Re: [Fed-Talk] UDP Port 111
Re: [Fed-Talk] UDP Port 111
- Subject: Re: [Fed-Talk] UDP Port 111
- From: "Michael Pike" <email@hidden>
- Date: Tue, 25 Mar 2008 11:07:12 -0600
Check out UDP port 626.... then try to close it at the firewall level and watch the magic that OS X server performs for you involuntarily.
You cannot block UDP 626. If you do, serialnumberd will graciously force it back open without telling you, and unless you know how to check a console log, would be none the wiser.
serialnumberd runs as ROOT... seen straight from ps aux:
root 134 0.0 0.1 76452 1036 ?? Ss 2:07PM 0:01.06 /usr/sbin/serialnumberd
Pretty scary.... if ISSO's get word of this OS X server will be pretty difficult to get on the network. Analysis of what serialnumberd does is also alarming. I won't go into specifics here, but it's alarming.. but even more alarming is the backdoor it opens despite firewall rules placed in OS X.
Any ideas on how to close this? Apple?
Mike
On Thu, Mar 13, 2008 at 9:55 AM, Michael <
email@hidden> wrote:
On Mar 13, 2008, at 10:20 AM, Michael wrote:
> Is anyone aware of why a machine upgraded to OSX 10.5.2 would be
> probing all machines on local networks on UDP port 111.
>
> I know very well what UDP port 111 is normally used for, I just have
> not seen an OS X machine actively probing that port and it seems
> rather selective about the range of machine it is probing--selective
> in the sense it's seems to be only machines it has seen recently,
> not selective about operating system.
This seems to be automountd, most have seen how OS X 10.5 auto
identifies any Apple File Sharing machines on the local network. I
guess 10.5 can also auto identify any NFS servers on the network.
Anyone know how to turn that off? The scanning lit up a co-worker's
machine.
I blocked outgoing UDP port 111 in my custom ipfw firewall.
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (
email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to
email@hidden
--
"If they will come to America they will learn to speak English, for if I was to go to Canada I would learn to speak Canadian." - George W. Bush, 2006 - Immigration Reform
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden