OS/X unresponsive while broadcasting to UDP port 2223

Similar Messages

• My Network of Macs keep broadcasting to udp port 8612 every few seconds

  This problem was answered nicely by "Hunter3740" and Apple archieved it....It is still valid/needed for Mountain Lion!
  https://discussions.apple.com/thread/2464784?start=0&tstart=0
  Here is how to stop your Mac from broadcasting to udp port 8612 every few seconds without using a Terminal WIndow:
  Under Utilities (In Applicatiopn Folder) launch the Activity Monitor, then show "All Processes" and find the one named "CIJScannerRegister.app" and hit the Stop Sign (Quit Process).
  Then follow this Machintosh HD--->Library-->Image Capture--->Support--->LegacyDeviceDiscoveryHelpers---->then throw "CIJScannerRegister.app" in the trash and empty it.
  Bingo...the broadcast stops.
  Apple:  Can you fix this turd with a system update?

  Is there a chance that someone has installed some kind of
  software on the computer that is trying to "call home?"
  The app known as Little Snitch can tell what may be in there
  and if it is responsible for these odd network calls out.
  How is the port security set up in the Mac? And why would
  those ports need to be open unless there was a real purpose?
  With my Macs, all of the ports in Firewall are closed to access
  except for the Network Time Server to keep the clock correct.
  {Some are used to share files between computers, & to chat; etc.}
  Do you have more than two user accounts in the computer, and
  if so, is your Admin account only used to update and maintain
  the OS X & to install apps for other users? The levels of security
  in Mac OS X can be controlled; and such odd port calls if or when
  there is no need, are signs that something is not quite right.
  Have you looked into the Console utility to see what is causing the
  hang at those time intervals you know this has happened? There
  are several different logs and reports in there; some won't apply.
  Do the children who use the computer, have access to or know the
  Admin account's password? A second user, from their account, can
  install software and do other things, if that password is available.
  I noticed you had a similar post last month that appeared to go without
  a reply; now it is locked and can't be replied to anyway. So this issue
  has been going on for some time. What may have happened in the past
  year or so, to start this issue in that computer? Something, for certain.
  Good luck & happy computing!

• Broadcasts on UDP port 8612?

  Hello -
  I'm the sole Mac user in an office that has over 100 computers, so I'm asking this based on a question I got from our network guy. I am nowhere near a network expert.
  The network guy asked me if I had installed anything recently that might be causing a lot of "noise" on our network. He says it is coming from my IP address and "They are pridominately "broadcasts" to the entire network on UDP port 8612, which Google tells me has something to do with Cannon printers."
  Does anyone know what this might be and how I can turn it off? As the sole Mac user I try to keep a low profile!
  Thanks in advance.
  Patrick

  Templeton Peck wrote:
  For starters, is there any Canon printers in the office, or Canon drivers installed on your computer?
  I found some in the library/printers file and have deleted them. I don't connect to any Canon printers, but it's not clear to me why they would trigger the network traffic when the others didn't.
  I'll ask our systems administrator if he sees the chatter with the Canon file deleted.

• Our IT Director will not allow the appropriate TCP and UDP ports to be opened on the district WAN

  I have about 30 Apple TV Units and our IT Director will not allow the appropriate TCP and UDP ports to be opened on the district WAN.  When our teachers try to log on to Apple TV to broadcast lessons, websites, etc., they are booted off the network after about 20 minutes. 
  Any ideas for how I might solve this without having to hard-wire the Apple TV Units?

  Honestly, you do not.
  Either the IT director will cave and allow the appropriate ports or it doesn't work.
  Hard wiring the ATVs will not rectify the problem. 

