possible airport hack?

General discussions about Little Snitch
Post Reply
johnnyrandom

possible airport hack?

Post by johnnyrandom » Sun Oct 21, 2007 8:10 am

A few nights ago, my little snitch app prompted me to let me know my apple airport extreme 802.11n base station was trying to connect to:

64.212.198.115
OrgName: Global Crossing
OrgID: GBLX
Address: 14605 South 50th Street
City: Phoenix
StateProv: AZ
PostalCode: 85044-6471
Country: US

I created a rule in little snitch to deny access on this IP for any port, forever. Naturally, this made me a little paranoid since that has never happened before, even though I've been using little snitch for years. The next night, I went out to dinner and when I came back my airport utility app was open and said it was successful at reconfiguring something. I yanked the power plug for the router and airport...which was probably stupid because I probably should have investigated further before doing something so severe. At this point I plugged everything back in and reset the airport to it's default factory settings & all of a sudden it's trying to connect to several more IP's:

204.2.160.113
OrgName: NTT America, Inc.
OrgID: NTTAM-1
Address: 8005 South Chester Street
Address: Suite 200
City: Centennial
StateProv: CO
PostalCode: 80112
Country: US

205.177.95.62
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 520 Herndon Parkway
Address: Suite E
City: Herndon
StateProv: VA
PostalCode: 20170
Country: US

I ruled to deny access on all ports, forever, then reset the airport and little snitch several times to factory default settings. (to see if it would try again) The airport utility app still repeatedly tried to connect to these IPs and I denied each one forever. This would happen every time I did a factory reset of little snitch and the airport base station. After that, I unplugged my comcast router and reconfigured my apple g5 with a new password and extra firewall measures. Then I configured the airport with a new wpa/wpa2 password, a closed network and mac addresses. Nothing has happened since...it's been 24 hours as I write this.

So, what is your opinion of this? Shady comcast activity? Random hack? NSA? Your guess is as good as mine. I have a feeling any one of those 3 IPs could be a proxy of some sort.

Alan

Same thing?

Post by Alan » Wed Oct 24, 2007 3:40 pm

I've had something very similar happen... would be nice to find out what it is? I'm also using WPA2, etc... but this was rather suspicious.

johnnyrandom

Re: Same thing?

Post by johnnyrandom » Thu Oct 25, 2007 2:17 am

Well, I have posted this same info on Apple's discussion boards, in here, emailed it to my fellow geeks...no dice. I was hoping someone might give me a lead or show m how to dig up some more info from my logs or something. It remains a mystery for now. When it happened to you, was it the same IP numbers? Give more info on your experience if you can.

Guest

Post by Guest » Mon Nov 05, 2007 3:23 pm

Try to switch of automatic update :( Worked for me.

Guest

Post by Guest » Mon Nov 05, 2007 3:24 pm

Anonymous wrote:Try to switch off automatic update :( Worked for me.

Post Reply