Macos Block Apps From Using Vertain Ports
- Macos Block Apps From Using Certain Ports On Windows 10
- Macos Block Apps From Using Certain Ports List
- Macos Block Apps From Using Certain Ports On Android
- Macos Block Apps From Using Certain Ports On Ipad
- Macos Block Apps From Using Vertain Portsmouth
- Macos Block Apps From Using Certain Ports On Iphone
If you are using macOS, you should install MacPorts using the macOS package installer unless you do not wish to install it to /opt/local/, the default MacPorts location, or if you wish to install a pre-release version of MacPorts base.However, if you wish to install multiple copies of MacPorts or install MacPorts on another OS platform, you must install MacPorts from the source code. Microsoft Office for Mac opens random TCP and an UDP port to 'protect' you from using more than one copy of same license on the network. See Disable Office v.X network serial number check and CIACTech02-003: Protecting Office for Mac X Antipiracy Server Ports.
Oct 16, 2019 To look for ports using a gcc45 variant, type port rdeps gcc45 at the terminal's command line. This may be done using the MacOS X AppleScript Editor. Third, the shell script which the App bundle runs is needed. This script will be used to launch the MacOS X Terminal app. In a situation where you have to access a NAT-ed, remote site with multiple servers, having servers listen on ports other than the default (3389) is quite handy. Unfortunately, Microsoft claims that 'the Remote Desktop Connection Client for the Mac supports only port 3389. 3389 is the default port.' Kill the process which is currently using the port using its PID. Kill PID and then check to see if the port closed. If not, try: kill -9 PID I would only do the following if the previous didnt work. Sudo kill -9 PID Just to be safe. Again depending on how you opened the port, this may not matter.
| Click here to return to the 'Show which processes are listening to which ports' hint |
Hi,
I followed your instructions and got this :-
GoogleDes 271 ezra 14u IPv4 0x023a0200 0t0 TCP localhost:9011 (LISTEN)
Can you interpret what it means? Thank you.
---
EB
GoogleDes sounds as though it might be GoogleDesktop, do you happen to have that installed?
It's a process called GoogleDes with a pid of 271. The process is owned by user ezra. 14u means it is file descriptor number 14 and is open for update. The file type is an IP v4 socket and the next bit is the address in the kernel of the file structure. The 0t0 is the offset within the file which is a socket (being listened to) so probably meaningless. Finally it is a TCP socket on the localhost interface port 9011 and it's being listened to by the GoogleDes process.
Basically it means GoogleDes is listening for TCP connections on port 9011.
While i haven't installed it on an OS X box yet, i have installed sshdfilter on my linux servers.
it should be possible to make it work under OS X with a little work.
Essentially, it watches the secure log for sshd login attempts. if the user name supplied doesn't exist, instant block of that ip address.
it just goes dead. the script automatically cleans those IP addresses out later at a user defined interval.
it gives you 3 attempts to get a user/password combination to login, before it blocks your IP address. That number is also configurable.
You can find sshdfilter, if you are interested in hacking it apart, on freshmeat.net
No, i am not the author, and am in no way affiliated.
i found it after one of my linux boxes was bruteforced through ssh.
the sshdfilter logs that i have emailed to myself in the morning are always amusing.
it's fun reading a couple dozen lines of 'Instant block of xx.xx.xx.xx, unknown user'
where i used to have hundreds of lines of attempts at user guessing.
oh, and anyone trying to use the root user is blocked instantly as well.
I had high hopes for this as a general tool to see what daemons are running.. but it looks incomplete.
For example on my system it lists the following:
ARDAgent
AppleVNC
SubethaEdit
but not SSHD, or any other services (SMB, WEB, etc).. Am I missing a reason why these services are not showing up?
---
A completely SANE Canadian.
sudo:sudo lsof -i grep LISTEN.. and btw, ssh is managed by launchd, so you will only see sshd in the list if there is a current session (somebody is currently logged in)
hmmm.. I have IPv6 configured to be off so why is launchd also listening on an IPv6 port? That's not good.
Good point.
