Mac OS X Kernel communication with strange IP address

No I don't use or have any file sharing software on my computer at all

Thanks Wayne:

Sounds a bit serious that.
How do I post a log file - just paste it into the response?
But I'm not sure it will show much anyway because it's very short, the first line says:

Apr 23 11:00:00 r11hz81 newsyslog[894]: logfile turned over due to size>100K

which I suppose means that it got too big and got cleaned out (this morning), which was just after I noticed the kernel activity, and after which I immediately put a stop on it with Little Snitch. 90% of the entries after that relate to Skype. Apart from that I have no Adobe CS4 or iLife, dubious or otherwise on my system.

Wayne:

Sorry I didn't get back to you yesterday (got a little busy). However,

(1) I checked the little snitch logs and although there are about 4 logs there is actually nothing in them ?
(2) This morning I tuned LS network monitor on so that it stayed visible and after a while Mac OS X Kernel started communicating again (this is despite the fact that in LS I blocked all outgoing connections)
(3) I checked the firewall log for the IP addresses and all the connections relate to Skype. They are all the same as follows:
Apr 25 08:46:56 r6bl33 Firewall[40]: Allow Skype connecting from 78.105.46.149:50088 uid = 0 proto=6
(only the port number, which I guess are the digits following the colon changes - but they all begin with a 4, 5 or 6)
(4) I restarted the Mac and started LS network monitor. Nothing happened until I started Skype and after a few seconds Mac OS X Kernel appeared in the network monitor. THe IP address that Mac OS X communicated with was: 88.222.69.119. This IP address was also in the list of connections that Skype made. I think the Skype connection came first because I saw the same IP address flash up twice and in between Mac OSX Kernel became active.
(5) Just went through the restart exercise again. This time it took a lot longer for Mac OS X Kernel to appear in the LS network monitor but again the same thing happened. This time the Skype connection was to: p5B114A44.dip.t-dialin.net, (which when I paste it into whois or lookup is pasted as an IP address: 91.17.74.68). And then immediately after Mac OSX Kernel appears in network monitor communicating with the same address.

Does that clarify anything? An infected Skype app?

Wayne, many thanks for your help

Skype is clearly 'involved', and although I would like to know exactly what is going on, I just don't have the time to do that right now. It's good to know that my computer probably isn't infected --- unless of course you consider Google Desktop an infection (but that's a whole different story and the reason why I got LS in the first place)

However, if you're interested & very briefly: Once you've installed Google Desktop (and unfortunately I find the functionality very useful, more so than spotlight) you can set the preferences to 'no automatic software update' & no 'stats uploading'. Google ignores that and tries to call home anyway, through all the various processes it has installed every couple of minutes. Little Snitch took care of that. On top of that I was looking through a log the other day, I found a line saying something like: "Google Software update couldn't 'upload stats' because it couldn't find the server" (that's LS working). In other words, if you disabled stats uploading, but allowed automatic software update, Google would find a way to upload your stats to their HQ anyway (and incidentally the Google software update programme runs and trie to call home every several minutes despite the fact that I turned it off)

Finally: I was wondering what was eating space on my disk & I got a small programme called whatsize. Turns out that the google files which show up in the finder as no bigger that a few kb are actually several gigabytes.

For a company whose motto is "Don't do evil", I think they have some explaining to do.
On the other hand maybe that's why their motto is what is. I think most people would assume that companies in general 'don't do evil'. One wonders why Google have to tell us explicitly that they don't

Sorry, went slightly off-topic there

Again, thanks for your help

groovytrain

Thanks Wayne

Glad that you agree with me about Google Desktop

groovytrain