Excessive incoming traffic

Similar Messages

• Excessive ICMP traffic on server

  Hello,
  I am experiencing excessive ICMP traffic on all my Netware 6.5 SP6
  servers. This ICMP traffic originates at the server; not from a
  workstation. Tried to search KB but no luck. I want to know if any
  netware products rely on ICMP communication and if I can disable ICMP at
  the server console. Currently we have ACLs on all core switches denying
  ICMP traffic. However, all the traffic on the network itself is causing
  congestion.
  To give you an idea of the problem, this AM I tried to download a 1MB file
  from a remote site and it took an ave. of 5 min. I then, powered off the
  NW server, checked the logs on core switch, ICMP traffic literally
  disappeared, and tried the same download again; this time only taking 40
  sec.
  Please help! This is affecting my network drastically!!!

  There are different scenarios in which ICMP packets copuld be generated.
  You should really capture the ICMP packets to see what is really going on.
  Some possible cases are:
  - ICMP packets used for costing (e.g. determinining the distance of other
  servers to see which server might be the best to talk to)
  - ICMP replies in case of error conditions (can't fragmnet and no such
  protocol replies)
  while filtering ICMP traffic in itself is a good idea, blankly turning it
  off completely is generally a very bad idea as some communications really
  need ICMP and perform badly without out (for instance MTU detection will
  not work without ICMP)
  Marcel Cox (using XanaNews 1.18.1.6)

