
> May  5 08:32:29 Portable-de-Bruno ipfw: Stealth Mode connection  
> attempt to TCP 10.0.1.2:49986 from [...].73.26:80
> May  5 08:32:34 Portable-de-Bruno ipfw: Stealth Mode connection  
> attempt to TCP 10.0.1.2:49965 from [...].87.2:80
>
> Scary! (I hope I'm not misinterpreting these messages as port scan  
> attempts.)
>

--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
           & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>





More information about the macostex-archives mailing list