Nat! bio photo

Nat!

Senior Mull.

Twitter RSS

Github

launchproxy sshd hack ?

Factoid: I have LittleSnitch2 installed. That program has a little network monitor, in the menu bar. Other factoid, I am paranoid.

OK, so while reading some forums, I was somewhat intrigued, that my DSL outgoing line was staying "red" for a long time. That was pretty unusal, because there shouldn't have been anything going on.

I turned off my mail apps, which were the only candidates for outbound traffic. Still output stayed red. That made me slightly nervous.

So I clicked in the network monitor, and I saw an sshd connection to alandao.org started by launchproxy. I certainly never initiated that myself via terminal. I don't even know what alandao.org is in the first place. And this stuff was apparently sending data from my machine. I tried killing it with kill but it reappeared. It was panic time and I turned off the machine.

Turning the machine back on, I can't reproduce it. What happened ? Is my box already owned ? Hmm...