How to find a rogue leaky process or app

General discussions about Little Snitch
Post Reply
goestoeleven
Posts: 4
Joined: Tue Nov 06, 2018 7:46 pm

How to find a rogue leaky process or app

Post by goestoeleven » Tue Nov 06, 2018 7:53 pm

Hi. New Little Snitch user here.

I have a couple of IP addresses that keep getting flagged/blocked by my router's Google Safe Browsing filters. They are definitely not being actively opened by me nor any app I can find.

Some internet research has tied them to sketchy sites. My anti-malware apps (I've tried Sophos, malwarebytes, and Avast) are coming up clean.

How can I use Little Snitch to help me isolate the rogue? Can I set up specific rule to look for any data sent to a specific ip address?

Thanks in advance!

goestoeleven
Posts: 4
Joined: Tue Nov 06, 2018 7:46 pm

Re: How to find a rogue leaky process or app

Post by goestoeleven » Tue Nov 06, 2018 7:58 pm

For clarity, I'm running on a MBP with macOS 10.14.1

goestoeleven
Posts: 4
Joined: Tue Nov 06, 2018 7:46 pm

Re: How to find a rogue leaky process or app

Post by goestoeleven » Tue Nov 06, 2018 11:10 pm

Ok, so I figured out how to create an IP address-specific rule, and then I created one for each of the addresses that are getting flagged as unsafe on my router.

The rules don't seem to be stopping the leaking though. What else can I do?

goestoeleven
Posts: 4
Joined: Tue Nov 06, 2018 7:46 pm

Re: How to find a rogue leaky process or app

Post by goestoeleven » Thu Nov 08, 2018 9:17 pm

No ideas? If I fully lock down traffic, yet packets are leaking to specific addresses, how can I stop it? And how can I use Little Snitch to find the guilty party?

Post Reply