Little Snitch on my laptop just caught an unusual connection attempt – /usr/sbin/rpcbind tries to connect to 216.218.206.83 (scan-06d.shadowserver.org). This looks suspicious to me as it has never happened before. How can I check why this happened? Are there any logs or command line utilities that can point me to the origin of this request?
macOS Sierra 10.12.1 (16B2555)
Best Answer
So the answer is - no, my laptop wasn't compromised. Little Snitch blocked a scan attempt from Open Portmapper Scanning Project - it appeared that that rpcbind (a.k.a portmapper service) on my laptop is openly accessible from the Internet. I solved this issue by blocking all incoming connections for /usr/sbin/rpcbind (System Preferences > Security & Privacy > Firewall > Firewall Options, press +, find /usr/sbin/rpcbind, select "Block incoming connections").
Thanks @Tetsujin for pointing me into the right direction.