User profile for user: mavieth
mavieth Author
User level: Level 1
4 points

Have I been hacked? Netstat

Hello,


I was attacked via a phishing email and had passwords stolen to several of my websites. I ran netstat to see what was happening with incoming and outgoing connections. Does any of this look suspicious?




dhcp-164-107-230-209:~ michaelvieth$ netstat

Active Internet connections

Proto Recv-Q Send-Q Local Address Foreign Address (state)

tcp4 0 0 dhcp-164-107-230.50847 a23-60-83-69.dep.https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50837 cache.google.com.https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50836 ord08s12-in-f10..https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50834 199.16.156.52.https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50832 ord08s12-in-f10..https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50830 ord30s21-in-f13..https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50829 ie-in-f154.1e100.https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50820 cache.google.com.https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50808 ord30s21-in-f2.1.https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50806 ord31s22-in-f4.1.https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.50804 cache.google.com.https ESTABLISHED

tcp4 0 0 dhcp-164-107-230.49164 17.110.225.201.5223 ESTABLISHED

udp4 0 0 *.* *.*

udp4 0 0 *.62054 *.*

udp4 0 0 dhcp-164-107-230.ntp *.*

udp4 0 0 dhcp-164-107-230.ipsec *.*

udp4 0 0 dhcp-164-107-230.isakm *.*

udp6 0 0 fdbd:9aab:3772:c.ipsec *.*

udp6 0 0 fdbd:9aab:3772:c.isakm *.*

udp6 0 0 fdbd:9aab:3772:c.ntp *.*

udp6 0 0 fe80::511a:c93e:.ntp *.*

udp6 0 0 localhost.ipsec-ms *.*

udp6 0 0 localhost.isakmp *.*

udp4 0 0 localhost.ipsec-msft *.*

udp4 0 0 localhost.isakmp *.*

udp6 0 0 fe80::1%lo0.ipsec-ms *.*

udp6 0 0 fe80::1%lo0.isakmp *.*

udp6 0 0 fe80::5626:96ff:.ipsec *.*

udp6 0 0 fe80::5626:96ff:.isakm *.*

udp6 0 0 fe80::6cd6:dbff:.ipsec *.*

udp6 0 0 fe80::6cd6:dbff:.isakm *.*

udp6 0 0 fe80::511a:c93e:.ipsec *.*

udp6 0 0 fe80::511a:c93e:.isakm *.*

udp6 0 0 *.mdns *.*

udp4 0 0 *.mdns *.*

udp6 0 0 fe80::5626:96ff:.ntp *.*

udp4 0 0 *.* *.*

udp6 0 0 fe80::6cd6:dbff:.ntp *.*

udp6 0 0 fe80::1%lo0.ntp *.*

udp4 0 0 localhost.ntp *.*

udp6 0 0 localhost.ntp *.*

udp6 0 0 *.ntp *.*

udp4 0 0 *.ntp *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 all-systems.mcas.5350 *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp6 0 0 *.mdns *.*

udp4 0 0 *.* *.*

udp6 0 0 *.mdns *.*

udp4 0 0 *.mdns *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp46 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp46 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.netbios-ns *.*

udp4 0 0 *.netbios-dgm *.*

Active Multipath Internet connections

Proto/ID Flags Local Address Foreign Address (state)

icm6 0 0 *.* *.*

Active LOCAL (UNIX) domain sockets

Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr

f3af90fc06115d25 stream 0 0 0 f3af90fc0611548d 0 0 /var/run/mDNSResponder

f3af90fc0611548d stream 0 0 0 f3af90fc06115d25 0 0

f3af90fc061157ad stream 0 0 0 f3af90fc04cc3acd 0 0 /var/run/mDNSResponder

f3af90fc04cc3acd stream 0 0 0 f3af90fc061157ad 0 0

f3af90fc06115acd stream 0 0 0 f3af90fc060febfd 0 0 /var/run/mDNSResponder

f3af90fc060febfd stream 0 0 0 f3af90fc06115acd 0 0

f3af90fc04cc3ded stream 0 0 0 f3af90fc0613fcc5 0 0 /var/run/mDNSResponder

f3af90fc0613fcc5 stream 0 0 0 f3af90fc04cc3ded 0 0

f3af90fc04cc4fe5 stream 0 0 0 f3af90fc04cc4e55 0 0 /var/run/mDNSResponder

f3af90fc04cc4e55 stream 0 0 0 f3af90fc04cc4fe5 0 0

f3af90fc01392c5d stream 0 0 0 f3af90fc060e867d 0 0 /var/run/mDNSResponder

f3af90fc060e867d stream 0 0 0 f3af90fc01392c5d 0 0

f3af90fc0613f365 stream 0 0 0 f3af90fc060e8d85 0 0 /var/run/mDNSResponder

f3af90fc060e8d85 stream 0 0 0 f3af90fc0613f365 0 0

f3af90fc04cc2bf5 stream 0 0 0 f3af90fc04cc30a5 0 0 /var/run/mDNSResponder

f3af90fc04cc30a5 stream 0 0 0 f3af90fc04cc2bf5 0 0

f3af90fc060feb35 stream 0 0 0 f3af90fc06115555 0 0 /var/run/mDNSResponder

f3af90fc06115555 stream 0 0 0 f3af90fc060feb35 0 0

f3af90fc04cc474d stream 0 0 0 f3af90fc04cc2105 0 0 /var/run/mDNSResponder

f3af90fc04cc2105 stream 0 0 0 f3af90fc04cc474d 0 0

f3af90fc0613ffe5 stream 0 0 f3af90fc0719b3d5 0 0 0 /Users/michaelvieth/Library/Group Containers/gdrive/tmpGCO86B

f3af90fc06114fdd stream 0 0 0 f3af90fc06115235 0 0 /var/run/usbmuxd

f3af90fc06115235 stream 0 0 0 f3af90fc06114fdd 0 0

f3af90fc04cc3f7d stream 0 0 0 f3af90fc04cc4045 0 0 /var/run/mDNSResponder

f3af90fc04cc4045 stream 0 0 0 f3af90fc04cc3f7d 0 0

f3af90fc04cc41d5 stream 0 0 0 f3af90fc04cc410d 0 0 /var/run/mDNSResponder

f3af90fc04cc410d stream 0 0 0 f3af90fc04cc41d5 0 0

f3af90fc04cc429d stream 0 0 0 f3af90fc01392d25 0 0 /var/run/mDNSResponder

f3af90fc01392d25 stream 0 0 0 f3af90fc04cc429d 0 0

f3af90fc04cc4bfd stream 0 0 f3af90fc04d2f885 0 0 0 /var/folders/1f/w1ck_fqx65d2dhg78tsx6y6r0000gn/T/icssuis501

f3af90fc01391105 stream 0 0 0 f3af90fc013911cd 0 0

f3af90fc013911cd stream 0 0 0 f3af90fc01391105 0 0

f3af90fc013920a5 stream 0 0 0 f3af90fc01391fdd 0 0 /var/run/mDNSResponder

f3af90fc01391fdd stream 0 0 0 f3af90fc013920a5 0 0

f3af90fc01391bf5 stream 0 0 0 f3af90fc01391d85 0 0 /var/run/mDNSResponder

f3af90fc01391d85 stream 0 0 0 f3af90fc01391bf5 0 0

f3af90fc01391b2d stream 0 0 0 f3af90fc01391cbd 0 0 /var/run/mDNSResponder

f3af90fc01391cbd stream 0 0 0 f3af90fc01391b2d 0 0

f3af90fc0139199d stream 0 0 0 f3af90fc01391a65 0 0 /var/run/mDNSResponder

f3af90fc01391a65 stream 0 0 0 f3af90fc0139199d 0 0

f3af90fc0139180d stream 0 0 0 f3af90fc01391745 0 0 /var/run/mDNSResponder

f3af90fc01391745 stream 0 0 0 f3af90fc0139180d 0 0

f3af90fc0139135d stream 0 0 f3af90fc03bbd6a5 0 0 0 /private/tmp/com.apple.launchd.ObqKYE2jcu/Listeners

f3af90fc01391295 stream 0 0 f3af90fc03bbd885 0 0 0 /private/tmp/com.apple.launchd.Cg8VYT50uA/Render

f3af90fc01391425 stream 0 0 f3af90fc03bbda65 0 0 0 /var/tmp/filesystemui.socket

f3af90fc0139216d stream 0 0 0 f3af90fc01392235 0 0 /var/run/mDNSResponder

f3af90fc01392235 stream 0 0 0 f3af90fc0139216d 0 0

f3af90fc0139248d stream 0 0 0 f3af90fc01392555 0 0 /var/run/mDNSResponder

f3af90fc01392555 stream 0 0 0 f3af90fc0139248d 0 0

f3af90fc013931d5 stream 0 0 f3af90fc02216885 0 0 0 /var/run/pppconfd

f3af90fc0139342d stream 0 0 f3af90fc0168de25 0 0 0 /private/var/run/cupsd

f3af90fc013934f5 stream 0 0 f3af90fc0162e4c5 0 0 0 /var/run/usbmuxd

f3af90fc013935bd stream 0 0 f3af90fc016123d5 0 0 0 /var/run/systemkeychaincheck.socket

