Tweet
I own a small business with 24 Macs and three PCs. Over the years I have had to learn and perform all my own IP work, including an email server, FTP, firewall, file servers, and setting up our LAN. I know enough to set all this up with reasonable security but I know nothing about serious computer coding, sniffing, etc. What occurred recently has never happened in 16 years of business, and I am very disturbed by it.
Recently I have been setting up an XServe and accidently found that my personal office Mac had a preference changed that allows remote access to my computer via ssh. I found this by simply exploring the network for servers. Imagine my surprise (and shock) when I found my computer was on the network! I also know enough that ssh allows remote access over the internet, so it is possible that someone from the outside has had access to my computer. I never would have turned this function on and have never seen a setting turn on by itself on any computer, ever. I believe that someone has somehow been able to access my computer and turned this function on in order to gain access to my computer either within the LAN or from outside. I believe this attack to be malicious.
I have been lurking the forum and realize that most are PC users, however I am hoping someone knows of a Mac or PC software application, or maybe another website or forum that is Mac specific, that can help me discover if there has in fact been an intrusion and if so, how to catch the culprit, and close the door once caught. My research so far points to a sniffing application. Google has not been much help. I do have a PC that I can use if there are not any good appications available for Macintosh.
This will be a deeper level of computer work than I have ever done before and will be a challenge to figure out, and frankly I would enjoy learning about this level of computing. If anyone has any suggestions on how I can learn to detect this intrusion I would appreciate any advice.
Thanks for your help.
Recently I have been setting up an XServe and accidently found that my personal office Mac had a preference changed that allows remote access to my computer via ssh. I found this by simply exploring the network for servers. Imagine my surprise (and shock) when I found my computer was on the network! I also know enough that ssh allows remote access over the internet, so it is possible that someone from the outside has had access to my computer. I never would have turned this function on and have never seen a setting turn on by itself on any computer, ever. I believe that someone has somehow been able to access my computer and turned this function on in order to gain access to my computer either within the LAN or from outside. I believe this attack to be malicious.
I have been lurking the forum and realize that most are PC users, however I am hoping someone knows of a Mac or PC software application, or maybe another website or forum that is Mac specific, that can help me discover if there has in fact been an intrusion and if so, how to catch the culprit, and close the door once caught. My research so far points to a sniffing application. Google has not been much help. I do have a PC that I can use if there are not any good appications available for Macintosh.
This will be a deeper level of computer work than I have ever done before and will be a challenge to figure out, and frankly I would enjoy learning about this level of computing. If anyone has any suggestions on how I can learn to detect this intrusion I would appreciate any advice.
Thanks for your help.
Comment