• WTR54GS Incoming Traffic

  I just got a WTR54GS. I am pretty happy with it. Nice little travel device. Will be very handy in hotels on the road. My goal is to firewall off my private network with the WTR54GS. This seems to work fine, except that if I look at the log I still see incoming traffic that is marked "allowed". I am not sure why that would be. I want to define that all ports on the device are closed to incoming traffic, or at least be able to define what that incoming traffic is and that it is "ok". Does anyone know how to block all incoming traffic, or if it is necessary, how I can figure out what this traffic is for? Here is a snip from the log of the device; [2000-01-01 00:38:30], From:[209.18.38.8] to port: [1880], [Allowed] [2000-01-01 00:38:03], From:[72.14.207.99] to port: [1983], [Allowed] [2000-01-01 00:38:03], From:[151.109.24.90] to port: [1404], [Allowed] [2000-01-01 00:38:03], From:[66.150.96.119] to port: [1982], [Allowed] [2000-01-01 00:38:03], From:[151.109.24.90] to port: [1403], [Allowed] [2000-01-01 00:36:50], From:[151.109.24.90] to port: [1025], [Allowed] [2000-01-01 00:36:41], From:[208.74.204.125] to port: [1979], [Allowed] [2000-01-01 00:36:40], From:[208.74.204.125] to port: [1978], [Allowed] [2000-01-01 00:36:40], From:[208.74.204.125] to port: [1977], [Allowed] [2000-01-01 00:36:30], From:[209.18.38.32] to port: [1849], [Allowed] [2000-01-01 00:36:20], From:[208.74.204.125] to port: [1976], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1975], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1974], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1972], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1973], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1971], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1970], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1969], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1968], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1967], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1966], [Allowed] [2000-01-01 00:36:19], From:[216.227.223.44] to port: [1965], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1964], [Allowed] [2000-01-01 00:36:19], From:[208.74.204.125] to port: [1963], [Allowed] [2000-01-01 00:36:18], From:[208.74.204.125] to port: [1962], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1961], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1960], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1959], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1958], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1957], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1956], [Allowed] [2000-01-01 00:36:08], From:[208.74.204.125] to port: [1955], [Allowed] [2000-01-01 00:36:07], From:[208.74.204.125] to port: [1954], [Allowed] [2000-01-01 00:36:07], From:[208.74.204.125] to port: [1953], [Allowed] [2000-01-01 00:36:07], From:[208.74.204.125] to port: [1952], [Allowed] [2000-01-01 00:36:05], From:[208.74.204.125] to port: [1951], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1950], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1949], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1948], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1947], [Allowed] [2000-01-01 00:36:04], From:[66.161.11.90] to port: [1867], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1946], [Allowed] [2000-01-01 00:36:04], From:[208.74.204.125] to port: [1945], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1944], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1943], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1942], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1941], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1940], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1939], [Allowed] [2000-01-01 00:36:03], From:[208.74.204.125] to port: [1938], [Allowed] [2000-01-01 00:36:02], From:[208.74.204.125] to port: [1937], [Allowed] [2000-01-01 00:36:02], From:[208.74.204.125] to port: [1936], [Allowed] [2000-01-01 00:36:01], From:[208.74.204.125] to port: [1935], [Allowed] [2000-01-01 00:35:45], From:[208.74.204.125] to port: [1933], [Allowed] [2000-01-01 00:35:44], From:[208.74.204.125] to port: [1932], [Allowed] [2000-01-01 00:35:43], From:[64.154.82.6] to port: [1883], [Allowed] [2000-01-01 00:35:32], From:[208.74.204.125] to port: [1931], [Allowed] [2000-01-01 00:35:28], From:[208.74.204.125] to port: [1930], [Allowed] [2000-01-01 00:35:28], From:[208.74.204.125] to port: [1930], [Allowed] [2000-01-01 00:35:12], From:[208.74.204.125] to port: [1929], [Allowed] [2000-01-01 00:35:12], From:[208.74.204.125] to port: [1928], [Allowed] [2000-01-01 00:35:00], From:[208.74.204.125] to port: [1927], [Allowed] [2000-01-01 00:35:00], From:[208.74.204.125] to port: [1926], [Allowed] [2000-01-01 00:35:00], From:[208.74.204.125] to port: [1925], [Allowed] [2000-01-01 00:35:00], From:[208.74.204.125] to port: [1924], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1923], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1922], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1921], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1920], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1919], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1918], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1917], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1916], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1915], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1914], [Allowed] [2000-01-01 00:34:59], From:[208.74.204.125] to port: [1913], [Allowed] [2000-01-01 00:34:58], From:[208.74.204.125] to port: [1912], [Allowed] [2000-01-01 00:34:58], From:[208.74.204.125] to port: [1911], [Allowed] [2000-01-01 00:34:57], From:[208.74.204.125] to port: [1910], [Allowed] [2000-01-01 00:34:54], From:[208.74.204.125] to port: [1908], [Allowed] [2000-01-01 00:34:53], From:[208.74.204.125] to port: [1907], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1906], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1905], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1904], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1903], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1902], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1901], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1900], [Allowed] [2000-01-01 00:34:50], From:[208.74.204.125] to port: [1899], [Allowed] [2000-01-01 00:34:49], From:[208.74.204.125] to port: [1898], [Allowed] [2000-01-01 00:34:49], From:[208.74.204.125] to port: [1897], [Allowed] [2000-01-01 00:34:49], From:[208.74.204.125] to port: [1896], [Allowed] [2000-01-01 00:34:49], From:[208.74.204.125] to port: [1895], [Allowed] [2000-01-01 00:34:42], From:[208.74.204.125] to port: [1894], [Allowed] [2000-01-01 00:34:42], From:[208.74.204.125] to port: [1893], [Allowed] [2000-01-01 00:34:40], From:[208.74.204.125] to port: [1892], [Allowed] [2000-01-01 00:34:14], From:[72.14.207.104] to port: [1891], [Allowed] [2000-01-01 00:33:42], From:[72.14.207.104] to port: [1889], [Allowed] [2000-01-01 00:33:32], From:[206.190.50.59] to port: [1888], [Allowed] [2000-01-01 00:33:31], From:[209.191.86.75] to port: [1887], [Allowed] Thanks for any and all info, tips, hints, and general knowledge. -- garskof

  Thanks for the info. Yes, I know "what the boxes are" as in where they are on the network. What I do not know is why they are opening ports on the WTR54GS. I guess I should have been more specific. I do not have wireless enabled. I have a wired network in, and a wired network out to my laptop. I want to be able to protect my "private" intranet created by the WTR54GS by closing all ports, but it appears the device can not do that, which I find surprising. What am I missing? Why is this device accepting this traffic? What is it doing with the traffic? What is the traffic, what is its purpose? These are the questions I am trying to get my hands around. Any ideas anyone? Thanks -- garskof

• HSRP on SVI. How is incoming traffic affected?