f3af90fc01393685 stream 0 0 f3af90fc015eb1f5 0 0 0 /var/run/portmap.socket

f3af90fc0139374d stream 0 0 f3af90fc015eb795 0 0 0 /var/run/vpncontrol.sock

f3af90fc01393815 stream 0 0 f3af90fc015ae975 0 0 0 /var/rpc/ncacn_np/wkssvc

f3af90fc013938dd stream 0 0 f3af90fc015aec45 0 0 0 /var/rpc/ncalrpc/wkssvc

f3af90fc013939a5 stream 0 0 f3af90fc015aef15 0 0 0 /var/rpc/ncacn_np/srvsvc

f3af90fc01393a6d stream 0 0 f3af90fc0159f105 0 0 0 /var/rpc/ncalrpc/srvsvc

f3af90fc01393b35 stream 0 0 f3af90fc0159f3d5 0 0 0 /var/rpc/ncalrpc/NETLOGON

f3af90fc01393bfd stream 0 0 f3af90fc0159f5b5 0 0 0 /var/rpc/ncacn_np/mdssvc

f3af90fc01393cc5 stream 0 0 f3af90fc0159f6a5 0 0 0 /var/rpc/ncacn_np/lsarpc

f3af90fc01393d8d stream 0 0 f3af90fc0159fb55 0 0 0 /var/rpc/ncalrpc/lsarpc

f3af90fc01393e55 stream 0 0 f3af90fc015215b5 0 0 0 /var/run/mDNSResponder

f3af90fc06115b95 dgram 0 0 0 f3af90fc060e8425 f3af90fc060e8425 0

f3af90fc060e8425 dgram 0 0 0 f3af90fc06115b95 f3af90fc06115b95 0

f3af90fc06115f7d dgram 0 0 0 f3af90fc06114cbd f3af90fc06114cbd 0

f3af90fc06114cbd dgram 0 0 0 f3af90fc06115f7d f3af90fc06115f7d 0

f3af90fc06114425 dgram 0 0 0 f3af90fc06114295 f3af90fc06114295 0

f3af90fc06114295 dgram 0 0 0 f3af90fc06114425 f3af90fc06114425 0

f3af90fc0613f8dd dgram 0 0 0 f3af90fc060fefe5 f3af90fc060fefe5 0

f3af90fc060fefe5 dgram 0 0 0 f3af90fc0613f8dd f3af90fc0613f8dd 0

f3af90fc04cc2fdd dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc060e8f15

f3af90fc04cc4f1d dgram 0 0 0 f3af90fc060e8fdd f3af90fc060e8fdd 0

f3af90fc060e8fdd dgram 0 0 0 f3af90fc04cc4f1d f3af90fc04cc4f1d 0

f3af90fc060e8f15 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc0613fe55

f3af90fc0611593d dgram 0 0 0 f3af90fc0613fa6d f3af90fc0613fa6d 0

f3af90fc0613fa6d dgram 0 0 0 f3af90fc0611593d f3af90fc0611593d 0

f3af90fc06115875 dgram 0 0 0 f3af90fc04cc4815 f3af90fc04cc4815 0

f3af90fc04cc4815 dgram 0 0 0 f3af90fc06115875 f3af90fc06115875 0

f3af90fc0613ff1d dgram 0 0 0 f3af90fc0613fd8d f3af90fc0613fd8d 0

f3af90fc0613fd8d dgram 0 0 0 f3af90fc0613ff1d f3af90fc0613ff1d 0

f3af90fc061144ed dgram 0 0 0 f3af90fc06114d85 f3af90fc06114d85 0

f3af90fc06114d85 dgram 0 0 0 f3af90fc061144ed f3af90fc061144ed 0

f3af90fc04cc4685 dgram 0 0 0 f3af90fc061153c5 f3af90fc061153c5 0

f3af90fc061153c5 dgram 0 0 0 f3af90fc04cc4685 f3af90fc04cc4685 0

f3af90fc061152fd dgram 0 0 0 f3af90fc04cc44f5 f3af90fc04cc44f5 0

f3af90fc04cc44f5 dgram 0 0 0 f3af90fc061152fd f3af90fc061152fd 0

f3af90fc04cc442d dgram 0 0 0 f3af90fc04cc4365 f3af90fc04cc4365 0

f3af90fc04cc4365 dgram 0 0 0 f3af90fc04cc442d f3af90fc04cc442d 0

f3af90fc01392b95 dgram 0 0 0 f3af90fc01392acd f3af90fc01392acd 0

f3af90fc01392acd dgram 0 0 0 f3af90fc01392b95 f3af90fc01392b95 0

f3af90fc060fe29d dgram 0 0 0 f3af90fc04cc45bd f3af90fc04cc45bd 0

f3af90fc04cc45bd dgram 0 0 0 f3af90fc060fe29d f3af90fc060fe29d 0

f3af90fc0611561d dgram 0 0 0 f3af90fc061150a5 f3af90fc061150a5 0

f3af90fc061150a5 dgram 0 0 0 f3af90fc0611561d f3af90fc0611561d 0

f3af90fc0613fe55 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc04cc3a05

f3af90fc04cc3a05 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc04cc4cc5

f3af90fc04cc4cc5 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc01391f15

f3af90fc01391f15 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc01392f7d

f3af90fc013915b5 dgram 0 0 0 f3af90fc0139167d f3af90fc0139167d 0

f3af90fc0139167d dgram 0 0 0 f3af90fc013915b5 f3af90fc013915b5 0

f3af90fc013914ed dgram 0 0 0 f3af90fc013918d5 f3af90fc013918d5 0

f3af90fc013918d5 dgram 0 0 0 f3af90fc013914ed f3af90fc013914ed 0

f3af90fc013922fd dgram 0 0 0 f3af90fc013923c5 f3af90fc013923c5 0

f3af90fc013923c5 dgram 0 0 0 f3af90fc013922fd f3af90fc013922fd 0

f3af90fc0139261d dgram 0 0 0 f3af90fc013926e5 f3af90fc013926e5 0

f3af90fc013926e5 dgram 0 0 0 f3af90fc0139261d f3af90fc0139261d 0

f3af90fc013927ad dgram 0 0 0 f3af90fc01392875 f3af90fc01392875 0

f3af90fc01392875 dgram 0 0 0 f3af90fc013927ad f3af90fc013927ad 0

f3af90fc0139293d dgram 0 0 0 f3af90fc01392a05 f3af90fc01392a05 0

f3af90fc01392a05 dgram 0 0 0 f3af90fc0139293d f3af90fc0139293d 0

f3af90fc01392ded dgram 0 0 0 f3af90fc01392eb5 f3af90fc01392eb5 0

f3af90fc01392eb5 dgram 0 0 0 f3af90fc01392ded f3af90fc01392ded 0

f3af90fc01392f7d dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc01393f1d

f3af90fc01393045 dgram 0 0 0 f3af90fc0139310d f3af90fc0139310d 0

f3af90fc0139310d dgram 0 0 0 f3af90fc01393045 f3af90fc01393045 0

f3af90fc0139329d dgram 0 0 0 f3af90fc01393365 f3af90fc01393365 0

f3af90fc01393365 dgram 0 0 0 f3af90fc0139329d f3af90fc0139329d 0

f3af90fc01393f1d dgram 0 0 0 f3af90fc01393fe5 0 0

f3af90fc01393fe5 dgram 0 0 f3af90fc0137f1f5 0 f3af90fc04cc2fdd 0 /private//var/run/syslog

Registered kernel control modules

id flags pcbcount rcvbuf sndbuf name

1 9 0 131072 8192 com.apple.flow-divert

2 1 1 16384 2048 com.apple.nke.sockwall

3 9 0 524288 524288 com.apple.content-filter

4 9 0 8192 2048 com.apple.packet-mangler

5 1 2 65536 65536 com.apple.net.necp_control

6 9 1 524288 524288 com.apple.net.utun_control

7 1 0 65536 65536 com.apple.net.ipsec_control

8 0 13 8192 2048 com.apple.netsrc

9 18 0 8192 2048 com.apple.network.statistics

a 5 0 8192 2048 com.apple.network.tcp_ccdebug

Active kernel event sockets

Proto Recv-Q Send-Q vendor class subcla

kevt 0 0 1 1 2

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 1 1

kevt 0 0 1 1 10

kevt 0 0 1001 5 11

kevt 0 0 1 1 2

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 1 2

kevt 0 0 1 6 1

kevt 0 0 1 1 0

Active kernel control sockets

Proto Recv-Q Send-Q unit id name

kctl 0 0 1 2 com.apple.nke.sockwall

kctl 0 0 1 5 com.apple.net.necp_control

kctl 0 0 2 5 com.apple.net.necp_control

kctl 0 0 1 6 com.apple.net.utun_control

kctl 0 0 1 8 com.apple.netsrc

kctl 0 0 2 8 com.apple.netsrc

kctl 0 0 3 8 com.apple.netsrc

kctl 0 0 4 8 com.apple.netsrc

kctl 0 0 5 8 com.apple.netsrc

kctl 0 0 6 8 com.apple.netsrc

kctl 0 0 7 8 com.apple.netsrc

kctl 0 0 8 8 com.apple.netsrc

kctl 0 0 10 8 com.apple.netsrc

kctl 0 0 11 8 com.apple.netsrc

kctl 0 0 12 8 com.apple.netsrc

kctl 0 0 13 8 com.apple.netsrc

kctl 0 0 20 8 com.apple.netsrc

dhcp-164-107-230-209:~ michaelvieth$






Thanks in advance!!

MacBook Pro, OS X Yosemite (10.10.1)

Posted on Feb 22, 2015 4:08 PM

Reply
16 replies

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Have I been hacked? Netstat

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up