Question

Locked

Funny Apple Traffic?

By robo_dev ·
In my firewall logs I am seeing some weird traffic.

It would appear that a user's Apple iTunes is getting very chatty with the mothership.

What I see is three times a second, an inbound packet from:

commnat-cohort.gc.apple.com

remote port 16387 local port 64536

Since this is happening three times a second, it's filling up my logs....

And my Firewall is alerting on this....saying it's a UDP port scan (!)

2010-10-13T12:03:27-04:00 fw,fwmon src=17.155.5.237 dst=xxx.xxx.xxx.xxx ipprot=17 sport=16387 dport=54070 UDP Port Scan Detected


Since I am not logging everything that's going outbound, this traffic is most likely a response to a desktop running iTunes.

I verified the IP address belongs to Apple, so it's legit traffic.

I know the version of iTunes was recently updated....is this a new feature 'phoning home'? (Ironically, could it be their new PING feature?)

I may add a firewall rule to explicitly block this traffic, but anybody know why Apple iTunes is doing this?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

To answer my own question: It's an iPhone iOS 4.1 issue

by robo_dev In reply to Funny Apple Traffic?

There's a new app called GameCenter that's baked into the iPhone version 4.1 OS (you cannot remove it from the device).

Even though I don't use the app, it's 'phoning home' on my network, and creating what looks like a UDP port scan as Apple's servers respond to my iphone.

The fix? Go into Settings > General> Restrictions on the iPhone, scroll down to the very last option 'Game Center'. Change the 'Multi Player Games' option to 'OFF'.

As soon as I did that, the logs of my firewall stopped getting hammered with UDP port-scan warnings.

Back to Software Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums