I have a laptop running Mac OS 10.12.3 (Sierra) and noticed the laptop trying to make outbound connections to unknown private IP addresses. Using a combination of netstat, lsof, and Little Snitch I found my the outgoing network SYN requests were coming from a process called java.org.tanukisoftware.wrapper.WrapperSimpleApp and destined for the following addresses:
10.20.4.50 TCP port 44818 (rockwell-encap)
10.20.4.55 TCP port 44818 (rockwell-encap)
10.20.8.100 TCP port 1234 (Infoseek Search Agent but also tied to known malicious backdoors)
www.inductiveautomation.com TCP port 80 (http)
This process is running as root and tied to the system process id for java. I saw the name come up under another thread related to running a gateway on Mac OS X, but I have never installed gateway software on this mac. I’ve only executed the client or designer via the .jnlp files.
Any insight into where this may be coming from or how to stop it, especially since it occurs when Ignition isn’t even running would be much appreciated.