Stay on Top of Enterprise Technology Trends
Get updates impacting your industry from our GigaOm Research Community
Is it possible the AirPort Extreme base station isn’t catching all the malicious traffic bound for my home network? I just opened Console to check on an issue I was having with lookupd, but I was distracted when the ipfw.log firewall log file popped up with quite a lot of blocked attempts.
How many? Try 7831 over a two-hour span. Clearly a distributed denial-of-service (dDOS) attack, all 7800+ of these log entries were bound for ports 32787, 32788, and 32789, from 713 different source IP addresses. Thankfully, the Mac OS X software firewall denied all those requests. But it leads me to wonder: Why did the AEBS let them through anyway?
I checked my port forwarding rules, and there’s nothing there that would specifically allow TCP traffic through on these ports. I have exactly one port range forwarded and it’s thousands away from these three ports, which are used, the best I can uncover, for “sometimes an RPC port”.
Can anyone with a stronger networking background help me out here? Is this a vulnerability in the AirPort Extreme, or should those ports be open for a reason that has no clear documentation?