Possible Airport Hack:
A few nights ago, my little snitch app prompted me to let me know my apple airport extreme 802.11n base station was trying to connect to:
64.212.198.115
OrgName: Global Crossing
OrgID: GBLX
Address: 14605 South 50th Street
City: Phoenix
StateProv: AZ
PostalCode: 85044-6471
Country: US
If you need more info about the little snitch application:
http://www.obdev.at/products/littlesnitch/index.html
I created a rule in little snitch to deny access on this IP for any port, forever. Naturally, this made me a little paranoid since that has never happened before, even though I've been using little snitch for years. The next night, I went out to dinner and when I came back my airport utility app was open and said it was successful at reconfiguring something. I yanked the power plug for the router and airport...which was probably stupid because I probably should have investigated further before doing something so severe. At this point I plugged everything back in and reset the airport to it's default factory settings & all of a sudden it's trying to connect to several more IP's:
204.2.160.113
OrgName: NTT America, Inc.
OrgID: NTTAM-1
Address: 8005 South Chester Street
Address: Suite 200
City: Centennial
StateProv: CO
PostalCode: 80112
Country: US
205.177.95.62
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 520 Herndon Parkway
Address: Suite E
City: Herndon
StateProv: VA
PostalCode: 20170
Country: US
I ruled to deny access on all ports, forever, then reset the airport and little snitch several times to factory default settings. (to see if it would try again) The airport utility app still repeatedly tried to connect to these IPs and I denied each one forever. This would happen every time I did a factory reset of little snitch and the airport base station. After that, I unplugged my comcast router and reconfigured my apple g5 with a new password and extra firewall measures. Then I configured the airport with a new wpa/wpa2 password, a closed network and mac addresses. Nothing has happened since...it's been 24 hours as I write this.
So, what is your opinion of this? Shady comcast activity? Random hack? NSA? Your guess is as good as mine. I have a feeling any one of those 3 IPs could be a proxy of some sort.
64.212.198.115
OrgName: Global Crossing
OrgID: GBLX
Address: 14605 South 50th Street
City: Phoenix
StateProv: AZ
PostalCode: 85044-6471
Country: US
If you need more info about the little snitch application:
http://www.obdev.at/products/littlesnitch/index.html
I created a rule in little snitch to deny access on this IP for any port, forever. Naturally, this made me a little paranoid since that has never happened before, even though I've been using little snitch for years. The next night, I went out to dinner and when I came back my airport utility app was open and said it was successful at reconfiguring something. I yanked the power plug for the router and airport...which was probably stupid because I probably should have investigated further before doing something so severe. At this point I plugged everything back in and reset the airport to it's default factory settings & all of a sudden it's trying to connect to several more IP's:
204.2.160.113
OrgName: NTT America, Inc.
OrgID: NTTAM-1
Address: 8005 South Chester Street
Address: Suite 200
City: Centennial
StateProv: CO
PostalCode: 80112
Country: US
205.177.95.62
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 520 Herndon Parkway
Address: Suite E
City: Herndon
StateProv: VA
PostalCode: 20170
Country: US
I ruled to deny access on all ports, forever, then reset the airport and little snitch several times to factory default settings. (to see if it would try again) The airport utility app still repeatedly tried to connect to these IPs and I denied each one forever. This would happen every time I did a factory reset of little snitch and the airport base station. After that, I unplugged my comcast router and reconfigured my apple g5 with a new password and extra firewall measures. Then I configured the airport with a new wpa/wpa2 password, a closed network and mac addresses. Nothing has happened since...it's been 24 hours as I write this.
So, what is your opinion of this? Shady comcast activity? Random hack? NSA? Your guess is as good as mine. I have a feeling any one of those 3 IPs could be a proxy of some sort.
G5 Quad 4x2.5 ghz 4 gb ram, Mac OS X (10.4.5)
