Symantec Endpoint Protection reported that there are attacks from my TimeMachine with Attack Name:
OS X Apple File Print Remote BO
The attack happens at least twice a week. From Symantec documentation, it only happens in old Mac OS X only (Mac OS X 10.3 or below). Is this a false alarm?
Versions:
- Mac OS X Sierra 10.12.3 (iMac 21.5-inch, Late 2013 model)
- Symantec Endpoint Protection for Mac 12.1.6 (12.1 RU6 MU6) build 7061 (12.1.7061.6600)
- Virus and Spyware Protection Definitions: Friday, 17 March 2017 r8
- Network Threat Protection Definitions: Thursday, 16 March 2017 r001
Best Answer
It's not necessarily a false alarm - the endpoint protection application is just looking for a packet that's addressed to a certain port and formed a certain way.
192.168.200.248 is a Time Machine device, so it very well could just be talking in a way that the EP program doesn't like, but it is possible, albeit very unlikely, that the time machine is compromised being used by an attacker as a foothold into your network. Are you getting any other alerts? If not, I think you can write this off as nonsense. Especially given the age of the vulnerability.
(Network security is great for ramping up your paranoia...)
In any case, even if you didn't have the endpoint protection, it's not a danger to you. This bug was fixed back in 2004 - no system from the last decade is even vulnerable to it.