Menu
What's new
By:
Filters Better Search

Dos Attack by Apple

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

U

ulaganath

Very Senior Member
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:06:26
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:05:11
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:03:55
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:02:40
[DoS Attack: ACK Scan] from source: 17.57.145.116, port 5223, Wednesday, March 31, 2021 03:01:25


ip: "17.57.145.116"

city: "Cupertino"

region: "California"

country: "US"

loc: "37.3230,-122.0322"

org: "AS714 Apple Inc."

postal: "95014"

timezone: "America/Los_Angeles"

asn: Object

asn: "AS714"

name: "Apple Inc."

domain: "apple.com"

route: "17.57.144.0/22"

type: "business"

company: Object

name: "Apple Inc."

domain: "apple.com"

type: "isp"

privacy: Object

vpn: false

proxy: false

tor: false

hosting: false

abuse: Object

address: "US, CA, Cupertino, MS 89-1DR, 1 Infinite Loop, 95014"

country: "US"

email: "abuse@apple.com"

name: "Apple Abuse"

network: "17.0.0.0/8"

phone: "+1-408-974-7777"

domains: Object

total: 0

domains: Array


Why is apple servers scanning my network. Is this has to do any with icloud application as i dont have any other service up and running other than icloud storage.
 
Hmm interesting. Thanks for the link.
 
dave14305 said:
Apple uses port 5223 for push notifications and iCloud DAV Services (Contacts, Calendars, Bookmarks), Push Notifications, FaceTime, iMessage, Game Center, Photo Stream.

Reference:

TCP and UDP ports used by Apple software products - Apple Support

Learn about TCP and UDP ports used by Apple products such as macOS, and iCloud. Many of these are well-known, industry-standard ports.
support.apple.com support.apple.com
Click to expand...
I know it is a long shot a I should open a new thread really. I am trying to identify what is blocking push notification to Android devices on my Asus Merlin router.
Any suggestions how can I trouble shoot this? Feels that they are blocked somewhere as they do come back when switch over to 4G.
 
@Slawek P From what I've read Google push notifications use TCP port 5228. Do you have any firewall/ad-blocking on the router that might be blocking that port or Google sites in general?

This post from 2014 suggested that setting the TCP timeout too low on the router could cause the problem. Looking at my Android devices on the network I don't see the behaviour he describes. My router's "TCP Timeout: Established" is set to 2400 (40 minutes) after which it reestablishes the connection.
 
Thanks. Really, really useful. Yes I have everything Skynet, AiProtection, Asus ip6 firewall on, unbound wirh adblocking. Thinking of clean reinstall of all to see what is causing it. TCP time out is changed by unbound_manager as part of perf optimisation. Do not think it is adblocker or ip6tables after playing with settings today. Maybe AiProtection as I only added it recently...
 
I only see TCP connections outbound to 5223 and 5228 in FlexQoS, never inbound. DoS protection is enabled. I searched for DoS from syslog messages going back two years and no matches.
 
I have a device which connects to Google on 5228. It connects over an IPv6 address. I am not sure which of the possible blocking softwares support IPv6. If I suspected Skynet, I would run "grep OUTBOUND /tmp/mnt/ent/skynet/skynet.log"
 
Thanks - I had a 10-day fibre outage from BT! Luckily it has been restored on Monday, so I managed to resolve my issue of lack of Android notifications. Trying all combinations one by one I managed to identify that unbound_manager safe search feature was causing it. I have now disabled it and back to normal. @Martineau you might be interested in this finding.
 
Slawek P said:
Thanks - I had a 10-day fibre outage from BT! Luckily it has been restored on Monday, so I managed to resolve my issue of lack of Android notifications. Trying all combinations one by one I managed to identify that unbound_manager safe search feature was causing it. I have now disabled it and back to normal. @Martineau you might be interested in this finding.
Click to expand...
Perhaps you could move this as an appropriately tagged post into the addons thread?
 
You must log in or register to reply here.

Similar threads

romanstardust
Categorizing messages in Netgear Log Emails
Replies
5
Views
1K
romanstardust
romanstardust

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 820 (members: 28, guests: 792)
Top