  Let's say I have two distribution routers with SVI's using HSRP. Router 5 is the active router for the SVI for VLAN 5 and Router 6 is in standby (lower priority is set). Would incoming traffic be balanced between the two routers or all go through Router 5? I heard somewhere that only outbound traffic will go through the active router but with incoming traffic it could go to either SVI on the routers. Why is this so? This is the typical hierarchical model, core -> dist -> access.

  Hi,
  When you deploy HSRP your PCs etc normally use the
  the virtual IP adress as their default gateway.
  The virtual IP address is handeled by the ACTIVE router
  in your case Router 5.
  Router 6 will only become ACTIVE in the event of router 5 failing.
  If you want to look at load balancing you could use GLBP as you
  first hop router method.
  Here are a couuple of link to look at.
  http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic1
  http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4/fhp-12-4-book.html
  Regards
  Alex

• RV-082 Router Incoming traffic allow

  We are using Cisco Router RV-082
  We want to allow incoming traffic ONLY to our remote office on specific port. Is it possible to configure our router to allow only traffic from specific IP address?
  Please help me
  Thanks in advance!

  Hello,
  To accomplish what you are trying to do, you will need to create two inbound rules. One denying all traffic from all sources and another one allowing all traffic from the WAN port with the source IP as the IP you want to allow.
  Here is a document explaining how to create the access rules.
  http://sbkb.cisco.com/CiscoSB/ukp.aspx?vw=1&docid=214b9e138807474cba39cda82212f509_Adding_Deleting_an_IPv4_access_Rule.xml&pid=2&respid=0&snid=4&dispid=0&cpage=search
  I hope this helps.

• Block all incoming traffic and Active FTP

  Will setting the firewall to Block all incoming traffic break Active FTP Connections?
  The firewall will normally dynamically create exceptions for the Connection using the Application Layer Gateway, but will the profile override these?

  Hi TribleTrouble,
  Do you have any issue about FTP active mode?
  If the clients are part of your domain, push the FTP firewall rules via GPO to your clients allowing FTP inbound sockets
  netsh advfirewall firewall add rule name="File Transfer Program" protocol=TCP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
  netsh advfirewall firewall add rule name="File Transfer Program" protocol=UDP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
  For Windows 7, the entire networking stack was rewritten and several security measures were taken to further secure Windows.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Allow incoming traffic through iTunes?

  All of a sudden every time I open iTunes it asks if incoming traffic should be allowed. I checked my firewall settings and it is listed under allowed applications. Am I missing something? This start happening about a week ago.
  Thanks.

  When you installed 7.6 this started happening. The fix that I have found thanks to these forums, was to download itunes from the download site, not the software update. Once I reinstalled it stopped asking for deny/allow.

