Automountd trying to connect to Backups.backupdb

I do very much appreciate all your hard work on this subject, but something still isn’t right. My time machine backup is on a permanent internal drive which is always mounted and accessible, so time machine should have no trouble finding it and hence no need to look for “outside help”. Furthermore, when I deny the connection I get no error message. I have seen a few time machine errors in my day, so I know it’s not afraid to tell me that it can’t backup my data. I will try to get to the bottom of this as soon as possible.

This is spooky: if I understand this right, if some unscrupulous bastard at my ISP actually configures DNS to offer an NFS share, he will end up with my full backups to read and enjoy. Oh joy!

Thank you very much for this article. Funny, I woke up this morning to find the same Little Snitch message.

I found your web page by googling “automountd”

Anyway, I find it strange that automountd was having a problem. First I don’t have Time Machine set for auto backups, and my TM drive was connected to my Mac all through the night.

I ended up denying (until quit) access in Little Snitch. I was curious to see if it affected the backup next time I manually used Time Machine, and it appeared to have no affect at all.

And I will also add the “exceptions” to Open DNS

Thanks again for your helpful article!

Has anyone complained to Apple or has it been resolved?

Hi guys, last night I had the some problem automountd tryed to connect to Backups.backupdb which never happend before.

Fortunatelly I blocked it with little snitch until quit but this morney when I boot up my Mac I had the some message which this time I denyed it for ever on any connection!

I realize that this occured with 2 coincidence.

1. yesterday I set up OpenDNS for the first time
2. I received a spam email with a suspect virus/spyware attachement.

What is relevant to the above is that I have disabled and never used Time Machine since I installed Leopard ages ago, even manually!

I beleive that this issue has to do with the spam email I received in conbination of setting up open DNS.

I am going to investigate futher. Please watch out.
gC

Alright, as I’m just using Little Snitch now and have seen the same error. It seems that the automountd was parsing my /etc/hosts file for whatever reason (and being where I am with lousy DNS servers, it’s an extensive file now) and every item listed in the hosts file was queried for permission to open an RPC connection on port 111.

This appears to be very much an Apple design, but I don’t know what for. If it was for NFS shares, then let Apple look at an autofs file somewhere, not /etc/hosts.

I don’t even have Time Machine turned on at all (it’s big switch in the control panel is set to off), so I found it interesting (and annoying) when little snitch popped up.

I denied it Forever in little snitch, because the last thing I want is unnecessary network traffic for some service I don’t know anything about. I guess I’ll have to see if doing so affects anything, but I don’t automount any file systems, so I doubt it.

I hate it when Apple does this kind of stuff with no explanation.

Thanks for this web page tho. It gave me a starting point, as I knew it wasn’t just something on my machine making crazy requests.

yeah, i woke up to this stuff. i dont have backup turned on.

my large external fw800 drive was off through.

what an odd creepy program.

thankfully i got the snitchster. hater program denied!

Timing or what, same here - woke up to the same message.

I’ll see if I can get an answer from Apple and get back to this thread.

hm, i even haven’t got a time machine backup configured, but still got this connection request…?!

Just got it today as well. About 6 minutes ago even. Time Machine has never been on, and I don’t have an external drive at all. Strange for this to come up. Sadly i allowed it before investigating further. Since reading this, I have deleted the rule.

hhaha yes i have to agree with donster on this one. little snitch ftw!
my solution: leave the firewire drive plugged in and DENY automountd on 111.

I’ve seen this pop up a few times. I have TM hooked up via ethernet and do my backups manually, so there’s absolutely no reason for my system to search for TM on its own. Have denied the connection permanently…will update if anything relevant happens.

I still get this LS request and I also have TM turned off. I’m using the latest system (10.5.8) so I guess, if this is an Apple problem, they haven’t fixed it.

Has anyone found an answer to: Is it malware? or TM problem.

I had it today after switching off my camera while it was connected via USB. Just if it helps someone…

I have a full-time, externally connected drive for time machine. Little snitch flagged the same attempted connection. I was too busy, so took a screen shot of the warning then denied it and am glad that I did.

Anyone know what sunrpc is?

Bill, It’s call to a DNS server. Usually the you use. I’ve researched the web and according to what I’ve found is that Time Machine is looking for its backup database and when it doesn’t find it, it ask the system to find it and the system can’t find it, it goes looking through DNS as if it was a domain. Even though I and others too don’t have TM enabled, it still happens. Many say it’s because your ISP is hijacking the 404, but I think it’s more than that and local to Leopard. No one seems to have an good answer to why Leopard is allowing an outside connection when no TM is setup. I’m still hoping to find out.

I believe this is a real security risk if someone hijacked your DNS server and then waited for this to happen to sent back malicious code. Deny it forever in Little Snitch and keep asking why.

Damn! I just got it too. thanks for the save little snitch. And I’m glad there are people with the same problem I wouldn’t have known what to do if this page wasn’t here probably would have allowed it.

