Is Apple port scanning me?

Question

Is Apple port scanning me?

networking

I have logcheck configured to send me daily reports of system log anomalies, and expect to see endless port scans and cracking attempts from all over the world. However, for the last week or so, I've been getting entries like below, always with the same source address…which belongs to apple.com.

Feb  7 12:32:56 zero kernel: Shorewall:logflags:DROP:IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=17.10.13.204 DST=XX.XX.XX.XX LEN=50 TOS=0x00 PREC=0x00 TTL=51 ID=100 PROTO=TCP SPT=48696 DPT=80 WINDOW=32767 RES=0x00 URGP=0

Feb  7 12:32:56 zero kernel: Shorewall:logflags:DROP:IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=17.10.13.204 DST=XX.XX.XX.XX LEN=50 TOS=0x00 PREC=0x00 TTL=52 ID=100 PROTO=TCP SPT=48640 DPT=80 WINDOW=32767 RES=0x00 URGP=0

Feb  7 12:32:56 zero kernel: Shorewall:logflags:DROP:IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=17.10.13.204 DST=XX.XX.XX.XX LEN=50 TOS=0x00 PREC=0x00 TTL=51 ID=100 PROTO=TCP SPT=48696 DPT=80 WINDOW=32767 RES=0x00 URGP=0

The destination port is always 80. Of course I can blacklist this IP, but I'm curious as to what is going on here. Any ideas?

2 Replies

forum:Guspaz · Answer 1 · Feb. 8, 2011, 10:59 a.m.

forum:Guspaz 13 years, 2 months ago

If they only ever hit one port, it's by definition not a port scan…

forum:mnordhoff · Answer 2 · Feb. 8, 2011, 11:05 a.m.

forum:mnordhoff 13 years, 2 months ago

Maybe it's a really slow one! They try one port per week.

Compute

Storage

Databases

Networking

Developer Tools

Delivery

Security

Services

Industries

Pricing

Community

Engage With Us

Is Apple port scanning me?

2 Replies

Reply

Tips: