Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Can you explain double Nat’ed briefly or provide a link that explains?

I’m going to open the MacBook my older one and look up the couple of things you suggested. Because I did purchase an all new one around Xmas I did the initial setup etc. I left it on Wi-Fi and fell asleep one night and when I looked at it the following morning there were tell tale signs something wasn’t right. Since I had no data on it I just decided to reset to default. I input my AppleID and it required the two factor number sent to my phone but I never received it. Tried to get in 3 times but never would receive my two factor Apple ID number. I got extremely upset and didn’t touch the thing for a couple months. Until about two weeks ago except now my password I set up on the thing even with my hint is not working and I had written it down. Either I have major Gremlins or the universe just doesn’t want me to use my new laptop. And after spending $2k on the damn thing.

One of the general consensus is relating to an MDM being the culprit. My 2015 MacBook Pro was gifted to me when I left Elasticsearch and had in fact discovered an MDM. I contacted my previous employer and they claim to have removed it. But it still is acting as if they hadn’t. I cannot reset this MacBook. I’ve spent hundred on external hard drives to transfer or back up my data but every time it just freezes and so I’m unable to do so. I can see in my console
On the Mac that it’s talking to my phone even though they have different Apple ids assigned and all sharing options are turned off. My MacBook had been taken to Apple for diagnostic checks and they did in fact confirm an MDM.

I’ll turn on the MacBook and try to see what I can pull in the meantime here are some screenshots


One showing assigned DNS along with IPv6 pulled just directly from my device. Not any network tool.

Second being the list of Bonjour services active on my network. I understand the Spotify as this comes from my smart thermostat and I haven’t figure out
How to remove it. Why anyone would
Run Spotify from there thermostat is beyond me but it is and this brings some vulnerabilities. What I don’t know is what is “what’s up._tcp” And what is raop if AirPlay is configures
I dug up a screenshot of when it’s weird on my phone. This is from March 8th and connected thru Wifi, As you can see from the top of picture.
 

Attachments

  • BDD30F49-78AC-4158-8F02-DB575D19A460.png
    BDD30F49-78AC-4158-8F02-DB575D19A460.png
    119.6 KB · Views: 213
Can you explain double Nat’ed briefly or provide a link that explains?

If you look at this Wikipedia page, you'll find a link to an article, which has this beautiful picture (by Chris Grundemann):

TheNAT444Model1.jpg

For now, ignore the stuff labeled IPv6. Imagine we're not talking about cellular, but rather your home WiFi network. Imagine the little box labeled "Dual Stack CPE" is your Xfinity router. It's doing the usual NAT (network address translation) job. You have your private address on your private network, one side of the router. On the other side of the router you have what you think is your public IP address. BUT NO. That's another private address on your ISP's private network. The ISP has their own router, labeled "CGN/LSN Box" doing the usual NAT stuff for them.

In the case of cellular traffic, that "Dual Stack CPE" device is not in your house; it's in some facility owned by your provider.

An example then... Traffic leaving your cell phone says it comes from your cell phone's IP address, which might be 10.113.198.112 (in one screenshot you provided). The first router alters it, changing the packets so they say they from 100.64.xyz.abc (that router's address). The second router alters it, changing the packets so they say they are from 166.198.34.55. That 166.198.34.55 is the outside IP address of the "CGN/LSN Box". By the way, that's the router that has the open ports on it that you're worried about. That's the box that you're probing with Scany. But that outside router has hundreds (more?) of cell phones sending packets through it at the same time. It's far-fetched to imagine that incoming traffic to the open ports on that router would find their way to your phone. Even if you had some rogue software on your phone that opened ports, that would not trigger that outside router to open corresponding ports.

That's the double NAT I was talking about. That's the reason you don't have to care about those open IPv4 ports.

