Some process does ICMP port scan on my OSX box and I am afraid my Mac got a virus

Posted by Jamgold on Stack Overflow See other posts from Stack Overflow or by Jamgold
Published on 2011-01-10T23:50:45Z Indexed on 2011/01/10 23:53 UTC
Read the original article Hit count: 286

Filed under:
|
|

I noticed that my 10.6.6 box has some process send out ICMP messages to "random" hosts, which concerns me a lot.

when doing a tcpdump icmp I see a lot of the following

15:41:14.738328 IP macpro > bzq-109-66-184-49.red.bezeqint.net: ICMP macpro udp port websm unreachable, length 36 15:41:15.110381 IP macpro > 99-110-211-191.lightspeed.sntcca.sbcglobal.net: ICMP macpro udp port 54045 unreachable, length 36 15:41:23.458831 IP macpro > 188.122.242.115: ICMP macpro udp port websm unreachable, length 36 15:41:23.638731 IP macpro > 61.85-200-21.bkkb.no: ICMP macpro udp port websm unreachable, length 36 15:41:27.329981 IP macpro > c-98-234-88-192.hsd1.ca.comcast.net: ICMP macpro udp port 54045 unreachable, length 36 15:41:29.349586 IP macpro > c-98-234-88-192.hsd1.ca.comcast.net: ICMP macpro udp port 54045 unreachable, length 36

I got suspicious when my router notified me about a lot of ICMP messages that don't get a response

Does anyone know how to trace which process (or worse kernel module) might be responsible for this?

I rebooted and logged in with a virgin user account and tcpdump showed the same results.

Any dtrace magic welcome.

Thanks in advance

© Stack Overflow or respective owner

Related posts about osx

Related posts about virus