• Sun Cluster 3.2/Solaris 10 Excessive ICMP traffic

  Hi all,
  I have inherited a 2 node cluster with a 3510 san which I have upgraded to Cluster 3.2/Solaris 10. Apparently this was happening on Cluster 3.0/Solaris 8 as well.
  The real interfaces on the two nodes seem to be sending excessive pings to the default gateway it is connected to. The configuration of the network adapters are the same - 2 NIC's on each are grouped for multi-home and 2 NIC's configured as private for cluster heartbeats.
  The 2 NIC's that are grouped together on each of the servers are the cards generating the traffic.
  23:27:52.402377 192.168.200.216 > 192.168.200.1: icmp: echo request [ttl 1]
  23:27:52.402392 192.168.200.1 > 192.168.200.216: icmp: echo reply
  23:27:52.588793 192.168.200.217 > 192.168.200.1: icmp: echo request [ttl 1]
  23:27:52.588806 192.168.200.1 > 192.168.200.217: icmp: echo reply
  23:27:52.818690 192.168.200.215 > 192.168.200.1: icmp: echo request [ttl 1]
  23:27:52.818714 192.168.200.1 > 192.168.200.215: icmp: echo reply
  23:27:53.072442 192.168.200.214 > 192.168.200.1: icmp: echo request [ttl 1]
  23:27:53.072479 192.168.200.1 > 192.168.200.214: icmp: echo reply
  Here is the setup to one of the servers:
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  ce0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 2
  inet 192.168.200.214 netmask ffffff00 broadcast 192.168.200.255
  groupname prod
  ether 0:3:ba:43:f4:f4
  ce0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 192.168.200.212 netmask ffffff00 broadcast 192.168.200.255
  ce1: flags=1008843<UP,BROADCAST,RUNNING,MULTICAST,PRIVATE,IPv4> mtu 1500 index 5
  inet 172.16.0.129 netmask ffffff80 broadcast 172.16.0.255
  ether 0:3:ba:43:f4:f3
  qfe0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 3
  inet 192.168.200.216 netmask ffffff00 broadcast 192.168.200.255
  groupname prod
  ether 0:3:ba:34:95:4
  qfe1: flags=1008843<UP,BROADCAST,RUNNING,MULTICAST,PRIVATE,IPv4> mtu 1500 index 4
  inet 172.16.1.1 netmask ffffff80 broadcast 172.16.1.127
  ether 0:3:ba:34:95:5
  clprivnet0: flags=1009843<UP,BROADCAST,RUNNING,MULTICAST,MULTI_BCAST,PRIVATE,IPv4> mtu 1500 index 6
  inet 172.16.193.1 netmask ffffff00 broadcast 172.16.193.255
  ether 0:0:0:0:0:1
  Any suggestions on why the excessive traffic?

  I would guess these are the ipmp probes (man in.mpathd).
  You can start in.mpathd in debug mode to find out.
  HTH,
  jono

• Excess search traffic upon login

  Greetings,
  I've noticed recently that when any of my users logs in (all are now LDAP authenticated), the access log shows a LOT of searching going on during that transaction. For example, if I log into a host, the access log will show not only the transaction of verifying my uid, and my shadow info, but it seems to want to list ALL of the netgroups that my uid happens to belong to. The reason this is a problem is that each host (or group of type of hosts) has a specific netgroup associated with it, and my assumption is that after verifying my username/pw info, it would just look at the netgroup name in /etc/passwd and see if I'm a part of that netgroup, and if so, allow me in, and if not, deny me access. Instead, the entire list of netgroups that my username is a member of is run through before allowing me into the host.
  The reason this even became evident is that my access logs grow at rediculous rates. Fortunately I've configured logging and such to roll logs and delete them properly, but I really don't know why all of the other data is returned. It's not relevant to the host being logged into, and it occurs to me that it's a mild security problem since that traffic is visible over the network (I'm not using TLS at the moment) and shows the netgroups that I'm a member of (nevermind that I'm not sure how this would benefit an attacker).
  So, does anyone know how to cut this down? It seems like an awful waste of time/bandwidth, and also possibly a waste of connections and other resources on the directory server.
  TIA,
  Patrick

  Also, have you tried doing an 'ls -l' against a
  directory with files owned by different users? I had
  a test directory with 250 files, each owned by a
  different user. When using netgroup to define users
  (via @netgroup in /etc/passwd and compat in
  nsswitch.conf) the performance was terribly slow,
  possibly due to nested netgroups.Roger,
  If you enable passwd (and group, if you want) caching via nscd, you'll see that the performance for "ls -l" like you're describing above, will improve dramatically. I was experiencing the same problem, and I found that what was dragging it down was the uid->username (and possibly gid->group) translation. Once I enabled caching the performance immediately improved.
  I also noted that before enabling nscd for passwd and group that my slapd process on my primary DS server was soaking up between 80 and 100% cpu, and my server was being hammered by requests (the access log was logging >5MB/min). Once nscd was implemented the CPU went down dramatically (to <5%), and my access logs are loggging at about 1MB/min now (but that's due to the excess netgroup stuff, which is why I started this thread :P )
  Patrick

• Excess network traffic - what's causing it?