Scary!!!!! Just saw this Remote Procedure Call and all I can say is it needs to be fixed! We are a very small subset of individuals who have noticed this. What if I was to name a server backups, then bought the domain backupdb.com? I could then go to ZoneEdit and map backups.backupdb.com to what ever I wanted. It might have already started. I did a domain search at godaddy and came up with one set of info, then a whois there also using the full potential hijack server name backups.backupdb.com and got the info below. To keep this short you can pull up who owns the domain. It’s the fact that when I put in the extra backups in front of the domain backupdb.com that I get different info that I don’t understand, Like I said scary since it was looking for a place to backup to and there it is.

WHOIS Underlying Registry Data:

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: BACKUPSDB.COM
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: NS10.DNSMADEEASY.COM
Name Server: NS11.DNSMADEEASY.COM
Name Server: NS14.DNSMADEEASY.COM
Name Server: NS15.DNSMADEEASY.COM
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 10-aug-2009
Creation Date: 28-jun-2009
Expiration Date: 28-jun-2010

Add me to the list of people with this problem.

One solution would be to let this process do what it’s doing, but to block all traffic using port 111 at your gateway. Blocking traffic at the gateway is always a good ultimate line of defense.

Just woke to my own LS warning.
Not using TM at all. Did have my Camera hooked but off all night.
It says, “Established by: user/libexec/automountd
I searched for “libexec” And found multiples in my Developer folder.
I do some dev for iphone, osx 10.5.8 apps and Screensavers via Developer tools. Not sure if this is anything but still.
Process ID was 19432 but that is not in my Activity monitor.

“Solutions:… Leave your USB/firewire Time Machine backup drive attached to your Mac so that automountd can find it without having to ask DNS.”

I’m with Tesseract — my backup volume is connected, available, and TM has been using it, so I can’t fathom why my Mac OS is sneaking out to the internet to get a little something-something that it could easily get at home.

@ Macs R We,

As some of the other comments above have revealed, Time Machine is not the only process that requires the services of automountd. So if you are not using TM then it is likely another process that is initiating automountd.

Actually, according to http://theprimepixel.com/list-of-mac-osx-common-processes …

“automount - Automatically Mounts/Unmounts Network Filesystems based on information provided by AutoFS.”

“autofsd - Runs in the background and waits for network filesystem requests or configuration changes, and when such an event occurs, launches automount to update the mount points.”

So the real culprit might actually be autofsd, not automountd. When this occurs again, it might be worth launching Console to see what autofsd was actually after when it launched automountd.

Cheers!

running 10.5.7
got the same message from the snitchster.
at around 3am saturday morning jan 30.

never did run time machine. it’s completely off.
but i do have developer tools installed.

I got this message, too…right after updating to latest Little Snitch; the prior version of Snitch had mysteriously started ‘quitting unexpectedly’ at odd times, but only when I was connected to the Internet. That was spooky. The update to Snitch 2.2.1 seems to have fixed that issue, and as a bonus, enabled Snitch to discover the Automountd attempt, for the very first time.

Also spooky is the additional info in the Snitch window…”User ID 0 root”. To an average non-Unix-wise user like me, it sounds as if my ‘root’ user appears to be trying to do things while I’m actually logged in under my normal admin account.

Thank you LS, for Mac first line defense! And THANK YOU, all poster and supporters of this link!
I have searched in vain for LS equiv. on Windows XP or 7. I love the new PC hardware, and price…
but getting a Windows system is like renting instead of buying, and finding out the landlord is still advertising your address as open house .

LS is doors, latches, and locks, and soundproofing.

Liinks like this are peepholes and keys. I now feel secure again.
Thank you ALL.
Hope you find the metaphor more useful than the space it takes…
Reb

Reb: Pretty much any 3rd party Windows filrewall will do what LittleSnitch does and more. I recommend Comodo.

FWIW, I have a brand new Mac Pro running Snow Leopard 10.6.4. Little Snitch has been reporting this (and I’ve been denying until quit) for the past couiple of days. I don’t see how it can possibly have anything to do with Time Machine…well, unless the “OFF” switch in the Time Machine preferences pane is broken.

It has been over two years since the original blog entry on this “feature” of OS X. It still happens in Snow Leopard. Either Time Machine is very badly broken, or there is something else behind all this.

> Either Time Machine is very badly broken, or…

I doubt that.

A DNS provider might gives a false result e.g. as shown at
http://pastebin.ca/1933873 — and less likely, there may be a world-writeable NFS share at the IP address that’s given by the provider — but Time Machine will not backup to that volume unless:

a) you explicitly ask Time Machine to use the volume

or

b) the person sharing knows the cookie that is normally associated with your backup volume. That’s extremely unlikely.

also just got this message, so yep, still active. don’t have tm activated and don’t have any external drive connected, although adopted this macpro from a friend so it might be looking for something that used to be there.

it’s definitely frustrating that after two years there’s no more enlightening information about this.

I’ve just added the OpenDns settings to my network and I’m now getting this problem for the first time - must have something to do with them

interesting stuff, i might search for more information about this, thanks a lot friend.http://www.detetizar.com