Is it possible the AirPort Extreme base station isn’t catching all the malicious traffic bound for my home network? I just opened Console to check on an issue I was having with lookupd, but I was distracted when the ipfw.log firewall log file popped up with quite a lot of blocked attempts.
How many? Try 7831 over a two-hour span. Clearly a distributed denial-of-service (dDOS) attack, all 7800+ of these log entries were bound for ports 32787, 32788, and 32789, from 713 different source IP addresses. Thankfully, the Mac OS X software firewall denied all those requests. But it leads me to wonder: Why did the AEBS let them through anyway?
I checked my port forwarding rules, and there’s nothing there that would specifically allow TCP traffic through on these ports. I have exactly one port range forwarded and it’s thousands away from these three ports, which are used, the best I can uncover, for “sometimes an RPC port”.
Can anyone with a stronger networking background help me out here? Is this a vulnerability in the AirPort Extreme, or should those ports be open for a reason that has no clear documentation?
{"source":"https:\/\/gigaom.com\/2007\/10\/04\/a-chink-in-the-airport-armor\/wijax\/49e8740702c6da9341d50357217fb629","varname":"wijax_90cdc554c9337b2a0ab9b3d6d8c8b4ce","title_element":"header","title_class":"widget-title","title_before":"%3Cheader%20class%3D%22widget-title%22%3E","title_after":"%3C%2Fheader%3E"}