• Application by using more than 65535 UDP ports

  Hello all!
  I'm now implementing a device simulator in VC++ to performance a load test to our server application. I need to simulate a huge number of devices to communicate with this server via UDP, each device shall have its own UDP port exclusive during the
  simulation.
  Since there are maximal 65536 ports pro IP address and from 0 to 1024 are reserved by OS, theoretically I have 64511 free ports for my Simulator application, considering some ports are required by some services/applications, the free port number may a little
  fewer, I'm assuming this number is 60000. According to our software requirement, I can't reach the required simulating device amount under this port limitation.
  If I'm right, if one computer has more IPs, I shall have more than 60000 free ports. My simulator runs under Windows Server 2008, 2 physical network adapters and I used following command to change the dynamic UDP port range to get 60000 UDP ports:
        netsh interface ipv4 set dynamicportrange protocol=udp startport=3000 numberofports=60000
  My questions are:
  1. Is this setting globally available or for each IP address?
     I tried to set the parameter "numberofports" to 120000 but it didn't work.
  2. Shall I set for each IP address separately a UDP port range?
  3. If this setting is for each IP addres available, I have following problem:
     For two IP address, I could bind 60000 ports in total to 60000 UDP sockets, e.g IP1 20000 ports and IP2 40000 ports, or IP1 40000 ports and IP2 20000 ports. That means I can still use maximal 60000 UDP ports.
  Unfortunately, I can't find any reference about this topic in Internet, does anyone have my similar situation?
  Thank you in advance to teach me a solution!

  " I need so many UDP ports because our product has "state", and our Server application maintains connection sessions for each connected device."
  Couldn't you add some information to the datagrams that identify the state? That may require less resources than creating a zillion of sockets. Though I suppose that using a single socket would lead to serialization and that will hurt scaling...
  "How much memory does one socket need? I didn't think about this topic....."
  Hmm, memory is need for the socket data structures and buffers. Probably a few kilobytes. Let's do a test and see what happens:
  #include <winsock2.h>
  #include <cstdio>
  #pragma comment(lib, "ws2_32.lib")
  DWORD WINAPI ServerThread(LPVOID addr) {
  SOCKET sk = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
  if (sk == INVALID_SOCKET) {
  printf("socket failed\n");
  return 1;
  int err = bind(sk, static_cast<sockaddr *>(addr), sizeof(sockaddr_in));
  if (err != 0) {
  printf("bind failed\n");
  return 1;
  char buffer[256];
  sockaddr_in from;
  int fromLen = sizeof(from);
  for (;;) {
  int length = recvfrom(sk, buffer, 256, 0, reinterpret_cast<sockaddr *>(&from), &fromLen);
  printf("got %d bytes from %s:%d\n", length, inet_ntoa(from.sin_addr), htons(from.sin_port));
  int main() {
  WSADATA wsaData;
  int err = WSAStartup(MAKEWORD(2, 2), &wsaData);
  sockaddr_in to;
  to.sin_family = AF_INET;
  to.sin_port = htons(4242);
  to.sin_addr.S_un.S_addr = inet_addr("192.168.1.68");
  CreateThread(nullptr, 0, ServerThread, &to, 0, nullptr);
  const char *addrs[] { "192.168.1.40", "192.168.1.41", "192.168.1.42", "192.168.1.43" };
  SOCKET sockets[_countof(addrs)][30000];
  sockaddr_in from;
  from.sin_family = AF_INET;
  int count = 0;
  for (int i = 0; i < _countof(addrs); i++) {
  from.sin_addr.S_un.S_addr = inet_addr(addrs[i]);
  for (int j = 0; j < _countof(sockets[i]); j++) {
  SOCKET sk = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
  from.sin_port = htons(65535 - j);
  err = bind(sk, reinterpret_cast<sockaddr *>(&from), sizeof(from));
  if (err != 0) {
  printf("bind failed while creating socket %d on %s:%d\n", count, addrs[i], 65535 - j);
  closesocket(sk);
  sk = INVALID_SOCKET;
  else {
  count++;
  sockets[i][j] = sk;
  printf("created %d sockets\n", count);
  char buffer[256];
  for (int i = 0; i < _countof(sockets); i++) {
  for (int j = 0; j < _countof(sockets[i]); j++) {
  if (sockets[i][j] != INVALID_SOCKET)
  err = sendto(sockets[i][j], buffer, 256, 0, reinterpret_cast<sockaddr *>(&to), sizeof(to));
  This creates almost 120000 sockets on my machine (Win 8.1). All the 192.168.1.x addresses are on the same network adapter, 4 of them are used for "clients" and 1 for the "server". Clients have ports in the range 35535 - 65535 so you get
  around 30000 sockets per address (a few ports are in use so you won't get exactly 30000 unless you adjust the code).
  When the program starts the kernel non paged pool jumps from ~50MB to ~200MB. That means around 1.3KBytes per socket.
  @Joel Engineer: "The windows operating system can only have one IP per Computer name and a computer can only have one name..."
  You're delusional.

• Open udp port on Wireless Network

  I have a WLC2106 with 6 APs model 1240AG. An application uses port 11050 UDP for license management. The client send a broadcast on this port looking by the server, because this information is NOT passing through, the connection can't be established. With the original network (3com), there is no any problem but with Cisco network, this particular port appears to be closed. How can I confirm the AP is blocking this port? How can I open it? I tried with an ACL but the problem was not fixed.
  thanks in advance.

  Eric:
  Thanks so much for your support. Finally I have the application working.
  I found the problem was not with the UDP port alone, the problem was with all broadcast (your tips give me ligth).
  Besides the "Broadcasting Forwarding" option I changed the "Ethernet Multicast Mode" to Multicast.
  The key was this paragraph in the release notes:
  Re-enable Broadcast after Upgrading to Release 4.0.206.0
  In software releases 4.0.179.0 and earlier, broadcast and multicast forwarding were both controlled with a single global flag that enabled multicast. Beginning with software release 4.0.206.0, these functions were broken into separate configuration flags: one that controls broadcast and one that controls non-broadcast multicast. If you have multicast enabled in software releases 4.0.179.0 and earlier, the broadcast flag is left disabled after upgrading to software release 4.0.206.0. As a result, some applications that rely on broadcast do not work after the upgrade.
  After you upgrade to software release 4.0.206.0, use this CLI command to re-enable broadcast:
  config network broadcast enable
  When re-enabled, broadcast uses the multicast mode configured on the controller.
  To be honest I am not very clear how the multicast mode is related with the problem, but now I can see all the broadcast messages passing through wireless network.
  Thanks a lot
  Daniel Escalante.

• DMVPN-Why received packet doesn't use UDP port 4500 but 500?

  Hello everyone
  I got a problem with my DMVPN. Spoke is behind a NAT device. x.x.x.x is an public IP address which hub uses. I don't know why it discovered that the hub is also inside a NAT device. And after it sends a packet using port 4500, the received packet from hub was not using port 4500 but 500. I'm confused now. Any advise would be much appreciated.
  *Sep 10 08:56:02 UTC: ISAKMP:(0): beginning Main Mode exchange
  *Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
  *Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_NO_STATE
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_I_MM2 
  *Sep 10 08:56:02 UTC: ISAKMP:(0): processing SA payload. message ID = 0
  *Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
  *Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
  *Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
  *Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching 
  *Sep 10 08:56:02 UTC: ISAKMP:(0): local preshared key found
  *Sep 10 08:56:02 UTC: ISAKMP : Scanning profiles for xauth ...
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
  *Sep 10 08:56:02 UTC: ISAKMP:      encryption 3DES-CBC
  *Sep 10 08:56:02 UTC: ISAKMP:      hash MD5
  *Sep 10 08:56:02 UTC: ISAKMP:      default group 1
  *Sep 10 08:56:02 UTC: ISAKMP:      auth pre-share
  *Sep 10 08:56:02 UTC: ISAKMP:      life type in seconds
  *Sep 10 08:56:02 UTC: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80 
  *Sep 10 08:56:02 UTC: ISAKMP:(0):atts are acceptable. Next payload is 0
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:actual life: 0
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:life: 0
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa vpi_length:4
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Returning Actual lifetime: 86400
  *Sep 10 08:56:02 UTC: ISAKMP:(0)::Started lifetime timer: 86400.
  *Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
  *Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
  *Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM2 
  *Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_SA_SETUP
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3 
  *Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_SA_SETUP
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
  *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4 
  *Sep 10 08:56:02 UTC: ISAKMP:(0): processing KE payload. message ID = 0
  *Sep 10 08:56:02 UTC: ISAKMP:(0): processing NONCE payload. message ID = 0
  *Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching x.x.x.x
  *Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
  *Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is Unity
  *Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
  *Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is DPD
  *Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
  *Sep 10 08:56:02 UTC: ISAKMP:(2746): speaking to another IOS box!
  *Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
  *Sep 10 08:56:02 UTC: ISAKMP (2746): NAT found, both nodes inside NAT
  *Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
  *Sep 10 08:56:02 UTC: ISAKMP (2746): My hash no match -  this node inside NAT
  *Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
  *Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4  New State = IKE_I_MM4 
  *Sep 10 08:56:02 UTC: ISAKMP:(2746):Send initial contact
  *Sep 10 08:56:02 UTC: ISAKMP:(2746):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
  *Sep 10 08:56:02 UTC: ISAKMP (2746): ID payload 
  next-payload : 8
  type         : 1 
  address      : 192.168.1.101 
  protocol     : 17 
  port         : 0 
  length       : 12
  *Sep 10 08:56:02 UTC: ISAKMP:(2746):Total payload length: 12
  *Sep 10 08:56:02 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
  *Sep 10 08:56:02 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.
  *Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
  *Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4  New State = IKE_I_MM5 
  *Sep 10 08:56:03 UTC: ISAKMP (2746): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_KEY_EXCH
  *Sep 10 08:56:03 UTC: ISAKMP:(2746): phase 1 packet is a duplicate of a previous packet.
  *Sep 10 08:56:03 UTC: ISAKMP:(2746): retransmitting due to retransmit phase 1
  *Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH...
  *Sep 10 08:56:04 UTC: ISAKMP (2746): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
  *Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH
  *Sep 10 08:56:04 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
  *Sep 10 08:56:04 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.