  I recently purchased a Mac Mini Server and today I reinstalled my server software to try to fix some permission problems.
  Anyway, I must have turned something on or off incorrectly because my network traffic suddenly started going through the roof for about six hours until the monthly cap with my ISP was exceeded and they slowed my connection.
  Any ideas what could be causing this excessive traffic?
  I am confident that it wasn't the result of any large downloads etc (18GB in 6 hrs!) and I can't help but feel it was just an incorrect setup somewhere.
  As you can probably tell, I'm all new to this server business so please excuse my naivety.
  A screen shot of my network activity graph is at http://idisk.mac.com/mtilley/Public/temp/Activity.png
  I turned the web service off before taking the screen shot but that was about 9:00 pm.

  That could well be it.
  Just checked the size of the downloads - 17.64 GB.
  Thanks cpragman for your much appreciated help.

• How do you log incoming traffic (SMTP) on a Cisco PIX 515E?

                     Hi Everyone,
       I have a good one for you guys. I'm new to ASA's and PIX units. I've setup a few VPN's now but know next to nothing about logging on these units. I read the config guide for the PIX, but cannot figure out how to get a log of incoming SMTP traffic going on the console. Any ideas? Do I need to use a SYSLOG server? I can probably set one up on my laptop... Any replies would be appreciated. Thanks!

  Hi,
  Naturally a long term solution for gathering this information would be to send logs to a separate Syslog server.
  On the syslog server you will have better tools to go through the logs than just looking at the log buffer on the CLI of the ASA/PIX or on the ASDM real time monitor.
  The very basic "logging" configuration would be
  logging on
  logging timestamp
  logging device-id hostname
  logging trap informational (or notifications)
  logging host
  This would include only the logs for syslog server.
  There are options to tweak the log output but the above is a pretty basic setting without any extra.
  With the above configuration (logging trap informational) you would get logs of every connection formed and every connection teardown. You could then parse the logs for the log messages of SMTP (TCP/25) connections. Naturally this would also log same for translations and other information and depending on the size of the network or amount of the connections this might generate quite a lot of logs.
  You can also configure a "log" keyword on "access-list" lines that permit traffic (SMTP in this case). You can also configure a non default "level" for the messages after the "log" keyword.
  Most of our Syslog setups log with pretty basic configurations and we use the Syslog server to check for the logs we need.
  Your logging setup/configuration naturally depends on your needs. Is it something needed for long term monitoring of connections or just for some quick troubleshooting purposes. Generally I think it would be good to keep logs of most things that happen on the firewall to help with troubleshooting etc.
  - Jouni

• Excessive Incoming Messages in Mail configured to Yahoo Mail

  From a Mac newby...
  Each time I open Mail on my new Mac Mini (OS X Mountain Lion 10.8.3), Mail Activity shows thousands of incoming messages arriving at a rate of roughly 40 per minute. But the only emails going into my inbox are "legitimate" emails from friends and customers.
  I've configured Mail to use Yahoo Mail (although I've also set up and enabled an iCloud account which I don't use). Are those thousands of incoming messages in fact old Yahoo Mail messages that have to load onto Mail each time I open it?
  Whatever they are, is this avoidable? I don't seem to be losing any messages, but it slows the computer down for quite a while, and just doesn't "feel right".
  If this is an issue inherent to Yahoo Mail on a Mac, I will consider using a different main address. What sort of address is least likely to be problematic with Mail software? Changing my main email address is a big deal and I wouldn't want to have to do it again in the near future.
  P.S. Would prefer answers that are understandable to, say, an unusually bright chimp

  If I understand you correctly, you would like to handle your mail directly on the remote server? That is not possible from Mail.app. There may be other Mail clients that offer this option or you could simply handle your Mail with your web browser.

• ITunes requests "Allow Incoming Traffic" every-time it's launched

  Dear fellow Mac users;
  I have the latest iMac 27" (SSD 256GB & HDD 2TB). All Applications and OS X reside on the SSD while the Home folder and all data files (including Music Folder -> iTunes Folder) reside on the 2TB HDD.
  Everytime I launch the iTunes app and fully close it, a pop up shows up saying +"Do you want the application "iTunes.app" to accept incoming network connections?" Clicking Deny may limit the application's behavior. This setting can be changed in the Firewall pane of Security preferences.+
  In order for iTunes to connect to the iTunes store I need to click Allow every time.
  In the System Preferences -> Security -> Firewall -> Advanced, the iTunes.app is set to *Allow incoming connections*.
  The "Block all incoming connections" is unchecked
  The "Automatically allow signed software to receive ..." is checked
  The "Enable stealth mode" is unchecked
  I deleted the "+iTunes - Allow incoming connections+" and then relaunched iTunes and there is no pop up. But after closing the iTunes app and relaunching again, the problem reappears.
  Checking in System Preferences -> Security -> Firewall -> Advanced, the iTunes.app is suddenly again set to *Allow incoming connections*.
  Any advice to avoid this annoying behavior is GREATLY appreciated.

  I had the same firewall problem on three computers after upgrading to 10.6.5 and iTunes 10.1. I was able to fix it on all three computers without uninstalling anything. Here's what worked for me:
  1) Go to the firewall preferences (System Prefs-->Security-->Firewall-->Advanced-->Automatically allow... (checked) and delete iTunes from the list.
  2) Restart the computer.
  3) Download the standalone iTunes 10.1 installer from Apple and install it.
  4) Restart again
  5) There is no step 5...
  iTunes has been working all morning for me on all three computers without the firewall messages coming back (including mulitple launches of iTunes, restarts, etc.)
  I'm not sure if the restarts are required in the steps above, but they can't hurt and it worked for me.

• Routing of incoming traffic

  Hi all,
  I have a WRT54G router.
  I have an internet address pointing to my router. Can anyone tell me how i route the incoming request to a particular computer. Fow example the internet address is http://www.myaddress.com (which routes to my router at a static ip address) i want it routed to a webserver on my internal network named www .
  I had this setup on my old router but cannot find the settings to do this with this router.
  Any help would be greatly appreciated.
  Thanks,
  Dave.

  I think you need to enable "Advanced Routing" on your Router to do that work.
  Click Here how to enable Advanced Routing on your router. 

• Mysterious incoming traffic

  A little background: I have an iMac & my wife has a MacBook. We have Hughes satellite internet and a Linksys WiFi modem. We mainly use the Macs to read mail and uses Safari to read the news. Hughes allows 200MB down before essentially cutting you off for 24 hours.
  Yesterday and today we were cut off because we exceed the downlink bandwidth usage. The strange thing is my wife's computer was closed and supposedly sleeping and I was just reading mail and looking for something on Amazon when we were cut off. The only applications active were Mail and Safari. It was much the same the day before. This has happened before. Hughes said it was our problem and that we should shut everything down when we are not using it. That makes it pretty convenient.
  There is no one living within a half mile and the nearest computer is at least a mile away. The WiFi signal does not carry more than a few feet outside the house and the house is over 400 feet from the road.
  I have gone through the logs for the time period, checked for downloads and new files as best that I can. Does anyone have any idea how to determine where the traffic came from?

  Install shareware "littlesnitch" to confirm any in/out-bound process or application traffic.
  NetBarrier (Intego) I found easier to use.
  There are tools to monitor more than Activity Monitor how much network traffic is occurring.
  I would check your Linksys for any firmware updates or whether you can reconfigure it - more for 10.6.x compatibility.
  As for OS X and these huge 700MB to 1GB to upgrade a system... there really should be a $15 physical media service.
  An ISP often will cache high active content to be stored closer. I use to setup a proxy server on my computer to do something like that back during dialup (and had bonded PPP using a pair of modems).