- Macos Block Apps From Using Certain Ports On Mac
- Macos Block Apps From Using Certain Ports On Iphone
- Macos Block Apps From Using Certain Ports On Windows 10
- Macos Block Apps From Using Certain Ports Free
- Macos Block Apps From Using Certain Ports On Android
Connect to non-standard ports with MS Remote Desktop | 12 comments | Create New Account
Click here to return to the 'Connect to non-standard ports with MS Remote Desktop' hint |
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Connect to non-standard ports with MS Remote Desktop
Amazing, I had no idea that MS claimed to not support this function. I've been using it for a loooong time and mkutny is absolutely right, it is VERY handy. My room mates and I all use Mac laptops and Windows XP desktops, and this makes it possible for us all to connect to our home systems while at work or on the road.
For those who don't know, the Microsoft Knowledgebase article #187623 shows how to change the port number on the Windows side of things.
The gist of it is to change the PortNumber key in the registry at:
For those who don't know, the Microsoft Knowledgebase article #187623 shows how to change the port number on the Windows side of things.
The gist of it is to change the PortNumber key in the registry at:
We've also found that you can duplicate the RDC app (even when it is running!) and run several copies at the same time in order to connect to several machines at the same time.
OS X manages the firewall on a per-application basis, but sometimes you want to open a specific port on your Mac. You can allow or block incoming traffic to specific apps using the Security. The MacPorts Project Official Homepage. The MacPorts Project is an open-source community initiative to design an easy-to-use system for compiling, installing, and upgrading either command-line, X11 or Aqua based open-source software on the Mac operating system.To that end we provide the command-line driven MacPorts software package under a 3-Clause BSD License, and through it easy access to.
Must you be using multiple target port numbers for this to work? I can't STAND the single RDC connection that i have to deal with right now, as I admin a few MS 200x servers, and find I need to hop between them often.
No, you can connect to more than one target machines, all of which use the standard port 3389. Or, you can create multiple connections to the same machine, all using port 3389.
Connect to non-standard ports with MS Remote Desktop
![Block Block](/uploads/1/2/6/6/126637958/811345715.jpg)
This is documented within Remote Desktop Connection 1.03 at (assuming it's installed in the standard location in your /Applications folder):
Connect to non-standard ports with MS Remote Desktop
I am a somewhat experienced Windows and Macintosh admin.I have never been able to get Remote Desktop Client to work.
The client on the Macintosh takes a very very long time, thinking about the connection, then gives up. The Windows XP Pro machine claims to be allowing Remote Desktop users, and the network connection claims to have a firewall rule set to allow connections on port 3389. I added a rule for port 3389 to my Macintosh firewall via the System Settings:Sharing Preference Pane. Still no luck.
What am I missing here?
The client on the Macintosh takes a very very long time, thinking about the connection, then gives up. The Windows XP Pro machine claims to be allowing Remote Desktop users, and the network connection claims to have a firewall rule set to allow connections on port 3389. I added a rule for port 3389 to my Macintosh firewall via the System Settings:Sharing Preference Pane. Still no luck.
What am I missing here?
Connect to non-standard ports with MS Remote Desktop
I can ping both ways between machines, also SSH works between the Windows and Mac: they see each other's TCP network services. But no Remote Desktop!
Connect to non-standard ports with MS Remote Desktop
Are you sure you've enabled (or ublocked the port in the firewall settings) Remote Desktop? If you are trying to connect to W2K Server then make sure Terminal services are installed as well.
HTH
CJ
---
To mess up an OS X box, you need to work at it; to mess up your Windows box, you just need to work on it.
HTH
CJ
---
To mess up an OS X box, you need to work at it; to mess up your Windows box, you just need to work on it.
Connect to non-standard ports with MS Remote Desktop
I was having a similar problem until I realized that Zone Alarm was not allowing the connections.. now I'm used to being prompted with Zone Alarm, but it was refusing to prompt on requested connections or even when I tried to force it locally.. Only after disabling zone alarm was I able to restore the connection functionality. Strange indeed.
Another thing I noticed is you can specify exceptions for specific network interfaces (assuming you have more than one). You may want to make sure that the interface you have connected to the 'net is also marked to exclude 3389 from it's firewall filtering.
Another thing I noticed is you can specify exceptions for specific network interfaces (assuming you have more than one). You may want to make sure that the interface you have connected to the 'net is also marked to exclude 3389 from it's firewall filtering.
.. bless their icy little heart, block port 3389 to 'protect us.' No amount of pleading, cajoling or screaming will get it unblocked.