And really, when not run as root this would be almost useless to find 'trojans' (Assuming that it was able to in the first place)
---
A completely SANE Canadian.
sudo to run the command as root (administrator/'super user'):sudo lsof -i grep LISTENYou will then be asked for your (administrator) password: The password you may use to login into your account (if it is a privileged account).
This is a great tool in general, but be very careful of trusting this on a hacked machine.
A common technique of hackers is to replace programs like lsof, ps, top, etc., with hacked versions which explicitly don't show any of their trojan processes. So if your machine has been hacked by all means use this to look around and see what happened, but don't trust it to indicate your machine has been cleaned.
The only decently reliably way to clean up from a hack is to re-install the OS from scratch and then copy data over from a backup. (If you restore the OS from a backup you don't have any way of knowing whether the backup was made before or after the hack for the same reasons mentioned above.)
If the user wants to find out what processes are listening on TCP/IP ports, the lsof program will work, albeit with your caveat that the program may be hacked.
Other things that could be done to simply check for listeners which are not as drastic as a complete system reinstall would be:
- attempt to locate a program like lsof on the OS X install disk, if possible, by exploring the base install packages
- transfer the image from another OS X system that you know for sure isn't compromised
- Find the sources to the utility and compile it yourself
Oh.. and backup, backup, backup! If you have a smart backup script with incrementals running daily, you might be able to see how and where your system may have been internally compromised (recent edits to files in /usr/bin are a good clue!)
That wouldn't work if the hacker has compromised libraries. You would need a statically linked binary.
What hackers might not do is replace 'Activity Monitor' because unix hackers don't expect apple gui tools.
None-the-less if you have been hacked you need to reinstall the OS. There is no real way around this.
Also turn on your firewall and you might consider 'Little Snitch'.
What is this ?
SECx20He 222 savage 14u IPv4 0x03916b38 0t0 TCP *:49168 (LISTEN)
SECx20He 222 savage 16u IPv4 0x039167e4 0t0 TCP *:23000 (LISTEN)
No idea what these 2 are ?
It's a process whose name begins 'SEC He' and has pid 222. Use Activity monitor to find it.
So my ignorant 'what are these' question is:
What are these?
netinfod 80 root 7u IPv4 0x02ed7e8c 0t0 TCP localhost:netinfo-local (LISTEN)
AppleFile 179 root 30u IPv6 0x02a2bc50 0t0 TCP *:afpovertcp (LISTEN)
AppleFile 179 root 31u IPv4 0x02ed569c 0t0 TCP *:afpovertcp (LISTEN)
cupsd 191 root 0u IPv4 0x02ed713c 0t0 TCP localhost:ipp (LISTEN)
python 679 david 4u IPv4 0x03089740 0t0 TCP localhost:50000 (LISTEN)
firefox-b 1466 david 32u IPv4 0x040e669c 0t0 TCP localhost:50001 (LISTEN)
slpd 3531 root 2u IPv4 0x03f44200 0t0 TCP *:svrloc (LISTEN)
(yeah, I know firefox..)
netinfod - Netinfo (It's from next Step, stores info normally found in the /etc folder, like passwords. Will be replaced by ldap in the future).
AppleFile AFP Daemon, it allows you to connect to afp shares.
cupsd CUPS is an open source print daemon/driver.
python - Are you running any scripts? Look this one up in activity monitor.
slpd - service location protocol, wiki says osx uses this to find network shares.
Are you running Salling Clicker? if so it's SEC Helper.
Thanks for the tip.
On a side note, a great way to shut down these attacks is to setup key authentication, then disable password authentication in /etc/sshd_conf:
PasswordAuthentication no
Don't forget to HUP sshd for the setting to take effect.
--
Cole
that's pretty useless if the state isn't LISTENING (for instance, like , oh, I don't know..ESTABLISHED?) You don't care about what connections are ALL READY going on? OK then, use the suggested command.
lsof -nP grep TCP
or
lsof -nP grep UDP
are better by far
So why is Microsoft Word listening on port 3806 (TCP)?
Hi..
sorry but what about:
mysqld 205 nobody 4u IPv4 0x01f62f50 0t0 TCP 127.0.0.1:50701 (LISTEN)
I know it must be MySQL, but being run by 'nobody'?
Could that be a problem?
Macos Block Apps From Using Certain Ports On Windows 10
On the contrary, this is a good thing. Some processes (like mysqld) drop their privileges after launchinf and acquiring a socket to listen on, running under an unprivileged 'nobody' user ID. So if the security of that process is compromised somehow, at least the attacker cannot easily exploit the elevated privileges of that process to do more damage.
I use 'Little Snitch' which handles all this for me.
http://www.obdev.at/products/littlesnitch/
sudo lsof -nP grep TCP
and
sudo lsof -nP grep UDP
The first one gave me the most information that I could somewhat understand. But in either case, they both gave me more information than any of the other suggestions by themselves.
Using sudo lsof -nP grep TCP, I got:
mDNSRespo 33 root 11u IPv4 0x0333eca0 0t0 TCP *:* (CLOSED)
netinfod 34 root 7u IPv4 0x02358e8c 0t0 TCP localhost:netinfo-local (LISTEN)
netinfod 34 root 8u IPv4 0x0333f69c 0t0 TCP localhost:netinfo-local->localhost:956 (ESTABLISHED)
netinfod 34 root 10u IPv4 0x023573ec 0t0 TCP localhost:netinfo-local->localhost:1021 (ESTABLISHED)
Directory 45 root 6u IPv4 0x02357740 0t0 TCP localhost:1021->localhost:netinfo-local (ESTABLISHED)
Directory 45 root 11u IPv4 0x02f473ec 0t0 TCP *:* (CLOSED)
Directory 45 root 33u IPv4 0x03340a94 0t0 TCP *:* (CLOSED)
cupsd 367 root 0u IPv4 0x02d587e4 0t0 TCP localhost:ipp (LISTEN)
Safari 2519 admin 25u IPv4 0x02e56d44 0t0 TCP 192.168.2.20:52459->scds77.ord.llnw.net:http (CLOSED)
lookupd 3770 root 6u IPv4 0x02e56348 0t0 TCP localhost:956->localhost:netinfo-local (ESTABLISHED)
And using sudo lsof -i UDP, I got:
mDNSRespo 33 root 7u IPv4 0x01fb1ad0 0t0 UDP *:mdns
mDNSRespo 33 root 8u IPv6 0x01fb1a00 0t0 UDP *:mdns
mDNSRespo 33 root 9u IPv4 0x01fb0340 0t0 UDP 10.0.1.2:52066
mDNSRespo 33 root 12u IPv4 0x01fb0000 0t0 UDP *:mdns
netinfod 34 root 6u IPv4 0x01fb1e10 0t0 UDP localhost:netinfo-local
syslogd 35 root 17u IPv4 0x01fb1d40 0t0 UDP *:*
Directory 45 root 10u IPv4 0x01fb0750 0t0 UDP *:*
Directory 45 root 31u IPv4 0x01fb1860 0t0 UDP *:*
ntpd 193 root 5u IPv4 0x01fb1ba0 0t0 UDP *:ntp
ntpd 193 root 6u IPv4 0x01fb1790 0t0 UDP localhost:ntp
Macos Block Apps From Using Certain Ports List
ntpd 193 root 7u IPv4 0x01fb1c70 0t0 UDP 192.168.2.20:ntp
automount 228 root 8u IPv4 0x01fb0b60 0t0 UDP localhost:1023
automount 234 root 8u IPv4 0x01fb12b0 0t0 UDP localhost:1022
cupsd 367 root 6u IPv4 0x01fb1110 0t0 UDP *:ipp
While I don't know what all that means, what I can do is run these commands randomly and keep a log of the results. So I'd then have something to compare with if I'm concerned that something is not going right.
I think what might work is to log into my 'clean admin' account, run both commands, and log what came up. Then I'd have a baseline to work with that isn't so highly affected by my personal user activities.
Does anyone see any problems with this?
---
Vicki
For a few records to compare, you could put something like that into a daily or hourly cron job & direct the output into a log file.
Never use setuid on a shell script! Simply by making a softlink from your script to a file named '-i', anyone can root you. Google it for details, but basically adding #!/bin/sh to the beginning of the file will cause the shell to take the name of the script ($0) and create a new command with /bin/sh and then the name of the script. If the filename of the script is -i, then the command becomes '/bin/sh -i', and your attacker just got an interactive root shell.
netstat -an grep LISTEN should work on osx i tried it on my macbook . works fine and btw. lsof -i grep LISTEN returned with nothing netstat sais i have something on .1033 on localhost maybe that lsof bypasses loopback ifaces ? Information about these and other types of Mac ports is in the specifications for your Mac: Choose Apple menu > About This Mac, click Support, then click Specifications. Or check your Mac user guide.
Thunderbolt 3
Use Thunderbolt 3 with displays and other devices that connect using either a Thunderbolt 3 cable or USB-C cable. You can also connect a USB-C power adapter and cable to charge your notebook computer. If you have a device that doesn't connect to this port, you might be able to use an adapter to connect it.
These Mac models have Thunderbolt 3 ports:
- MacBook Pro introduced in 2016 or later
- MacBook Air introduced in 2018 or later
- iMac introduced in 2017 or later
- iMac Pro (all models)
- Mac mini introduced in 2018
- Mac Pro introduced in 2019
If your Mac notebook or desktop computer has more than one port like this, each port supports ThunderBolt 3 and USB-C.
USB-C
Use USB-C with displays and other devices that connect using a USB-C cable. You can also connect a USB-C power adapter and cable to charge your notebook computer. If you have a device that doesn't connect to this port, you might be able to use an adapter to connect it.
MacBook models introduced in 2015 or later have a single USB-C port. This port doesn't support Thunderbolt devices.
If your Mac has only one port like this, it's a MacBook that supports USB-C but not Thunderbolt.
Thunderbolt
Use Thunderbolt or Thunderbolt 2 with displays and other devices that connect using a Thunderbolt cable.
These Mac models have Thunderbolt or Thunderbolt 2 ports:
- MacBook Pro introduced in 2011 through 2015
- MacBook Air introduced in 2011 through 2017
- Mac mini introduced in 2011 through 2014
- iMac introduced in 2011 through 2015
- Mac Pro introduced in 2013
Thunderbolt and Thunderbolt 2 are not the same as Mini DisplayPort . They have the same shape, but use different symbols on the cable and port. However, this port does support Mini DisplayPort for video output, so you can use a Mini DisplayPort cable to connect a Mini DisplayPort display.
Mini DisplayPort
Use Mini DisplayPort with displays that connect using a Mini DisplayPort cable.
These Mac models have Mini DisplayPort:
- MacBook Pro introduced in late 2008 through 2010
- MacBook Air introduced in late 2008 through 2010
- Mac mini introduced in 2009 and 2010
- iMac introduced in 2009 and 2010
- Mac Pro introduced in 2009 through 2012
Mini DisplayPort is not the same as Thunderbolt or Thunderbolt 2 . They have the same shape, but use different symbols on the cable and port.
Macos Block Apps From Using Certain Ports On Android
USB-A
Use USB-A with devices that connect using a USB cable. USB ports are sometimes known by the USB specification of the port, such as USB 2 or USB 3.
Left to right: power, two Thunderbolt, USB-A, and Audio-Out.
HDMI
Use HDMI with displays and TVs that connect using an HDMI cable.
Ethernet
Use Ethernet with networks and devices that connect using an Ethernet (RJ45) cable.
FireWire
Use FireWire with devices that connect using a FireWire 400 or FireWire 800 cable.
SD card
Use the SD card slot with SD, SDHC, SDXC, MMC, and UHS-II media cards, such as those used by digital cameras.
Macos Block Apps From Using Certain Ports On Ipad
Audio
Use Audio-Out — or — with headphones, speakers, and other audio-output devices that connect using an audio cable that has a 3.5 mm (1/8 inch) audio jack.
Use Audio-In with a microphone or other audio-input device that connects using an audio cable that has a 3.5 mm (1/8 inch) audio jack. /best-mac-file-manager-software.html.
Macos Block Apps From Using Vertain Portsmouth
Power
Macos Block Apps From Using Certain Ports On Iphone
Use the power port , if available, to connect your computer to AC power using a MagSafe cable or adapter. This port isn't available on newer Mac notebook computers, which use Thunderbolt 3 or USB-C for power and charging. Learn more about power adapters and cables for Mac notebook computers.