The yellow IPv6 cloud (the other "stack") is a different matter. The IPv6 address of your cell phone is directly in that cloud and reachable from everywhere on the internet. I'd be very surprised if there were listening ports (opened by your phone) at your IPv6 address. You seem to be in such a panic state that you might really want to prove that so you can stop worrying about it. I'm happy to help if you really want to spend time on that. You are seeing monsters everywhere, so I'm sympathetic. I need my family to talk me down when I get that way. :)
 
My sincere apologies. It seems that parts log my posts have been removed and one posted without me approving it or
Hitting done. So let me try to read thru your last couple of posts since we moved on to Wi-Fi. As that post had an entire post before that and it sounded somewhat ditzy of me to move on without wrapping up the current topics. This is an example
Of the shenanigans I’m dealing with. They have taken over my keyboard at times and anything I typed look like Alphabet soup that has a stuttering problem. 🤬

Apologies again. If it seems that my responses stop making sense be forewarned that is what is happening and it is not me
It makes sense to move on to WiFi; so many more tools are available since you probably have a computer on the same network.

I just want to reach closure on two small things related to your cellular and the testing you've done related to it.

-- about open ports --

I did say you don't have to worry about open IPv4 ports since you're double NAT'd. However, your IPv6 address is a public address and reachable from the internet. If you're still worried about open ports, you could check that address. Unfortunately Scany doesn't seem to support IPv6. Net Analyzer Pro does and seems generally to be a much more powerful tool than Scany. But, I think the best way to probe your device is to do it from a different device; your Mac would be ideal since you could run nmap. whatismyip.com from you phone, when on cellular only only, would tell you your cellular IPv6 address. Then you could probe it from your Mac. I don't think this is a very important exercise, but I can assist if you want to try and want my help.

I did probe my phone's IPv6 address. It didn't respond to pings and all ports ignored incoming requests. However, nmap was able to detect my device was up and it correctly guessed that it was either a Mac or iPhone.

-- about traceroute --

Net Analyzer Pro can do traceroutes. But, most importantly, it has a toggle for the traceroute that lets you use UDP probing. UDP probing is the default when running traceroute on the Mac. I tested Net Analyzer Pro traceroute to your IP address. Without UDP on, I got the same result as Scany. With UDP on, I got the same result as I got on my Mac. If I were you, I would switch from Scany to Net Analyzer Pro for traceroutes, port scanning, and other stuff.
Can you explain double Nat’ed briefly or provide a link that explains?

I’m going to open the MacBook my older one and look up the couple of things you suggested. Because I did purchase an all new one around Xmas I did the initial setup etc. I left it on Wi-Fi and fell asleep one night and when I looked at it the following morning there were tell tale signs something wasn’t right. Since I had no data on it I just decided to reset to default. I input my AppleID and it required the two factor number sent to my phone but I never received it. Tried to get in 3 times but never would receive my two factor Apple ID number. I got extremely upset and didn’t touch the thing for a couple months. Until about two weeks ago except now my password I set up on the thing even with my hint is not working and I had written it down. Either I have major Gremlins or the universe just doesn’t want me to use my new laptop. And after spending $2k on the damn thing.

One of the general consensus is relating to an MDM being the culprit. My 2015 MacBook Pro was gifted to me when I left Elasticsearch and had in fact discovered an MDM. I contacted my previous employer and they claim to have removed it. But it still is acting as if they hadn’t. I cannot reset this MacBook. I’ve spent hundred on external hard drives to transfer or back up my data but every time it just freezes and so I’m unable to do so. I can see in my console
On the Mac that it’s talking to my phone even though they have different Apple ids assigned and all sharing options are turned off. My MacBook had been taken to Apple for diagnostic checks and they did in fact confirm an MDM.

I’ll turn on the MacBook and try to see what I can pull in the meantime here are some screenshots


One showing assigned DNS along with IPv6 pulled just directly from my device. Not any network tool.

Second being the list of Bonjour services active on my network. I understand the Spotify as this comes from my smart thermostat and I haven’t figure out
How to remove it. Why anyone would
Run Spotify from there thermostat is beyond me but it is and this brings some vulnerabilities. What I don’t know is what is “what’s up._tcp” And what is raop if AirPlay is configures be
 
You have no idea how this is all I’ve ever asked and the responses are just so insensitive

There was only one response that seemed insensitive, borderline reprehensible. I think you haven't had a lot of supportive responses because you've provided so much information. It's hard to figure out where to begin or to figure out what parts of your analysis are even pertinent to the problems your having.
 
So the question is let’s say it’s you in this position, where would you start to try to resolve this?

If I were in your position, with your level of expertise, I would hire a consultant to sort it out. I would give them access to my equipment: router, computers, phones, and any other devices on my network. They would have to witness some of the problems I was having. They would like then classify the problems. I could image a classification like 80% user error or misunderstanding, 10% bugs or equipment failure (e.g. bad keyboard), and 10% left to really investigate. Getting to that 10% by myself, if I was in such a constant state of panic, would be impossible.

I'm happy to continue helping, but I don't think you're going to get to the bottom of it in a forum thread.
 
  • Like
Reactions: Slix
Ok I got it. Well like I said that right now everything seems to be working normal. And thank you for explaining things. Maybe the monster under the bed got bored and ran off. Or they achieved their goal and it’s all over. It’s been quiet like this before and then a it all fell apart. But I’m not one to look a gift horse in the mouth. And I definitely don’t want to waist yours or my time.

If you do have time I’d like To send you some screenshots and see what you think if it’s just a caching issue on my router or what.

On my Xfinity gateway you see what my settings are. But in the case when things go awry I have witnessed these things occurring and I’m sure there may be some explanation so here goes.

When I connect to my gateway I can see my phone and then what appears to be a second device connect simultaneously however listing the MAC # as Device and then it uses a new Mac and lists that as the Hostname. Now I paused this secondary device on my gateway as I do not know what it is. However in doing so my phone is then On pause and barely was able to unpause and then my phone could connect.

A. Why is my phone showing as two
Devices on my gateway? Issuing itself a random Mac and calling itself Host.

B what does anyone know about Port 62078 listed as iphone elite and my fiancés phone is syncing to this port more often than not. While the rest of the devices connect to port 49152, 53, etc...

I don't have a google account and Id rather not open up the can of worms to get one because its just too invasive for my taste

I understand it may seem like Im looking for Monsters everywhere but I think I know the problem but I can't prove it... and I don't know how its happening or if its on purpose or by accident because some people don't understand the implications of there actions....
 
Oh boy, a brand new topic.

Definitely get someone to come to your house and figure out what's going on. Show them what's wrong and let them figure out what's relevant. There really aren't monsters everywhere, but lots of stuff you'd like to learn.

BTW, my weekend is drawing to a close. I don't think I've gotten anywhere except to tell you to stop worrying about a few specific things. As I'm getting back to work tomorrow, I'll have to bow out for while.
 
  • Like
Reactions: Slix
So here me out and tell me if I'm way off base...... This whole mess only started a few months after I met my fiancé and had never happened before then and the only true constant through all of this is him....

He is an avid YouTube fan and watches YouTube videos regularly... typically its all trucks, RC's, and boating...

my take on this mess is a combination of malware, adware, bugs, and my fiancé... And this is where I believe my delayed messages and emails go.. somehow I believe he is intercepting these and then releasing when he's done reviewing them. I believe this to be true because one. of the first things I had discovered with an apple tech on the phone was a hidden rule on my iCloud settings that had my emails forwarded to him iCloud address.. Of course he denied. now he knew he couldn't do that again so I had discovered some time later my communications forwarded to his MS OneDrive account.. He also has something in his google account called iOS AccountManager. He has a couple older android phones and this I believe is where the misconfigured Hostname and duplicate device on my gateway derive from.. My browser history will be scattered through his browser history as if he has logged into something and pulled my browser history... he will get. very uncomfortable when Im online doing research about this matter.. When my phone had been jailbroken in the very beginning I don't think he counted on me discovering such thing..

there are things on his browser history he claims are not him and is of the mindset "deny, deny, deny" He is an experienced Electrician, an avid RC Hobbyist, and has installed many low voltage systems in both commercial and residential customers..

I can't express the frustration of knowing and understanding something but being unable to prove without a doubt what's happening.. I have said time and time again that the odds of what he claims not to be him and yet it doent happen to my stuff... He is somewhat obsessed with these devices you can install in your vehicle so you can watch tv in your car...

I just bought him a Ram TRX 2023 and I just got myself a 2020 BMW X6 Competition during the holidays. I just want to prove its what I think it is Or get proof that its some 3rd party hack.. I can't for some reason update the software in my car, he has connected his truck to the home network. I had discovered a device with a SIM card on a previous car.

and see every time I thwart one way he manages to find another way in.. Ive had external drives wiped clean, and most of that is someone being nosey and not understanding when you see "do you want to format this to be compatible" or whatever that it will erase everything
There was only one response that seemed insensitive, borderline reprehensible. I think you haven't had a lot of supportive responses because you've provided so much information. It's hard to figure out where to begin or to figure out what parts of your analysis are even pertinent to the problems your having.
on this forum, I started out on Reddit and then Quora... and I get a lot of confirmation that something is definitely wrong but no way to make it stop... I am not panicking these days... I was a few years ago but things have calmed down quite a bit and only starts to ramp up every once in a while... And like Said I believe I know what the problem is but most people don't want to get involved in the scenario so Ive just started piece milling my findings rather than present the entire problem its been more effective to tackle it symptom by symptom....

It has been my biggest hurdle as like you mention its a combination of user, bug, and symptom.. Most days I can stand back and see the separation of these things... but I do admit when emotions play into it it becomes muddled to see through the background noise.


Like you Im exhausted.. next time my network or device is behaving in the way it has I will post back here and if you happen to come across my post maybe you can help me understand what I'm seeing and how to protect myself from it? anytime I do any lengthy investigation into this matter things magically behave normally..

thank you for spending the time you have and sticking through my barrage of questions..

S
if you can direct me how to go about doing so and find someone that can be trusted I would oh

I would like nothing more than to hire a consultant to help me get this explained for once and for all...

I can see that my sentences are getting moved around and so its time to stop wasting your time and mine and sign off for now..
 
So here me out and tell me if I'm way off base...... This whole mess only started a few months after I met my fiancé and had never happened before then and the only true constant through all of this is him....

He is an avid YouTube fan and watches YouTube videos regularly... typically its all trucks, RC's, and boating...

my take on this mess is a combination of malware, adware, bugs, and my fiancé... And this is where I believe my delayed messages and emails go.. somehow I believe he is intercepting these and then releasing when he's done reviewing them. I believe this to be true because one. of the first things I had discovered with an apple tech on the phone was a hidden rule on my iCloud settings that had my emails forwarded to him iCloud address.. Of course he denied. now he knew he couldn't do that again so I had discovered some time later my communications forwarded to his MS OneDrive account.. He also has something in his google account called iOS AccountManager. He has a couple older android phones and this I believe is where the misconfigured Hostname and duplicate device on my gateway derive from.. My browser history will be scattered through his browser history as if he has logged into something and pulled my browser history... he will get. very uncomfortable when Im online doing research about this matter.. When my phone had been jailbroken in the very beginning I don't think he counted on me discovering such thing..

there are things on his browser history he claims are not him and is of the mindset "deny, deny, deny" He is an experienced Electrician, an avid RC Hobbyist, and has installed many low voltage systems in both commercial and residential customers..

I can't express the frustration of knowing and understanding something but being unable to prove without a doubt what's happening.. I have said time and time again that the odds of what he claims not to be him and yet it doent happen to my stuff... He is somewhat obsessed with these devices you can install in your vehicle so you can watch tv in your car...

