Mac Hacked? "a computer with IP address 128.130.244.179 tried to establish an incoming connection to kernel"

macos network

There's nothing there that indicates being "hacked."

Too often, folks see connections or random behavior and immediately assume this is a hacking attempt. It's not.

This could be any number of legitimate connection attempts especially given that the IP in question isn't flagged as coming from a known hacking IP, one of the many rogue countries (like China) or from a remote, anonymous proxy.

Now, you shouldn't be getting connections like this directly to the kernel especially if you are behind a firewall. However, if your Mac sends a request out and creates a "state" on your firewall, it can connect back - making this entirely legitimate.

  • Ensure you're behind a proper firewall
  • Turn on the firewall on the Mac
  • Log outgoing connections in Little Snitch to correlate traffic

Bottom line...a single connection is not enough to determine anything. You need to see this in context and you need to see the actual traffic that's incoming. If you're not using firewalls, your very first action is to get behind one and/or turn it on.

Related

Access permissions for command file created with bash
Where are my server credentials stored?
Is there a low level website blocker for OSX? [duplicate]
MacOS Cannot format to APFS [duplicate]
Am I setting up routes and DNS for a private network properly?
Why does my iPhone have too many photos in a smart album after syncing from my Mac?
Some of the keys on my keyboard are not working
Find my Phone as a shortcut
Alternative Notification System for Macos || Program or CLI to Display Image/Emblem/Icon at corner of screen (no text or box)
How do I know when server "runs at speed limit"?
lftp not removing remote files for me
Installing Team Foundation Server on a shared database instance