Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Unknown SMB connections (hacked?)

I'm getting a lot of messages in my system.log along the lines of:


Apr 24 09:30:00 computername smbd[18939]: 123.45.67.89 SMB client not supported - Unicode strings are required

Apr 24 09:30:00 computername sandboxd[18997] ([18995]): smbd(18995) deny job-creation


I don't recognise the IP addresses, and there seem to be log entries every 5 minutes or so. I only have a few ports fowarded on my router and they're not related to SMB.


Am I right in thinking these are incoming, not outgoing connections? Any idea if I can find out how these connections are reaching my computer? Can I find a list or log successful SMB connections?

Mac mini, Mac OS X (10.7.3)

Posted on Apr 24, 2012 1:50 AM

Reply
2 replies

Apr 24, 2012 1:56 AM in response to penx

I've just noticed these messages too though they appear at different times:


Apr 24 09:31:00 computername mDNSResponder[18]: Permission denied (NOAUTH): _smb._tcp.i_have.members.mac.com.

Apr 24 09:31:00 computername mDNSResponder[18]: hndlRecordUpdateReply: Registration of record _smb._tcp.*accountname*.members.mac.com. type 12 failed with error -65537

Apr 30, 2012 3:19 PM in response to penx

I think a security hole in 'Back to my Mac' was to blame (which, as far as I was aware, was turned off).


I think I had it enabled before I upgraded to iCloud, for some reason it was still trying to register for some old MobileMe web services and probably opening up ports in the process.


Turning both iCloud and MobileMe on and off a few times seemed to switch it off.

Unknown SMB connections (hacked?)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.