My kids live in another state and use PCs. Maybe this hint will finally get our machines to talk.
My kids live in another state and use PCs. Maybe this hint will finally get our machines to talk.
Connect to non-standard ports with MS Remote Desktop
Microsoft is full of it, as usual.
For quite a while now, RDC has supported non-standard port calls which allows you to port forward to any number of Windows machines through a Linux box using SSH.
Simply set up your SSH tunnels with:
-L 13389:192.168.1.1:3389 (to machine 1)
-L 23389:192.168.1.2:3389 (to machine 2)
etc.
run multiple copies of RDC and connection to:
127.0.0.1:13389 (to machine 1)
127.0.0.1:23389 (to machine 2)
etc.
for as many connections that your bandwidth can support.
For quite a while now, RDC has supported non-standard port calls which allows you to port forward to any number of Windows machines through a Linux box using SSH.
Simply set up your SSH tunnels with:
-L 13389:192.168.1.1:3389 (to machine 1)
-L 23389:192.168.1.2:3389 (to machine 2)
etc.
run multiple copies of RDC and connection to:
127.0.0.1:13389 (to machine 1)
127.0.0.1:23389 (to machine 2)
etc.
for as many connections that your bandwidth can support.
Connect to non-standard ports with MS Remote Desktop
Explicitly supporting something, and something actually working are two totally different things.
Show which processes are listening to which ports | 31 comments | Create New Account
![Macos block apps from using certain ports on android Macos block apps from using certain ports on android](/uploads/1/2/6/6/126637958/906604091.jpeg)
Click here to return to the 'Show which processes are listening to which ports' hint |
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Show which processes are listening to which ports
Hi,
I followed your instructions and got this :-
GoogleDes 271 ezra 14u IPv4 0x023a0200 0t0 TCP localhost:9011 (LISTEN)
Can you interpret what it means? Thank you.
---
EB
I followed your instructions and got this :-
GoogleDes 271 ezra 14u IPv4 0x023a0200 0t0 TCP localhost:9011 (LISTEN)
Can you interpret what it means? Thank you.
---
EB
Show which processes are listening to which ports
GoogleDes sounds as though it might be GoogleDesktop, do you happen to have that installed?
Show which processes are listening to which ports
It's a process called GoogleDes with a pid of 271. The process is owned by user ezra. 14u means it is file descriptor number 14 and is open for update. The file type is an IP v4 socket and the next bit is the address in the kernel of the file structure. The 0t0 is the offset within the file which is a socket (being listened to) so probably meaningless. Finally it is a TCP socket on the localhost interface port 9011 and it's being listened to by the GoogleDes process.
Basically it means GoogleDes is listening for TCP connections on port 9011.
Basically it means GoogleDes is listening for TCP connections on port 9011.
Show which processes are listening to which ports
While i haven't installed it on an OS X box yet, i have installed sshdfilter on my linux servers.
it should be possible to make it work under OS X with a little work.
Essentially, it watches the secure log for sshd login attempts. if the user name supplied doesn't exist, instant block of that ip address.
it just goes dead. the script automatically cleans those IP addresses out later at a user defined interval.
it gives you 3 attempts to get a user/password combination to login, before it blocks your IP address. That number is also configurable.
You can find sshdfilter, if you are interested in hacking it apart, on freshmeat.net
No, i am not the author, and am in no way affiliated.
i found it after one of my linux boxes was bruteforced through ssh.
the sshdfilter logs that i have emailed to myself in the morning are always amusing.
it's fun reading a couple dozen lines of 'Instant block of xx.xx.xx.xx, unknown user'
where i used to have hundreds of lines of attempts at user guessing.
oh, and anyone trying to use the root user is blocked instantly as well.
it should be possible to make it work under OS X with a little work.
Essentially, it watches the secure log for sshd login attempts. if the user name supplied doesn't exist, instant block of that ip address.
it just goes dead. the script automatically cleans those IP addresses out later at a user defined interval.
it gives you 3 attempts to get a user/password combination to login, before it blocks your IP address. That number is also configurable.
You can find sshdfilter, if you are interested in hacking it apart, on freshmeat.net
No, i am not the author, and am in no way affiliated.
i found it after one of my linux boxes was bruteforced through ssh.
the sshdfilter logs that i have emailed to myself in the morning are always amusing.
it's fun reading a couple dozen lines of 'Instant block of xx.xx.xx.xx, unknown user'
where i used to have hundreds of lines of attempts at user guessing.
oh, and anyone trying to use the root user is blocked instantly as well.
Show which processes are listening to which ports
I had high hopes for this as a general tool to see what daemons are running.. but it looks incomplete.
For example on my system it lists the following:
ARDAgent
AppleVNC
SubethaEdit
but not SSHD, or any other services (SMB, WEB, etc).. Am I missing a reason why these services are not showing up?
---
A completely SANE Canadian.
For example on my system it lists the following:
ARDAgent
AppleVNC
SubethaEdit
but not SSHD, or any other services (SMB, WEB, etc).. Am I missing a reason why these services are not showing up?
---
A completely SANE Canadian.
Show which processes are listening to which ports
To see all processes, prepend
sudo
:sudo lsof -i | grep LISTEN
Show which processes are listening to which ports
.. and btw, ssh is managed by launchd, so you will only see sshd in the list if there is a current session (somebody is currently logged in)
If you have ssh enabled you will see something like this: The ssh port has to have something listening on it if you are able to log in.
hmmm.. I have IPv6 configured to be off so why is launchd also listening on an IPv6 port? That's not good.
hmmm.. I have IPv6 configured to be off so why is launchd also listening on an IPv6 port? That's not good.
Show which processes are listening to which ports
Macos Block Apps From Using Certain Ports On Mac
Good point.
And really, when not run as root this would be almost useless to find 'trojans' (Assuming that it was able to in the first place)
---
A completely SANE Canadian.
And really, when not run as root this would be almost useless to find 'trojans' (Assuming that it was able to in the first place)
---
A completely SANE Canadian.
This command lists only the processes of the current user. If you want to see all (e.g. maybe the attacker got root access?), you would have to prepend
You will then be asked for your (administrator) password: The password you may use to login into your account (if it is a privileged account).
sudo
to run the command as root (administrator/'super user'):sudo lsof -i | grep LISTEN
You will then be asked for your (administrator) password: The password you may use to login into your account (if it is a privileged account).
This is a great tool in general, but be very careful of trusting this on a hacked machine.
A common technique of hackers is to replace programs like lsof, ps, top, etc., with hacked versions which explicitly don't show any of their trojan processes. So if your machine has been hacked by all means use this to look around and see what happened, but don't trust it to indicate your machine has been cleaned.
The only decently reliably way to clean up from a hack is to re-install the OS from scratch and then copy data over from a backup. (If you restore the OS from a backup you don't have any way of knowing whether the backup was made before or after the hack for the same reasons mentioned above.)
That's all well and good, but that's incomplete advice. A common technique of hackers is to replace programs like lsof, ps, top, etc., with hacked versions which explicitly don't show any of their trojan processes. So if your machine has been hacked by all means use this to look around and see what happened, but don't trust it to indicate your machine has been cleaned.
The only decently reliably way to clean up from a hack is to re-install the OS from scratch and then copy data over from a backup. (If you restore the OS from a backup you don't have any way of knowing whether the backup was made before or after the hack for the same reasons mentioned above.)
If the user wants to find out what processes are listening on TCP/IP ports, the lsof program will work, albeit with your caveat that the program may be hacked.
Other things that could be done to simply check for listeners which are not as drastic as a complete system reinstall would be:
- attempt to locate a program like lsof on the OS X install disk, if possible, by exploring the base install packages
- transfer the image from another OS X system that you know for sure isn't compromised
- Find the sources to the utility and compile it yourself
Oh.. and backup, backup, backup! If you have a smart backup script with incrementals running daily, you might be able to see how and where your system may have been internally compromised (recent edits to files in /usr/bin are a good clue!)
That wouldn't work if the hacker has compromised libraries. You would need a statically linked binary.
What hackers might not do is replace 'Activity Monitor' because unix hackers don't expect apple gui tools.
None-the-less if you have been hacked you need to reinstall the OS. There is no real way around this.
Also turn on your firewall and you might consider 'Little Snitch'.
What hackers might not do is replace 'Activity Monitor' because unix hackers don't expect apple gui tools.
None-the-less if you have been hacked you need to reinstall the OS. There is no real way around this.
Also turn on your firewall and you might consider 'Little Snitch'.
It can back up files and folders to a network drive from your local computer, but you can also choose to backup to a local disk if you want. Best free backup for mac. Genie TimelineGenie Timeline easily has one of the most user-friendly interfaces among all the programs listed here on the list. Like AOMEI, it allows you to exclude file types that you don’t want to backup, and you can also manually edit out individual files and folders from your backup list.
