Funny Apple Traffic? - TechRepublic
Question
October 13, 2010 at 09:09 AM
robo_dev

Funny Apple Traffic?

by robo_dev . Updated 15 years, 8 months ago

In my firewall logs I am seeing some weird traffic.

It would appear that a user’s Apple iTunes is getting very chatty with the mothership.

What I see is three times a second, an inbound packet from:

commnat-cohort.gc.apple.com

remote port 16387 local port 64536

Since this is happening three times a second, it’s filling up my logs….

And my Firewall is alerting on this….saying it’s a UDP port scan (!)

2010-10-13T12:03:27-04:00 fw,fwmon src=17.155.5.237 dst=xxx.xxx.xxx.xxx ipprot=17 sport=16387 dport=54070 UDP Port Scan Detected

Since I am not logging everything that’s going outbound, this traffic is most likely a response to a desktop running iTunes.

I verified the IP address belongs to Apple, so it’s legit traffic.

I know the version of iTunes was recently updated….is this a new feature ‘phoning home’? (Ironically, could it be their new PING feature?)

I may add a firewall rule to explicitly block this traffic, but anybody know why Apple iTunes is doing this?

This discussion is locked

All Comments