In my firewall logs I am seeing some weird traffic.
It would appear that a user’s Apple iTunes is getting very chatty with the mothership.
What I see is three times a second, an inbound packet from:
commnat-cohort.gc.apple.com
remote port 16387 local port 64536
Since this is happening three times a second, it’s filling up my logs….
And my Firewall is alerting on this….saying it’s a UDP port scan (!)
2010-10-13T12:03:27-04:00 fw,fwmon src=17.155.5.237 dst=xxx.xxx.xxx.xxx ipprot=17 sport=16387 dport=54070 UDP Port Scan Detected
Since I am not logging everything that’s going outbound, this traffic is most likely a response to a desktop running iTunes.
I verified the IP address belongs to Apple, so it’s legit traffic.
I know the version of iTunes was recently updated….is this a new feature ‘phoning home’? (Ironically, could it be their new PING feature?)
I may add a firewall rule to explicitly block this traffic, but anybody know why Apple iTunes is doing this?