  This could be because the port 4500 packet that is being sent is not being received by the peer side or it is ignoring that packet. 
  Since the port 500 packet that you are receiving is a duplicate of the previous packet it is definitely not a reply packet for the port 4500 packet. 
  If you can get the debugs from the other end, then you could see if the peer side is receiving the udp port 4500 packets.
  If not that then this could be a UDP port 4500 block with the ISP.

• Broadcast Error while broadcasting a template

  hi...
  I am facing error while broadcasting a template as a PDF file.
  Error: com.sap.ip.bi.base.exception.BIBaseRuntimeException
  I cant find any other details for this error.
  I am able to broadcast the query.But i am not able to broadcast the template which includes the same query.
  When i tried to assign a different query to thesame template, its working.It means that template is working fine.
  The problem is the combination of the actaul query and actual template is not working.
  I also checked with the support desktool and the configuration settings which are fine.
  There are no error logs found. When we execute the template for broadcast it should initially communicate with the BW system and then from there we wil recieve mail.
  But here when i am executing i am not able to see any logs in BW syetem, the report is not getting communicated with the BW system.
  There are 4 queries with their corresponding templates for which templates are not getting broadcasted. The queries are designed for top n customers. These queries have offsets and also for one of the query there are exit variables.
  I want to know that is there any problem with the query or some setting problem which will make the combination of query and template work properly  i.e broadcasted properly.
  Can anyone please provide some inputs????

  this seems that the Portal engine set up with your companys portal and Web application designer is not working...
  u mighte need toa pply OSS notes.
  have you checked it on SAP service market place.

• Why does Firefox on my Windows 7 PC hang (become unresponsive) while it waits for most pages to load or run scripts?

  Firefox hangs (becomes unresponsive) when accessing many sites including Gmail. Eventually, when hung, Firefox will throw up a window saying "WARNING: A script has become unresponsive" or, in the case of Gmail, the page itself will say "Some Gmail features have failed to load due to an internet connectivity problem."
  IE8 and Google Chrome are working normally. I've tried Firefox in safe mode, re-installing and even running Firefox portable from a USB thumb drive. Each time with the same result—Firefox hangs or becomes unresponsive while it waits for most pages to load or run scripts.
  #### PC Workstation Environment ####
  Firefox 13.0.1
  Windows 7
  Symantec Endpoint Protection 11.0.6200.754
  --

  Your problem sounds like the one that a co-worker and I started to have about the same time. Check your Symantec client management control log. You might see a line like the following.
  Date and Time Severity Level Action Test / Production Description API Class Rule Caller Process ID Caller Process Parameter User
  2012-07-30 10:48:09 AM 15 Block Production Unauthorized NT call rejected by protection driver. System Built-in rule 1608 FlashplayerPlu FuncID-B6H, R... None
  At first we thought that it was a Javascript problem until we noticed this log. The key words are 'Block' and 'FlashPlayerPlu'. This problem recently started for us, perhaps with a software push 1-2 weeks ago. Internet Explorer does not hang when accessing pages with Flash.
  The Flash page does eventually load after a long time. However, since the whole browser hangs for a while, for the most part having the Flash plugin enabled makes Firefox unusable if accessing pages with Flash.
  Disabling the Flash plugin solves the hanging problem, but I do not know what is causing the problem, nor do I know when a combination of Windows 7, Flash, and Symantec will work. Your later version of Symantec shows that we might have the problem for a while, but I do not know what customization CSC did with Symantec. My coworker did run a complete virus scan, uncovering nothing. Another co-worker is running Windows XP. She does not have the problem, but I do not know what other versions of software she is running.
  Symantec Endpoint Protection version 11.0.6100.645
  Flash version 11.3.300.268
  Firefox version 14.0.1
  Windows 7 32-bit service pack 1

• TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall

  Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
  Thank you

  It should be the same as the documentation for all Software Updates:
  https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
  Make sure to expand the "restrict access to specific domains" section to see the update related URLs.

• Noticed that my MAC Mini is sending traffic to 70.38.54.77 on sequential UDP ports (port scanning?)

  Hi,
  I noticed in my home router logs that my MAC Mini "scans" UDP ports in the 33xxx range to an address 70.38.54.77 ... a quick search shows others complains but not result or explanation. I am looking to see if this is some piece of sw installed in my MAC or perhaps how to block traffic to/from that IP (or its subnet).
  See below - .149 is my MAC mini IP address at home.
  Outgoing log
  LAN IP address
  |
  Destination URL or IP address
  |
  Service or port number
  192.168.2.149
  70.38.54.77
  33495
  192.168.2.149
  70.38.54.77
  33494
  192.168.2.149
  70.38.54.77
  33493
  192.168.2.149
  70.38.54.77
  33492
  192.168.2.149
  70.38.54.77
  33491
  192.168.2.149
  70.38.54.77
  33490
  192.168.2.149
  70.38.54.77
  33489
  192.168.2.149
  70.38.54.77
  33488
  192.168.2.149
  70.38.54.77
  33487
  192.168.2.149
  70.38.54.77
  33486
  192.168.2.149
  70.38.54.77
  33485
  192.168.2.149
  70.38.54.77
  33484
  192.168.2.149
  70.38.54.77
  33483
  192.168.2.149
  70.38.54.77
  33482
  192.168.2.149
  70.38.54.77
  33481
  192.168.2.149
  70.38.54.77
  33480
  192.168.2.149
  70.38.54.77
  33479
  192.168.2.149
  70.38.54.77
  33478
  192.168.2.149
  70.38.54.77
  33477
  192.168.2.149
  70.38.54.77
  33476
  192.168.2.149
  70.38.54.77
  33475
  192.168.2.149
  70.38.54.77
  33474
  192.168.2.149
  70.38.54.77
  33473
  192.168.2.149
  70.38.54.77
  33472
  192.168.2.149
  70.38.54.77
  33471
  192.168.2.149
  70.38.54.77
  33470
  192.168.2.149
  70.38.54.77
  33469
  192.168.2.149
  70.38.54.77
  33468
  192.168.2.149
  70.38.54.77
  33467
  Thanks in advance.

  Is that your IP & ISP?
  NetRange:       70.38.54.64 - 70.38.54.95
  CIDR:           70.38.54.64/27
  OriginAS:      
  NetName:        IWEB-CL-T140-02SH
  To see if it's you/your provider, What's my ip...
  http://www.whatismyipaddress.com/
  Little Snitch, stops/alerts outgoing stuff...
  http://www.obdev.at/products/littlesnitch/index.html
  And will tell you what wants to use that port, then you can choose to allow or deny.

• Identify Ports for AD - External UDP port scanner

  Greetings all,
  I am trying to figure out which UDP port is alarming on the "AD - External UDP port scanners (13005)" signature. By default, the signature is set to summarize which looks something like this "NumDestIps=100; currentTHreshold=100. protocol=1".
  From the "Protocol = 1" line I am assuming all scanning is hitting up on a single destination protocol - I need to know which protocol / port number.
  I've already attempted to turn on "log attacker, pair, and victim" packets. Verbose is not an option for this signature. I have also tried changing alert Frequency to "fire all" or just uncheck the "Summary Mode" box. None of this tells me the destination/victim port. I do see under a protocol field "ICMP" but i don't believe that pertains to the source port. Any ideas on how I might find this information?

  TCP/445 is used by Microsoft file sharing (CIFS), and by default that port is opened on all Microsoft PC basically to allow file sharing.
  If you open up DOS prompt, and type: netstat -na, you would see that your PC is by default listening on TCP/445.
  Here is more information on Microsoft-DS (TCP/445):
  http://www.linklogger.com/TCP445.htm
  http://en.wikipedia.org/wiki/Server_Message_Block
  So it really depends on your corporate security policy, whether to allow file sharing or not within the network. IPS is picking that up because it is an easier way of exploiting a PC since the port is opened by default.

• Allign contents while broadcasting in PDF

  Hi all,
  There is a specfic requirement, pls suggest.
  The Web Templates in WAD are published in portal and broadcasted as PDF.
  1.  The Graph, Tables are seen one after the other in PDF.  Where as in portal it is shown in a well alligned format. 
  2.  The headings to the table and Graphs are lost in the process of broadcasting.
  Kindly suggest on a way to bring allignment to the  PDF file generated while broadcasting.
  Thanks in advance,
  Jeswin
  Edited by: jeswin Jose on Oct 1, 2008 2:10 PM

  Hi
  Slide 70
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/5c46376d-0601-0010-83bf-c4f5f140e3d6
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/58fd9183-0e01-0010-f183-fdc9019f77ab
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/08f1b622-0c01-0010-618c-cb41e12c72be
  http://help.sap.com/saphelp_nw04s/helpdata/en/1a/615f64816311d38b170000e8284689/frameset.htm

• Should I block TCP/UDP ports 135 to 139 on my router?

  For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router?  This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation?  When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth.  Ideally, they should all be Stealth.

  Have a read here: http://securityspread.com/2013/07/26/firewall/
  Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
  The specific ports you mention pose no risk to OS X as far as I am aware.

• UDP PORT 445 Not listed in System Process

  Hi! Can you help me? I need the UDP PORT 445 listed on SYSTEM Process. 
  I open UDP PORT 445 on Firewall (WSBS 2011), but in Syshelp (symatech validation too) the result is:
  Title: One or more network services, ports, protocols or associated processes may need attention
  Product: Backup Exec Server
  Status: Warning
  Details:
  Warning SYSTEM's UDP port 445 is not open or listening.
  Warning Port is not open or listening.
  UDP Process: System
  Ok SYSTEM is the correct process for UDP port 137
  Ok Port 137 with protocol UDP is open on the following IP addresses: - 25.54.28.213
  - 169.254.41.25
  - 169.254.244.222
  - 192.168.0.6
  - 192.168.1.2
  Ok Process System has port 137 with protocol UDP open.
  Ok Process System has port 137 with protocol UDP open.
  Ok Process System has port 137 with protocol UDP open.
  Ok Process System has port 137 with protocol UDP open.
  Ok Process System has port 137 with protocol UDP open.
  Information Network service name not defined. Test skipped.
  Information Default settings - Network Service Name: netbios-ns Port: 137 Protocol: UDP Process: System
  Ok SYSTEM is the correct process for UDP port 138
  Ok Port 138 with protocol UDP is open on the following IP addresses: - 25.54.28.213
  - 169.254.41.25
  - 169.254.244.222
  - 192.168.0.6
  - 192.168.1.2
  Ok Process System has port 138 with protocol UDP open.
  Ok Process System has port 138 with protocol UDP open.
  Ok Process System has port 138 with protocol UDP open.
  Ok Process System has port 138 with protocol UDP open.
  Ok Process System has port 138 with protocol UDP open.
  Information Network service name not defined. Test skipped.
  Information Default settings - Network Service Name: netbios-dgm Port: 138 Protocol: UDP Process: System
  Ok SYSTEM is the correct process for TCP port 445
  Ok Port 445 with protocol TCP is open on the following IP addresses: - 0.0.0.0
  Ok Process System has port 445 with protocol TCP open.
  Information Network service name not defined. Test skipped.
  Information Default settings - Network Service Name: microsoft-ds Port: 445 Protocol: TCP Process: System

  Hi,
  à
  I need the UDP PORT 445 listed on SYSTEM Process.
  à
  Warning SYSTEM's UDP port 445 is not open or listening.
  Based on your description, I’m a little confused with this issue. Please run following commands with administrator
  permission and monitor the result. Would you please check and confirm whether any process listened the UDP port 445?
  netstat –ab
  netstat -a | find /i "445"
  In addition, I noticed that you use Syshelp (Symantec validation tool) to check. I suggest that you would post
  the warning message in Symantec Forum and confirm this issue. I believe we will get a better assistance there.
  If anything I misunderstand, please don’t hesitate to let me know.
  Hope this helps.
  Best regards,
  Justin Gu