This is a known problem, see
http://forums.macosxhints.com/showthread.php?t=60499 for history and
short-term solution.
At 11:07 AM -0600 3/25/08, Michael Pike wrote:
Check out UDP port 626.... then try to close it at the firewall
level and
watch the magic that OS X server performs for you involuntarily.
You cannot block UDP 626. If you do, serialnumberd will graciously
force
it back open without telling you, and unless you know how to check
a console
log, would be none the wiser.
serialnumberd runs as ROOT... seen straight from ps aux:
root 134 0.0 0.1 76452 1036 ?? Ss 2:07PM
0:01.06/usr/sbin/serialnumberd
Pretty scary.... if ISSO's get word of this OS X server will be
pretty
difficult to get on the network. Analysis of what serialnumberd
does is
also alarming. I won't go into specifics here, but it's alarming..
but even
more alarming is the backdoor it opens despite firewall rules
placed in OS
X.
Any ideas on how to close this? Apple?
Mike
On Thu, Mar 13, 2008 at 9:55 AM, Michael <email@hidden> wrote:
On Mar 13, 2008, at 10:20 AM, Michael wrote:
Is anyone aware of why a machine upgraded to OSX 10.5.2 would be
probing all machines on local networks on UDP port 111.
I know very well what UDP port 111 is normally used for, I just have
not seen an OS X machine actively probing that port and it seems
rather selective about the range of machine it is probing--selective
in the sense it's seems to be only machines it has seen recently,
not selective about operating system.
This seems to be automountd, most have seen how OS X 10.5 auto
identifies any Apple File Sharing machines on the local network. I
guess 10.5 can also auto identify any NFS servers on the network.
Anyone know how to turn that off? The scanning lit up a co-worker's
machine.
I blocked outgoing UDP port 111 in my custom ipfw firewall.
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
"If they will come to America they will learn to speak English, for
if I
was to go to Canada I would learn to speak Canadian." - George W.
Bush, 2006
- Immigration Reform
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden