Re: [Fed-Talk] UDP Port 111
Re: [Fed-Talk] UDP Port 111
- Subject: Re: [Fed-Talk] UDP Port 111
- From: Peter Link <email@hidden>
- Date: Tue, 25 Mar 2008 10:17:27 -0700
Title: Re: [Fed-Talk] UDP Port 111
This is a known problem, see
http://forums.macosxhints.com/showthread.php?t=60499 for history and
short-term solution.
At 11:07 AM -0600 3/25/08, Michael Pike wrote:
Check out UDP port 626.... then try to
close it at the firewall level and watch the magic that OS X server
performs for you involuntarily.
You cannot block UDP 626. If you
do, serialnumberd will graciously force it back open without telling
you, and unless you know how to check a console log, would be none the
wiser.
serialnumberd runs as ROOT... seen
straight from ps aux:
root
134 0.0 0.1 76452
1036 ?? Ss 2:07PM
0:01.06 /usr/sbin/serialnumberd
Pretty scary.... if ISSO's get word of
this OS X server will be pretty difficult to get on the network.
Analysis of what serialnumberd does is also alarming. I
won't go into specifics here, but it's alarming.. but even more
alarming is the backdoor it opens despite firewall rules placed in OS
X.
Any ideas on how to close this?
Apple?
Mike
On Thu, Mar 13, 2008 at 9:55 AM, Michael
<email@hidden> wrote:
On Mar 13, 2008, at 10:20 AM, Michael wrote:
> Is anyone aware of why a machine upgraded to OSX 10.5.2 would
be
> probing all machines on local networks on UDP port 111.
>
> I know very well what UDP port 111 is normally used for, I just
have
> not seen an OS X machine actively probing that port and it
seems
> rather selective about the range of machine it is
probing--selective
> in the sense it's seems to be only machines it has seen
recently,
> not selective about operating system.
This seems to be automountd, most have seen how OS X 10.5
auto
identifies any Apple File Sharing machines on the local network.
I
guess 10.5 can also auto identify any NFS servers on the network.
Anyone know how to turn that off? The scanning lit up a
co-worker's
machine.
I blocked outgoing UDP port 111 in my custom ipfw firewall.
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
.com
This email sent to email@hidden
--
"If they will come to America they will learn to speak English,
for if I was to go to Canada I would learn to speak Canadian." -
George W. Bush, 2006 - Immigration Reform
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list
(email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden