DDoS via DNS at a Large Enterprise
October 19, 2023
“Bis, your video froze (again)”, “your voice is jittery” … These were frequent comments I had to endure from my colleagues during our on-line meetings which became ubiquitous when the Covid-19 pandemic disrupted our lives. I doubled the bandwidth from my ISP… but to no avail. I bought myself a new Macbook… but its performance continued to be sluggish. Finally, today, after over a year using my “new” Macbook, I installed in it xTend, an end-point monitoring agent which has been developed and just launched by my company (Ennetix) and which literally provides “a look under the hood”. xTend’s unprecedented visibility into what’s going on in my computer enabled me to identify some crappy processes running continuously; and by getting rid of them, I could improve the responsiveness of my computer. I elaborate below.
What is xTend?
xTend Personal Edition for Mac is a program that displays real-time, behind-the-scenes activity on a user’s Mac. It reveals the programs being executed, identifies the organizations that created them, and details on which programs are connecting to specific destinations. Unlike Apple’s Activity Monitor, xTend offers several advantages. It shows short-lived programs, captures details about programs including arguments and environment variables, and provides actual network connection details. An enterprise edition of xTend is also available.
xTend’s Visibility into my Macbook
Upon launching xTend, I saw new “AppleCameraAssistant” processes being created continuously every second (see Fig. 1(a) which is a snapshot from xTend’s GUI). A web search showed that many people have reported problems with “AppleCameraAssistant flooding the log files”. There seemed to be no specific solution, and the offending apps could be the ones that use the Apple camera on Macbook. So, I switched to xTend’s view of “Teams” (or app providers) (see Fig. 1(b)).
Now, I first got rid of GoToMeeting (provided by LogMeln, Inc. (GFNFVT632V)), an app I have not used in ages. But the problem didn’t go away. My next target was to get rid of Skype for Business (provided by AL798K98FX). Now, the generation of the “AppleCameraAssistant” processes stopped! (See xTend’s Processes and Teams views in Figs. 2(a) and 2(b)).
Conclusion
I notice that my Macbook’s performance has improved. And xTend’s visibility into my Macbook is showing various other activities that are going on such as Sophos (anti-virus software) waking up periodically and doing stuff. Some of these might be legit and are there to protect my machine. But other activities might be useless and unnecessarily showing down my machine. Heck, some of these processes might be trying to steal stuff or trying to cause harm to my machine.
But I now have the xTend tool to provide me a “look under the hood” to see and try to understand what is going on in my computer. I am starting to like xTend, and I hope you will as well. (FYI, xTend is available for Mac, Windows, and Linux machines.)
For further information, please contact bis@ennetix.com or info@ennetix.com.
(a) xTend Processes (note: a new AppleCameraAssistant process is being created every second).
(b) xTend Teams (turns out that Skype for Business was the offending app).
Figure 1: Before Cleanup (my Macbook was sluggish).
(a) xTend processes after getting rid of the offending app (no more AppleCameraAssistant processes).
(b) xTend Teams after getting rid of the offending app.
Figure 2: After Cleanup (my Macbook is more responsive now).
