Dos Attack by Apple

ulaganath

Very Senior Member
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:06:26
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:05:11
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:03:55
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:02:40
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:01:25


ip: "17.57.145.116"

city: "Cupertino"

region: "California"

country: "US"

loc: "37.3230,-122.0322"

org: "AS714 Apple Inc."

postal: "95014"

timezone: "America/Los_Angeles"

asn: Object

asn: "AS714"

name: "Apple Inc."

domain: "apple.com"

route: "17.57.144.0/22"

type: "business"

company: Object

name: "Apple Inc."

domain: "apple.com"

type: "isp"

privacy: Object

vpn: false

proxy: false

tor: false

hosting: false

abuse: Object

address: "US, CA, Cupertino, MS 89-1DR, 1 Infinite Loop, 95014"

country: "US"

email: "[email protected]"

name: "Apple Abuse"

network: "17.0.0.0/8"

phone: "+1-408-974-7777"

domains: Object

total: 0

domains: Array


Why is apple servers scanning my network. Is this has to do any with icloud application as i dont have any other service up and running other than icloud storage.
 

dave14305

Part of the Furniture
Apple uses port 5223 for push notifications and iCloud DAV Services (Contacts, Calendars, Bookmarks), Push Notifications, FaceTime, iMessage, Game Center, Photo Stream.

Reference:
 

ulaganath

Very Senior Member
Hmm interesting. Thanks for the link.
 

Slawek P

Senior Member
Apple uses port 5223 for push notifications and iCloud DAV Services (Contacts, Calendars, Bookmarks), Push Notifications, FaceTime, iMessage, Game Center, Photo Stream.

Reference:
I know it is a long shot a I should open a new thread really. I am trying to identify what is blocking push notification to Android devices on my Asus Merlin router.
Any suggestions how can I trouble shoot this? Feels that they are blocked somewhere as they do come back when switch over to 4G.
 

ColinTaylor

Part of the Furniture
@Slawek P From what I've read Google push notifications use TCP port 5228. Do you have any firewall/ad-blocking on the router that might be blocking that port or Google sites in general?

This post from 2014 suggested that setting the TCP timeout too low on the router could cause the problem. Looking at my Android devices on the network I don't see the behaviour he describes. My router's "TCP Timeout: Established" is set to 2400 (40 minutes) after which it reestablishes the connection.
 

Slawek P

Senior Member
Thanks. Really, really useful. Yes I have everything Skynet, AiProtection, Asus ip6 firewall on, unbound wirh adblocking. Thinking of clean reinstall of all to see what is causing it. TCP time out is changed by unbound_manager as part of perf optimisation. Do not think it is adblocker or ip6tables after playing with settings today. Maybe AiProtection as I only added it recently...
 

EmeraldDeer

Very Senior Member
I only see TCP connections outbound to 5223 and 5228 in FlexQoS, never inbound. DoS protection is enabled. I searched for DoS from syslog messages going back two years and no matches.
 

EmeraldDeer

Very Senior Member
I have a device which connects to Google on 5228. It connects over an IPv6 address. I am not sure which of the possible blocking softwares support IPv6. If I suspected Skynet, I would run "grep OUTBOUND /tmp/mnt/ent/skynet/skynet.log"
 

Slawek P

Senior Member
Thanks - I had a 10-day fibre outage from BT! Luckily it has been restored on Monday, so I managed to resolve my issue of lack of Android notifications. Trying all combinations one by one I managed to identify that unbound_manager safe search feature was causing it. I have now disabled it and back to normal. @Martineau you might be interested in this finding.
 

Martineau

Part of the Furniture
Thanks - I had a 10-day fibre outage from BT! Luckily it has been restored on Monday, so I managed to resolve my issue of lack of Android notifications. Trying all combinations one by one I managed to identify that unbound_manager safe search feature was causing it. I have now disabled it and back to normal. @Martineau you might be interested in this finding.
Perhaps you could move this as an appropriately tagged post into the addons thread?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top