Currently Being ModeratedNov 27, 2011 10:48 AM (in response to Faris Kalin)
Several things could be happening, is Mail running? Time/Date can be updating, Bonjour can be advertising services.
What encryption or type of connection does it use? Could someone nearby be using it?
Open Activity Monitor>Network Tab, does it show sent/rec'd bytes when the flashing is happening?
Little Snitch, stops/alerts outgoing stuff...
Currently Being ModeratedNov 28, 2011 12:01 AM (in response to BDAqua)
About every 15-30 seconds, .07 to .15 kb of data is sent and received according to the network tab in the activity monitor this coincides with the flashing on the mifi.
There is definitely no one else using the mifi because the mifi shows how many users are attached to it on it's LCD screen and it only shows 1. Plus, I have it password protected using WPA2.
I don't know what type of encrytion or connection it uses. I wouldn't know how to find that out.
I've never heard of Bonjour and I've actually never opened my Mail program on my Macbook ever.
I didn't really think much about it when I was using my 3G mifi. I just assumed it was something that the mifi did. It was a 1st generation device and worked a bit weird anyway. However, I've only had the 4G version a few weeks. It's much newer so I wouldn't expect it to be doing that. Plus, I tried connecting my iPod Touch to it, and it didn't show any data being sent or received when I wasn't using a service that would be doing that.
It's such a small amout of data, but it's such a consistent flow of data that I'm not sure whether I should be worried about it or not.
Currently Being ModeratedNov 28, 2011 10:31 AM (in response to Faris Kalin)
WPA2 is the encryption type it's using, which is good.
I wouldn't be worried, it seems normal here, but Little Snitch would likely tell you what it was that wanted out.
Currently Being ModeratedNov 29, 2011 2:41 AM (in response to BDAqua)
When I get some spare time, I might try installing Little Snitch. It would be interesting to get some more info on this. Thanks for letting me know about that program. Anything I should know about installing it or using it?
The data amount transmitted is so small but at such regular intervals that it makes me really curious as to what it could be.
Currently Being ModeratedNov 29, 2011 9:39 AM (in response to Faris Kalin)
Currently Being ModeratedDec 28, 2011 2:15 AM (in response to BDAqua)
I finally got around to installing Little Snitch. That is quite an interesting program. It looks like the culprit for the data transfer when nothing else was open is "time.apple.com". After looking it up online, this appears to be the automatic updater for the clock so that it stays on proper time.
I do have some questions about the program though. There are some odd things that showed up when I booted up Safari (but not while I was in Firefox). Any idea what they are? Are they just local network stuff (I did check to have that show up before I started up Safari). Are they normal or something I should worry about? I had Firefox running for awhile but I didn't have the "show local connections" box checked for very long with Firefox open. I'm on a laptop and not connected to anything except my mifi router.
One is "Finder via nmblookup" in /system/library/coreservices/finder.app
It showed up and then immediately terminated
Another is "DirectoryService" in /usr/sbin/DirectoryService
Another is "mDNSResponder" in /usr/sbin/mDSNResponder
Currently Being ModeratedDec 28, 2011 3:17 AM (in response to BDAqua)
Also, what is the "pubsubagent"? It shows up and tries to connect to the apple discussion forums when I start safari. I'd have more into about it, but it doesn't stay in the list like the other items do.
Sorry for all of the Little Snitch questions, but it isn't exactly user friendly. Does Little Snitch start up automatically when you boot the computer or do you have to launch it. It's odd that there doesn't seem to be a manual for it.
Currently Being ModeratedDec 28, 2011 3:32 AM (in response to Faris Kalin)
This agent is probably ok. A technical note, http://support.apple.com/kb/TS1770, says in part: "The PubSub agent syncs the RSS read/unread status of bookmarked RSS feeds between computers using Mac OS X 10.5 that are syncing bookmarks via MobileMe Sync."
Currently Being ModeratedDec 28, 2011 10:56 PM (in response to BDAqua)
Thanks for the info. Little Snitch is definitely a great program, but it sure makes me paranoid since I don't know what half of the stuff that pops up is. It's troublesome for me because I got a Mac so that I wouldn't have to be so paranoid. lol
Today it stated that "AirPort Base Station Agent" at "/System/Library/CoreServices/AirPort Base Station Agent.app" asked to connect to css.wlxrs.com and apsu.apple.com. I don't even have an airport base station nor have I ever connected to one.
Then there is "usbmuxd" at "/System/Library/PrivateFrameworks/MobileDevice.framework/ which looks like it's connecting to the address of the mifi if I'm remembering the mifi's address correctly.
Are these things normal too?
Currently Being ModeratedDec 29, 2011 9:24 AM (in response to Faris Kalin)
It'll get easier.
css.wlxrs.com appears to be malware alright, (mostly Windows though), open Little Snitch Rules & make sure that one is denied always...
Then get the Free Sophos AV software...
Currently Being ModeratedDec 30, 2011 1:12 AM (in response to BDAqua)
Weird. NoScript (a Firefox anti-script extension) has wlxrs.com whitelisted. I think hotmail uses it for something.
x Restored wlxrs.com in the default whitelist (it had
accidentally changed back to two subdomains)
Also, Avast seems to think it's ok: