A chink in the AirPort armor?


Is it possible the AirPort Extreme base station isn’t catching all the malicious traffic bound for my home network? I just opened Console to check on an issue I was having with lookupd, but I was distracted when the ipfw.log firewall log file popped up with quite a lot of blocked attempts.

How many? Try 7831 over a two-hour span. Clearly a distributed denial-of-service (dDOS) attack, all 7800+ of these log entries were bound for ports 32787, 32788, and 32789, from 713 different source IP addresses. Thankfully, the Mac OS X software firewall denied all those requests. But it leads me to wonder: Why did the AEBS let them through anyway?

I checked my port forwarding rules, and there’s nothing there that would specifically allow TCP traffic through on these ports. I have exactly one port range forwarded and it’s thousands away from these three ports, which are used, the best I can uncover, for “sometimes an RPC port”.

Can anyone with a stronger networking background help me out here? Is this a vulnerability in the AirPort Extreme, or should those ports be open for a reason that has no clear documentation?

Comments are closed.