Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Scott Elder

macrumors newbie
Original poster
Feb 18, 2017
1
0
Using my 2012 Macbook Pro with Sierra, I tried to telnet into a 2014 Mac Mini inside my home. Both computers are on the NAT home-side of my Time Capsule router. For a while I was receiving a very mysterious IP address response back. Hopefully someone can help me understand why.

I have the Mac Mini setup as a triple boot with Mac OS X, Windows 8, and Ubuntu 16.04 LTS. My problem was evident when the Mac Mini was booted with Ubuntu.

I was able to telnet successfully a few times as shown below. But then yesterday the telnet response suggested that I was trying to connect to an address I did not specify. I listed the example below. I changed my local IP address numbers to "x" for obvious reasons. The non-x IP address is the actual unknown address reply back.

Here is what happens when I am successful:

Scotts-MacBook-Pro:~ scotty$ telnet xx.x.x.xx 5901
Trying xx.x.x.xx...
Connected to xx.x.x.xx.
Escape character is '^]'.
RFB 003.008

But yesterday this was the reply for the same address above, but a different port (i.e. 5901 vs. 5900):

Scotts-MacBook-Pro:~ scotty$ telnet xx.x.x.xx 5900
Trying 92.242.140.2...

The connection never happened and I eventually control-C out.

Can someone help me understand what has happened. I panicked a bit thinking I had been hacked and started to rip apart my Airport Express extenders which didn't fix anything. I eventually rebooted the Mac Mini, started no processes, and the mysterious response went away.
 
Port 5900 and 5901 are VNC ports. Apparently there was a VNC instance running on port 5901 but not on 5900. From what you posted here I can only say that you tried to connect to a VNC instance on the Mac mini which is running on port 5901 and not on 5901.

The IP address belongs to a company called "BAREFRUIT-ERRORHANDLING". When I search for that I find a company that offers a service to ISPs that allow them to catch all domain names and IP addresses that do not exist and re-route to some "this does not exist" page or some advertisement (check out their homepage). Verizon does something like that too. Not everybody likes this: DNS Hijacking via Barefruit Talktalk and Others. I tend to agree with this: the web already handles these kind of things, services like this is just hijacking traffic. I'm not even sure this is even within EU regulations (the current net "neutrality" regulation in particular) because this is just messing with certain kind of internet traffic. The UK is still in the EU and thus still has to follow the regulations.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.