User profile for user: noobDNA
noobDNA Author
User level: Level 1
23 points

Security & Privacy



Title: Unauthorized Access Attempts from IPs Linked to FreeBit Co., Ltd. – Need Apple Security Advice


Body:


Hi everyone,


I’m posting here because my reports to FreeBit Co., Ltd. (a Japanese ISP) were disregarded and redirected as a job application rejection (no joke). I’m not applying for a position — I’m reporting a serious network security incident.


Here’s the situation:


On May 21st, 2025 (JST), I detected multiple unauthorized access attempts targeting my private Apple-based home network.


The suspicious IP addresses were:



  • 220.150.24.***


  • 43.244.1.**

  • → Both are registered to FreeBit Co., Ltd., according to WHOIS data.


Observed behaviors include:



  • MAC address spoofing attempts


  • Frequent disassociation/reassociation patterns


  • Broadcast deauthentication (ff:ff:ff:ff:ff:ff)


  • Suspicious IPv6 packets from ffff::10.0.1.2


  • Log entries tied to pcscd and unknown Ethernet authentication

All logs, timestamps, MACs, and device IDs are retained.


This may indicate a misconfigured or compromised FreeBit user, or worse, internal abuse.


I am using Apple AirPort routers + macOS devices (Mojave and earlier).


Does anyone know if these kinds of attacks are common in Apple Wi-Fi environments?


Any advice on mitigation or escalation (aside from JPNIC, which has been notified) would be welcome.


Sincerely,

Mark


(Network Administrator – BLACKPEARL Infrastructure / NoobDNA Project)


[Edited by Moderator]

iPad Pro, iPadOS 18

Posted on May 21, 2025 07:01 PM

Reply

Similar questions

1 reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
141,071 points

May 21, 2025 07:44 PM in response to noobDNA

I’ll assume this posting is related: https://noobdna.blogspot.com/2025/05/rockn-rollunbreakable.html


Also assuming this is related: What should I do about persistent unautho… - Apple Community


That’s all well outside of what assistance can be provided around here.


From what is posted in these three places, this looks rather like the usual and unremarkable internet chatter, as well. As was mentioned in your earlier thread on this topic (linked above), “the background hum of the internet”. Nothing particularly unusual, that is. And this is somehow seemingly conflating local Wi-Fi activity (including association and deassociation), and the usual remote network probes and shenanigans arriving via the ISP link (and blocked by the firewall), which are rather separate activities under normal circumstances.


Given your obvious focus on internet security and monitoring, I’m surprised you haven’t upgraded the network hardware in use here. An upgrade would include more recent Wi-Fi networking gear capable of WPA3, as was suggested earlier, and probably also an upgrade to a more modern firewall, among other features. Not that I see anything particularly notable with the reported network traffic.


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Security & Privacy

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up