Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question about TCPBlock logging results

Hey



First thing: sorry if this is the wrong place for my question. Let me know if it doesn't belong here.



I just started using TCPBlock to log outgoing connections. Most of the output, in Console, looks like:


7/10/14 18:49:01.000 kernel[0]: tcpblock: allow connection of uTorrent to 89.212.176.159:37096 uid=501 pid=1795 proto=6

7/10/14 18:49:02.000 kernel[0]: tcpblock: allow connection of uTorrent to 88.123.8.213:61837 uid=501 pid=1795 proto=6

7/10/14 18:49:03.000 kernel[0]: tcpblock: allow connection of firefox to 127.0.0.1:12080 uid=501 pid=1989 proto=6


Note that, so far, I'm allowing all outgoing connections, I just want to get an overview of what the connections are.



Then there are the following events in between:


7/10/14 18:49:07.000 kernel[0]: tcpblock: allow connectcptionblock: of c aomllow connect.aion of cvast.promoxy t.avaso t.proxy t194.221o 1.65.23:80 u94.2id=0 pid2=889 proto=6


7/10/14 18:51:02.000 kernel[0]: tcpblock: tcallow connection of upblockTorr: allow connectenion oft fro uTorrent m 192.168.2.2:58240 uid=501 pid=1795to 70 p.189roto=6



7/10/14 18:53:27.000 kernel[0]: tcpblock: allow connection of com.tcavast.proxpblock:y altolow 23.co3.90.24nnection of com.a8:80 uid=0 pidvas=889 proto=6



7/10/14 18:53:32.000 kernel[0]: tcpblock: allow accept from 127.0.0.1:tcpblock: 584all50 toow c coonnection of com.m.avast.avast.proxypr to oxy uid=0 pi205.185d=889 proto=6



They appear to be tcpblock events as well, but look like they are permutations or garbled up versions of the above events.


Anyone knows what's behind this? Maybe related to avast, which at least in some of the events is mentioned as well (though not in all of them).

Posted on Jul 10, 2014 10:19 AM

Reply
6 replies

Jul 10, 2014 11:21 AM in response to zanglebert

Anyone knows what's behind this?

It's your torrent hosting software. It is working exactly as intended, which is to expose your Mac to potential malware intrusion, data loss and information theft. In the example you provided, your Mac is communicating directly with locations in France and Slovenia, which could of course be subsequently redirected anywhere else. If that's not what you want to do, uninstall it.


Uninstall Avast. It is capable of nothing beneficial and can only cause trouble. Use their latest uninstaller, which will remove it completely.

Jul 10, 2014 12:17 PM in response to zanglebert

You're welcome.


what is the reason for the permutations of the words like "connection" "allow" etc.

Corruption, obviously, and quite likely a result of malicious interference.


It's your Mac, do with it as you please, but your apparent inability to correlate unexpected behavior with hosting torrents to the point you need to ask others what's wrong with it is a bit odd.

Jul 10, 2014 12:40 PM in response to John Galt

Thanks again, John. Your answers are as deep as they are helpful.


If you don't know the actual answer ("quite likely a result of malicious interference"), it's okay to admit that.


I'd also like to point out, your type of response - little technical content, instead full of condescension - I have never seen on the various Windows or Linux related forums I've asked questions on before.

Question about TCPBlock logging results

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.