Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Question for all you Mac Security Geeks!

B

blackpeter

macrumors 6502a
Original poster
Aug 14, 2001
919
0
Can anyone talk to me about MT-ScaleServer and what it is? Or why my computer keeps trying to go out on port 2305?

My firewall is constantly blocking traffic on Port 2305, which I've found to be related to MT-ScaleServer, though I can't seem to find anything more about this issue.

Any help on this is greatly appreciated.
 
tomf87

tomf87

macrumors 65816
Sep 10, 2003
1,052
0
Would you happen to have Age of Empires or Halo installed?

EDIT: Also, is this UDP or TCP being blocked?
 
B

blackpeter

macrumors 6502a
Original poster
Aug 14, 2001
919
0
No Age of Empires or Halo. And it's UDP that's being blocked.

Thanks for the response!

tomf87 said:
Would you happen to have Age of Empires or Halo installed?

EDIT: Also, is this UDP or TCP being blocked?
Click to expand...
 
tomf87

tomf87

macrumors 65816
Sep 10, 2003
1,052
0
Run:

lsof -i4 -n -P

from terminal and look for UDP 2305 to see the offending program.
 
B

blackpeter

macrumors 6502a
Original poster
Aug 14, 2001
919
0
Nice. Only, what does that mean?? Please try to explain to a Terminal newbie.

tomf87 said:
Run:

lsof -i4 -n -P

from terminal and look for UDP 2305 to see the offending program.
Click to expand...
 
tomf87

tomf87

macrumors 65816
Sep 10, 2003
1,052
0
tfaz1 said:
Nice. Only, what does that mean?? Please try to explain to a Terminal newbie.
Click to expand...

lsof stands for list open files. Essentially, the command above will list the any programs running that have opened up an Internet Protocol Version 4 socket, and will not perform any name conversion on IP's or sockets.

Here's my example:

Code: 
COMMAND    PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
Microsoft 1059  tom   16u  IPv4 0x02f50aa0      0t0  TCP *:3791 (LISTEN)
Microsoft 1059  tom   17u  IPv4 0x02b243c0      0t0  UDP *:2222
Microsoft 1059  tom   27u  IPv4 0x02cb34c8      0t0  TCP 10.1.1.11:53387->10.1.1.4:80 (CLOSE_WAIT)
Microsoft 1059  tom   30u  IPv4 0x02b24cb0      0t0  UDP 10.1.1.11:50736

So we see here that we have some sort of Microsoft program at PID (Process ID) 1059. Let's see what it is with 'ps -auxww -p 1059':

Code: 
USER   PID %CPU %MEM      VSZ    RSS  TT  STAT STARTED      TIME COMMAND
tom   1059   0.0 -1.7   230436  34624  ??  S     7:30AM   0:29.99 /Applications/Microsoft Office 2004/Microsoft Entourage /Applications/Microsoft Office 2004/Microsoft Entourage -psn_0_11796481


So, now we know Microsoft Entourage was doing the above.
 
B

blackpeter

macrumors 6502a
Original poster
Aug 14, 2001
919
0
Wow... thanks so much for all the great info!

Also, I assume this is machine specific. Meaning, I'd have to run it on each of the computers in my network.
 
tomf87

tomf87

macrumors 65816
Sep 10, 2003
1,052
0
Yes, you would need to run the commands on each machine.

You could do this via SSH, if enabled.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom