I am probably the most dangerous kind of user. I have the heart of a true tinker and I'm very curious... But I have no formal training on networking. That being said I would like to describe what is going on and would welcome comments or suggestions - even links to more information.
I have a cable modem from optimum online. We also have a cisco wireless router and a number of wireless devices. recently I have noticed that there has been a serious change in our network activity and significant speed problems. I have done all basic trouble shooting (i.e. turning off all/most wireless connections to check speed, directly connecting to the modem, virus scanning the computers, checking for updates on all items)
I began to think I had a computer which was a "zombie" but could not find any virus or malware on it. I also understand that it does not mean that nothing is there... but the updated sophos anivirus for mac could not find anything. I use firefox with "noscript" and stay away from strange downloads or torrent files.
I have read all over that there are constant problems with wifi networks getting hacked and the like so have changed the passwords and also used a mac address filter so only authorized devices can access the wifi router, but things are still very very slow. I know many providers are having problems keeping up with the load on servers and some are even causing problems for streaming companies by cutting bandwidth or slowing it (there are a number of lawsuits going about this and cablevision/optimum is one of them). So, I guess I'm not sure what the problem is. I understand it could be anything, even that my network cable needs to be replaced...
Yesterday I decided to monitor the "traffic" from my network by viewing the log files produced by my wireless router and noticed that an IP address was listed, that I did not recognize. All other devices were powered off and only my laptop, router and modem were active. There were a number of communications - constant network chatter to various IP/DNS addresses in the log even though I was not doing anything on the computer an all applications were closed accept the router settings in firefox. Several of these IP addresses went to google and some other big name companies, mostly fraud departments and copyright verifications. I have a copy of the log file if anyone is interested and used domaintools.com whois to find the information on the ips...
Does this mean that:
1.) There is something on my computer contacting these address using a strange IP address?
2.) That the modem is talking to these addresses?
3.) Is this the network activity that is slowing down my network? as it is constant, every 10-30 seconds.
4.) Could the computer be a zombie and is now being monitored for sending malware or something?
I have many questions and would even be willing to speak to (read pay for classes) someone "tutor" style to understand this better. I am not a great book learner - tinkering is my method - so I have trouble with those encyclopedic books on networking...
Loc: Pinellas Park, Florida
All very good questions. Is the traffic all incoming, outgoing, or a mix? I always notice that there is nearly constant activity indicated on my cable modem, but it doesn't translate over to my wireless router nor my LAN home network. There is a little app, Little Snitch , that will alert you to nefarious activity (actually, it will alert you to all activity unless you tweak its settings). Another thing to check is the built-in firewall settings in OSX.
System Preferences>Security & Privacy>Firewall
I have mine fairly well locked down with Stealth on and it doesn't affect my ability to connect to anything.
Yesterday I decided to monitor the "traffic" from my network by viewing the log files produced by my wireless router and noticed that an IP address was listed, that I did not recognize.
Was it an internal or external IP address?
You can zip the log and send it to the email address in my profile.
If you have it set up for MAC address filtering and you use a good 12 digit or more password I'd say it's it's just random hits from the outside. It found a live IP and is trying to get in. This happens 24/7 on any router.
I appears to be an internal IP, or at least within the range of my IP numbers, but it is an IP not attached to any device that I know of. I downloaded a copy of wireshark but honestly - I have no idea what the hell i'm looking at. Although there is a LOT of data, even for just 30 seconds of capture.
I will zip the log file and the wireshark data in txt format for you. Thanks.
Xplain's use of MacNews, AppleCentral and AppleExpo are not affiliated with Apple, Inc. MacTech is a registered trademark of Xplain Corporation. AppleCentral, MacNews, Xplain, "The journal of Apple technology", Apple Expo, Explain It, MacDev, MacDev-1, THINK Reference, NetProfessional, MacTech Central, MacTech Domains, MacForge, and the MacTutorMan are trademarks or service marks of Xplain Corp. Sprocket is a registered trademark of eSprocket Corp. Other trademarks and copyrights appearing in this printing or software remain the property of their respective holders.
All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.