I hope I can get some help with a rather strange problem on my late 2013 MacBookPro running Yosemite 10.10.1
Up until 3 days ago, I could ssh into my server without any problems. I then updated to 10.10.1 and started to see some strange behaviour. At first I didn't notice, but it turns out I can not connect to remote ssh-boxes anymore. Local connections (including those via open-vpn tun-interface to a remote host) seem to work fine though.
Looking at a TCP dump when trying to connect to a box via internet revealed the following strange fact:
my.internal.ip.address.50596 > gl02.opentracker.net.ssh: Flags [S], cksum 0x7b7d (correct), seq 4179750266, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 958226379 ecr 0,sackOK,eol], length 0
Doing the same one an up-to-date Mavericks box shows no signs of "gl02.opentracker.net" address and everything works just as it should be.
Since I cannot find a way to prevent (or even change/turn off) this "feature" on my MacBookPro, I consider this to be HARMFUL and an unwanted intrusion / exploitation (go take a look at ww.opentracker.net – I do NOT want to be anal-yzed by those guys!!!).
So here are my questions:
- Why is my Mac trying to connect to "gl02.opentracker.net"?
- Where does this behavior come from?
- How can I turn this off?
- Is this a malicious attempt to break my security? (–> thinking "Root-Pipe" exploit I heard about)
- If so, where do I find people with proper digital-forensics knowledge and further information about this subject?
If you need more information regarding the configuration of my machine, please tell me which commands to run / config-files to provide to help track down this issue.
Thanks.
Best Answer
opentracker.netis a service provider that offers analytics. My guess is that your redirection happens when you are connected to a network provider that internally usesopentracker.net.I suggest you try again from another network provider.