So, Little Snitch, which you need to buy, understand, and use, picked up a late-night habit of reporting attempts to connect to Backups.backupdb. Â It bothered me. I did some digging. I was late to the party because my ISP had made a change I hadn’t noticed.
Apparently, for reasons unknown (to me anyway), Time Machine goes looking for a thing called ‘Backups.backupdb’ via sun.rpc and will seek this as if it were a host in the mythical top level domain .backupsdb even when Time Machine is turned off.
The reason Little Snitch reports an attempt to connect to an actual host is because some weasel at my ISP decided that hijacking my typos of domain names in browsers etc. was a revenue opportunity. To them, my typo was a great excuse to run a search and show me the results on a page full of ads instead of just returning NXDOMAIN and letting my browser say “I can’t find the host you typed you fumblefingered fathead’ like it should.
Because, they want to show me ads, any domain, even non-existent domains, ‘resolve’ and a web server spams me with the aforementioned ‘help’ fixing my typo with search results that could be useful for what they think I meant to type alongside a bunch of ads to cover the cost of being so nice to me. SunRPC having been told that yes, somebody is out there listening, proceeds, presumably, to try and shovel my files off to it for safe keeping. Little Snitch asks me and I say “Deny”. Â Noticed something here? Little Snitch’s job is to tell you when anything initiates a connection you didn’t explicitly ask for and get permission. Think software might be phoning home? Little Snitch will catch it. Think you have a trojan? Little Snitch will catch it.
How did I end up with this non (sub) standard DNS? I didn’t choose to use OpenDNS because I don’t need yet another intermediary in my life and I don’t need content filtering. Â My ISP decided to make DNS a revenue opportunity. The fix, such as it is, seems to be working. I now use the IP’s of the real name servers at my ISP and not the ones run by these ‘moenitizers‘ .
So, conclusions:
- Get Little Snitch.
- Check to see if your ISP is ‘helping you out’ by returning search results when you typo a domain. Not a file location but the domain name. (The stuff that goes between the http:// and the next /)
- Complain to them about the ‘help’
- Find out how to access their real domain name servers and not the ones they are using to show you ads.
- Poke at Apple to make Time Machine be actually off when you turn it off.
- Poke at Apple and try and get an answer for why, on or off, users don’t have a readily available control to say “don’t go to the network”.
- Read these links and learn more about this.
Wired story about what Dan Kaminsky found by way of a security hole you could drive a bus through with this sort of ‘helpful service’.
An Advisory from the ICANN Security and Stability Advisory Committee (SSAC) July 2004
An Advisory from the ICANN Security and Stability Advisory Committee (SSAC) June 2008
This Blog Post from Mac Lab
This thread on Macintouch
Schneier on Security – Hacking ISP Error Pages
Finally, tell me if you learn more about this issue, I and others would like to know.
Oh, and Apple? More granular control of Time Machine, even if buried under an ‘Advanced Options’ button or something would be very nice. K’ Thanks Bye!
