Funny Apple Traffic?

By robo_dev ·
In my firewall logs I am seeing some weird traffic.

It would appear that a user's Apple iTunes is getting very chatty with the mothership.

What I see is three times a second, an inbound packet from:

remote port 16387 local port 64536

Since this is happening three times a second, it's filling up my logs....

And my Firewall is alerting on this....saying it's a UDP port scan (!)

2010-10-13T12:03:27-04:00 fw,fwmon src= ipprot=17 sport=16387 dport=54070 UDP Port Scan Detected

Since I am not logging everything that's going outbound, this traffic is most likely a response to a desktop running iTunes.

I verified the IP address belongs to Apple, so it's legit traffic.

I know the version of iTunes was recently this a new feature 'phoning home'? (Ironically, could it be their new PING feature?)

I may add a firewall rule to explicitly block this traffic, but anybody know why Apple iTunes is doing this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

To answer my own question: It's an iPhone iOS 4.1 issue

by robo_dev In reply to Funny Apple Traffic?

There's a new app called GameCenter that's baked into the iPhone version 4.1 OS (you cannot remove it from the device).

Even though I don't use the app, it's 'phoning home' on my network, and creating what looks like a UDP port scan as Apple's servers respond to my iphone.

The fix? Go into Settings > General> Restrictions on the iPhone, scroll down to the very last option 'Game Center'. Change the 'Multi Player Games' option to 'OFF'.

As soon as I did that, the logs of my firewall stopped getting hammered with UDP port-scan warnings.

Related Discussions

Related Forums