I just bought him a Ram TRX 2023 and I just got myself a 2020 BMW X6 Competition during the holidays. I just want to prove its what I think it is Or get proof that its some 3rd party hack.. I can't for some reason update the software in my car, he has connected his truck to the home network. I had discovered a device with a SIM card on a previous car.

and see every time I thwart one way he manages to find another way in.. Ive had external drives wiped clean, and most of that is someone being nosey and not understanding when you see "do you want to format this to be compatible" or whatever that it will erase everything

on this forum, I started out on Reddit and then Quora... and I get a lot of confirmation that something is definitely wrong but no way to make it stop... I am not panicking these days... I was a few years ago but things have calmed down quite a bit and only starts to ramp up every once in a while... And like Said I believe I know what the problem is but most people don't want to get involved in the scenario so Ive just started piece milling my findings rather than present the entire problem its been more effective to tackle it symptom by symptom....

It has been my biggest hurdle as like you mention its a combination of user, bug, and symptom.. Most days I can stand back and see the separation of these things... but I do admit when emotions play into it it becomes muddled to see through the background noise.


Like you Im exhausted.. next time my network or device is behaving in the way it has I will post back here and if you happen to come across my post maybe you can help me understand what I'm seeing and how to protect myself from it? anytime I do any lengthy investigation into this matter things magically behave normally..

thank you for spending the time you have and sticking through my barrage of questions..

S
if you can direct me how to go about doing so and find someone that can be trusted I would oh

I would like nothing more than to hire a consultant to help me get this explained for once and for all...

I can see that my sentences are getting moved around and so its time to stop wasting your time and mine and sign off for now..
I admittedly skimmed a lot of this topic because other people were chiming in and I just now saw it. But to me, this post sounds like you need to get a lawyer and/or someone else you trust to look into this fiancé of yours and the actions he may be taking toward you and your data and devices. He seems like he's blatantly lying to you and tracking what you do online and not being truthful about any of it. Setting up email forwarding, account management, and other things without your permission is not ok.
 
Hey not sure if anyone else may still be able
To see this post. But I’ve learned a couple things about my situation and best I can gather is I keep chasing one problem when the problem is not just one. (Make any sense?)

Anyhow, this part of the whole thing had me stumped and I addressed it a bit ago but I kinda let it to the wayside because it seemed far fetched. That and it keeps hiding itself.

So the answer lies somewhere in my loopback & localhost. There is an interface on my routing table anpi0 and I couldn’t find any data on this. It’s got a Private MAC assigned to it that doesn’t match any private MAC of mine. I learned via Quora that this is a special interface that is configured by the user but can have some thing to do with USB configuration. Sound about right?

I was able to see that this interface has my loopback 127.0.0.1 as its designated domain IP. If I dig further it shows up as localhost.

Thing is this interface isn’t always busy. And this isn’t the only suspicious interface on my routing table. For some reason some
Of these interfaces appear to start cloning if I do any scans.

I’m currently using my phone in Lockdown mode which im not thoroughly convinced it helps but none the less. I contacted the “high tech crime division” of my Police department only to be told I need to call another number and so here I am again. The problem is getting worse again and while jury is still out on if it’s someone at home. Like I said multiple things happening.

After last I posted this I had discovered two phone numbers on my cell phone account that do not belong to neither of us. At the time
Of discovery they were syncing to my cell phone. However now they appear to be connected to my car. Which pisses me off because my car (BMW X6M Comp) is my baby!! Now my car doesn’t recognize this to be happening. And this is an issue I’m taking up with BMW so don’t worry im
Not asking anyone here. But it’s just more
Proof someone is stalking me but WHY?? And WHO???

So I’m looking for referral to a reputable forensic cybersecurity firm, or person that I can contact and they can just take all my tech and analyze away. Does anyone know who do people contact for help with these problem? There has to be some source for people to call for help. Given this stuff is happening more and more I just don’t know what to do next?
 
So the answer lies somewhere in my loopback & localhost. There is an interface on my routing table anpi0 and I couldn’t find any data on this.

I have anpi0 with a mac address. Stop looking at networking. You are out of your depth on that topic and are finding problems where there are none.

So I’m looking for referral to a reputable forensic cybersecurity firm, or person that I can contact and they can just take all my tech and analyze away. Does anyone know who do people contact for help with these problem? There has to be some source for people to call for help. Given this stuff is happening more and more I just don’t know what to do next?

Good. Spend all your time on looking for someone to help you with the technical stuff. Completely stop wasting your time trying to do it yourself. Unfortunately I've not researched such companies. Do a web search and start calling the companies you find.
 
  • Like
Reactions: Slix
Hey not sure if anyone else may still be able
To see this post. But I’ve learned a couple things about my situation and best I can gather is I keep chasing one problem when the problem is not just one. (Make any sense?)

Anyhow, this part of the whole thing had me stumped and I addressed it a bit ago but I kinda let it to the wayside because it seemed far fetched. That and it keeps hiding itself.

So the answer lies somewhere in my loopback & localhost. There is an interface on my routing table anpi0 and I couldn’t find any data on this. It’s got a Private MAC assigned to it that doesn’t match any private MAC of mine. I learned via Quora that this is a special interface that is configured by the user but can have some thing to do with USB configuration. Sound about right?

I was able to see that this interface has my loopback 127.0.0.1 as its designated domain IP. If I dig further it shows up as localhost.

Thing is this interface isn’t always busy. And this isn’t the only suspicious interface on my routing table. For some reason some
Of these interfaces appear to start cloning if I do any scans.

I’m currently using my phone in Lockdown mode which im not thoroughly convinced it helps but none the less. I contacted the “high tech crime division” of my Police department only to be told I need to call another number and so here I am again. The problem is getting worse again and while jury is still out on if it’s someone at home. Like I said multiple things happening.

After last I posted this I had discovered two phone numbers on my cell phone account that do not belong to neither of us. At the time
Of discovery they were syncing to my cell phone. However now they appear to be connected to my car. Which pisses me off because my car (BMW X6M Comp) is my baby!! Now my car doesn’t recognize this to be happening. And this is an issue I’m taking up with BMW so don’t worry im
Not asking anyone here. But it’s just more
Proof someone is stalking me but WHY?? And WHO???

So I’m looking for referral to a reputable forensic cybersecurity firm, or person that I can contact and they can just take all my tech and analyze away. Does anyone know who do people contact for help with these problem? There has to be some source for people to call for help. Given this stuff is happening more and more I just don’t know what to do next?
Hello!!!!!!
Oh my god!
I have met someone who is having the exact same issue as me!
I stumbled across this thread doing the very thing you have been doing for years!
I have learned so much from this very thread alone and nearly burst into tears that someone is actually experiencing this mental torture, as I have been for years, except with far less technical experience.
Much in the same boat, ISP, Apple, hired consultants have not been able to assist me get to the bottom of this but have refereed me to legal and the police.
The Federal Agency, leading cyber safety passed me back to local police who then had no recommendations on who I could contact to help.
May we link up offline regarding this if possible?
I feel so sorry for you, as getting stonewalled constantly, having Apple leave you helpless, lawyers even are not comfortable representing this matter because of the grey areas and the many undefined laws there are around these issues, not to mention the sheer exhaustion from getting new numbers, losing days upon days resetting devices, not having banking (I have just done two months without a digital identity), and still having these issues after 10 brand new devices and new networks later.
It’s destroying my soul, but this by far has been the most positive thing that’s happened to me - is finding this thread.
I also think that whilst the experts may find this frustrating to deal with, Particularly in an online setting, the attempts to problem solve have been helpful for my knowledge- so thank you!
This is very real!!!! And leaves everyone I’ve spoken to scratching their heads and the others that are convinced I’m bonkers, paranoid and obsessed, which I won’t lie!!! Has done this to me also, Yes! But, from a privacy standpoint it’s crushing, not to mention mind boggling to constantly keep getting dead ends.
 
So I’m looking for referral to a reputable forensic cybersecurity firm, or person that I can contact and they can just take all my tech and analyze away. Does anyone know who do people contact for help with these problem? There has to be some source for people to call for help. Given this stuff is happening more and more I just don’t know what to do next?
You might try https://www.sophos.com
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.