Question for all you Mac Security Geeks!

Discussion in 'General Mac Discussion' started by blackpeter, Sep 15, 2004.

  1. blackpeter macrumors 6502a

    Joined:
    Aug 14, 2001
    #1
    Can anyone talk to me about MT-ScaleServer and what it is? Or why my computer keeps trying to go out on port 2305?

    My firewall is constantly blocking traffic on Port 2305, which I've found to be related to MT-ScaleServer, though I can't seem to find anything more about this issue.

    Any help on this is greatly appreciated.
     
  2. crazzyeddie macrumors 68030

    crazzyeddie

    Joined:
    Dec 7, 2002
    Location:
    Florida, USA
    #2
    Google yielded almost nothing, which is very surprising. I saw one page which mentioned encryption, but no home page of any sort...
     
  3. blackpeter thread starter macrumors 6502a

    Joined:
    Aug 14, 2001
  4. tomf87 macrumors 65816

    tomf87

    Joined:
    Sep 10, 2003
    #4
    Would you happen to have Age of Empires or Halo installed?

    EDIT: Also, is this UDP or TCP being blocked?
     
  5. blackpeter thread starter macrumors 6502a

    Joined:
    Aug 14, 2001
    #5
    No Age of Empires or Halo. And it's UDP that's being blocked.

    Thanks for the response!

     
  6. Westside guy macrumors 601

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #6
    Mettler Toledo Scaleserver.

    Mettler makes high precision balances and scales, but I haven't used them for maybe a decade.
     
  7. tomf87 macrumors 65816

    tomf87

    Joined:
    Sep 10, 2003
    #7
    Run:

    lsof -i4 -n -P

    from terminal and look for UDP 2305 to see the offending program.
     
  8. jane doe macrumors 6502

    Joined:
    Feb 18, 2004
    #8

    Beat me to it.... :)
     
  9. blackpeter thread starter macrumors 6502a

    Joined:
    Aug 14, 2001
    #9
    Nice. Only, what does that mean?? Please try to explain to a Terminal newbie.

     
  10. tomf87 macrumors 65816

    tomf87

    Joined:
    Sep 10, 2003
    #10
    lsof stands for list open files. Essentially, the command above will list the any programs running that have opened up an Internet Protocol Version 4 socket, and will not perform any name conversion on IP's or sockets.

    Here's my example:

    Code:
    COMMAND    PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
    Microsoft 1059  tom   16u  IPv4 0x02f50aa0      0t0  TCP *:3791 (LISTEN)
    Microsoft 1059  tom   17u  IPv4 0x02b243c0      0t0  UDP *:2222
    Microsoft 1059  tom   27u  IPv4 0x02cb34c8      0t0  TCP 10.1.1.11:53387->10.1.1.4:80 (CLOSE_WAIT)
    Microsoft 1059  tom   30u  IPv4 0x02b24cb0      0t0  UDP 10.1.1.11:50736
    So we see here that we have some sort of Microsoft program at PID (Process ID) 1059. Let's see what it is with 'ps -auxww -p 1059':

    Code:
    USER   PID %CPU %MEM      VSZ    RSS  TT  STAT STARTED      TIME COMMAND
    tom   1059   0.0 -1.7   230436  34624  ??  S     7:30AM   0:29.99 /Applications/Microsoft Office 2004/Microsoft Entourage /Applications/Microsoft Office 2004/Microsoft Entourage -psn_0_11796481

    So, now we know Microsoft Entourage was doing the above.
     
  11. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #11
    To zoom in on that port, use lsof -i :2305
     
  12. blackpeter thread starter macrumors 6502a

    Joined:
    Aug 14, 2001
    #12
    Wow... thanks so much for all the great info!

    Also, I assume this is machine specific. Meaning, I'd have to run it on each of the computers in my network.
     
  13. tomf87 macrumors 65816

    tomf87

    Joined:
    Sep 10, 2003
    #13
    Yes, you would need to run the commands on each machine.

    You could do this via SSH, if enabled.
     

Share This Page