No announcement yet.

Help with Macintosh Security-Someone is trying to hack me!!

  • Filter
  • Time
  • Show
Clear All
new posts

  • Help with Macintosh Security-Someone is trying to hack me!!

    I own a small business with 24 Macs and three PCs. Over the years I have had to learn and perform all my own IP work, including an email server, FTP, firewall, file servers, and setting up our LAN. I know enough to set all this up with reasonable security but I know nothing about serious computer coding, sniffing, etc. What occurred recently has never happened in 16 years of business, and I am very disturbed by it.

    Recently I have been setting up an XServe and accidently found that my personal office Mac had a preference changed that allows remote access to my computer via ssh. I found this by simply exploring the network for servers. Imagine my surprise (and shock) when I found my computer was on the network! I also know enough that ssh allows remote access over the internet, so it is possible that someone from the outside has had access to my computer. I never would have turned this function on and have never seen a setting turn on by itself on any computer, ever. I believe that someone has somehow been able to access my computer and turned this function on in order to gain access to my computer either within the LAN or from outside. I believe this attack to be malicious.

    I have been lurking the forum and realize that most are PC users, however I am hoping someone knows of a Mac or PC software application, or maybe another website or forum that is Mac specific, that can help me discover if there has in fact been an intrusion and if so, how to catch the culprit, and close the door once caught. My research so far points to a sniffing application. Google has not been much help. I do have a PC that I can use if there are not any good appications available for Macintosh.

    This will be a deeper level of computer work than I have ever done before and will be a challenge to figure out, and frankly I would enjoy learning about this level of computing. If anyone has any suggestions on how I can learn to detect this intrusion I would appreciate any advice.

    Thanks for your help.

  • #2
    if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


    • #3
      converge, thanks for your kind and thoughtful reply. I've already found that site.

      A suggestion of the best tools to detect intrusion would be helpful as there are so many on that site and I don't have a decade to fix this problem. I am not interested in hacking, but detection.

      I will be happy to read the manual titled "You F**king Moron". Maybe you have a link to it?


      • #4
        I am not Mac savvy but I know with a PC and a Winblows OS you can log the crap out of it. Not a single bit will move without a logfile of it somewhere. Can you do this on a Mac?

        You may also wish to set up another machine as a packet siffer, put it on a hub with your Mac, and see what you find flying out of your ports..


        • #5
          You may also look for software like Samhain which may be usable on Mac OS X for file integrity and checking. If you don't have any formal lockdown procedure for your network, I would recommend checking out the CIS benchmarks and procecudres for OS X.

          If you want a more solid solution for your network, do what Astcell said and setup a snifffer on a spanned/mirrored port and watch that. You could also install Snort on a box that is mirrored as well, and see how that works out for you.
          Aut disce aut discede


          • #6
            Originally posted by mutthead
            I will be happy to read the manual titled "You F**king Moron". Maybe you have a link to it?
            Don't take it personally, it's a sig...

            OTOH, I should fairly warn you that this thread was originally balancing between valid question and support request. From the previous post it seems like you want a specific answer spoonfed to you instead of recommendations to find it, in spite of your comment about my sig.

            A little groundwork will get you a long way, visiting isn't enough. You might be interested reviewing the tools listed under "Mac OS X Network Security". For a further hint, consider googling with phrases like "mac, intrusion detection" ... you might be surprised what you'll dig up.
            if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


            • #7
              If I was snooping him you can bet I'd keep a log of any new software he installed on that box. If he installs a snooper on the SAME box then I will know he knows I am there.


              • #8
                Converge, I apologize. I didn't realize it was a sig.

                Thanks all. I'll check out the app/websites you recommend. I'd come across Snort before but wasn't sure it was the tool I need. I'm sure PC apps are better. Can you recommend a good PC app? I've got a PC laptop I can use.

                I've got my network locked down pretty good, or thought I did. This is very disturbing. I know enough to know that I don't know how to fend off an attack from a serious hacker, but I have to learn quickly.