Some process does ICMP port scan on my OSX box and I am afraid my Mac got a virus
Posted
by
Jamgold
on Super User
See other posts from Super User
or by Jamgold
Published on 2011-01-10T23:50:45Z
Indexed on
2011/01/11
1:55 UTC
Read the original article
Hit count: 324
I noticed that my 10.6.6 box has some process send out ICMP messages to "random" hosts, which concerns me a lot.
when doing a tcpdump icmp I see a lot of the following
15:41:14.738328 IP macpro > bzq-109-66-184-49.red.bezeqint.net: ICMP macpro udp port websm unreachable, length 36
15:41:15.110381 IP macpro > 99-110-211-191.lightspeed.sntcca.sbcglobal.net: ICMP macpro udp port 54045 unreachable, length 36
15:41:23.458831 IP macpro > 188.122.242.115: ICMP macpro udp port websm unreachable, length 36
15:41:23.638731 IP macpro > 61.85-200-21.bkkb.no: ICMP macpro udp port websm unreachable, length 36
15:41:27.329981 IP macpro > c-98-234-88-192.hsd1.ca.comcast.net: ICMP macpro udp port 54045 unreachable, length 36
15:41:29.349586 IP macpro > c-98-234-88-192.hsd1.ca.comcast.net: ICMP macpro udp port 54045 unreachable, length 36
I got suspicious when my router notified me about a lot of ICMP messages that don't get a response
Does anyone know how to trace which process (or worse kernel module) might be responsible for this?
I rebooted and logged in with a virgin user account and tcpdump showed the same results.
Any dtrace magic welcome.
Thanks in advance
© Super User or respective owner