Show which processes are listening to which ports
What is this ?
SECx20He 222 savage 14u IPv4 0x03916b38 0t0 TCP *:49168 (LISTEN)
SECx20He 222 savage 16u IPv4 0x039167e4 0t0 TCP *:23000 (LISTEN)
No idea what these 2 are ?
SECx20He 222 savage 14u IPv4 0x03916b38 0t0 TCP *:49168 (LISTEN)
SECx20He 222 savage 16u IPv4 0x039167e4 0t0 TCP *:23000 (LISTEN)
No idea what these 2 are ?
Show which processes are listening to which ports
It's a process whose name begins 'SEC He' and has pid 222. Use Activity monitor to find it.
Show which processes are listening to which ports
So my ignorant 'what are these' question is:
What are these?
netinfod 80 root 7u IPv4 0x02ed7e8c 0t0 TCP localhost:netinfo-local (LISTEN)
AppleFile 179 root 30u IPv6 0x02a2bc50 0t0 TCP *:afpovertcp (LISTEN)
AppleFile 179 root 31u IPv4 0x02ed569c 0t0 TCP *:afpovertcp (LISTEN)
cupsd 191 root 0u IPv4 0x02ed713c 0t0 TCP localhost:ipp (LISTEN)
python 679 david 4u IPv4 0x03089740 0t0 TCP localhost:50000 (LISTEN)
firefox-b 1466 david 32u IPv4 0x040e669c 0t0 TCP localhost:50001 (LISTEN)
slpd 3531 root 2u IPv4 0x03f44200 0t0 TCP *:svrloc (LISTEN)
(yeah, I know firefox..)
What are these?
netinfod 80 root 7u IPv4 0x02ed7e8c 0t0 TCP localhost:netinfo-local (LISTEN)
AppleFile 179 root 30u IPv6 0x02a2bc50 0t0 TCP *:afpovertcp (LISTEN)
AppleFile 179 root 31u IPv4 0x02ed569c 0t0 TCP *:afpovertcp (LISTEN)
cupsd 191 root 0u IPv4 0x02ed713c 0t0 TCP localhost:ipp (LISTEN)
python 679 david 4u IPv4 0x03089740 0t0 TCP localhost:50000 (LISTEN)
firefox-b 1466 david 32u IPv4 0x040e669c 0t0 TCP localhost:50001 (LISTEN)
slpd 3531 root 2u IPv4 0x03f44200 0t0 TCP *:svrloc (LISTEN)
(yeah, I know firefox..)
Show which processes are listening to which ports
netinfod - Netinfo (It's from next Step, stores info normally found in the /etc folder, like passwords. Will be replaced by ldap in the future).
AppleFile AFP Daemon, it allows you to connect to afp shares.
cupsd CUPS is an open source print daemon/driver.
python - Are you running any scripts? Look this one up in activity monitor.
slpd - service location protocol, wiki says osx uses this to find network shares.
AppleFile AFP Daemon, it allows you to connect to afp shares.
cupsd CUPS is an open source print daemon/driver.
python - Are you running any scripts? Look this one up in activity monitor.
slpd - service location protocol, wiki says osx uses this to find network shares.
Show which processes are listening to which ports
Show which processes are listening to which ports
Are you running Salling Clicker? if so it's SEC Helper.
Show which processes are listening to which ports
Thanks for the tip.
On a side note, a great way to shut down these attacks is to setup key authentication, then disable password authentication in /etc/sshd_conf:
PasswordAuthentication no
Don't forget to HUP sshd for the setting to take effect.
--
Cole
On a side note, a great way to shut down these attacks is to setup key authentication, then disable password authentication in /etc/sshd_conf:
PasswordAuthentication no
Don't forget to HUP sshd for the setting to take effect.
--
Cole
Show which processes are listening to which ports
that's pretty useless if the state isn't LISTENING (for instance, like , oh, I don't know..ESTABLISHED?) You don't care about what connections are ALL READY going on? OK then, use the suggested command.
lsof -nP | grep TCP
or
lsof -nP | grep UDP
are better by far
lsof -nP | grep TCP
or
lsof -nP | grep UDP
are better by far
Show which processes are listening to which ports
So why is Microsoft Word listening on port 3806 (TCP)?
Microsoft Office for Mac opens random TCP and an UDP port to 'protect' you from using more than one copy of same license on the network. See Disable Office v.X network serial number check and CIACTech02-003: Protecting Office for Mac X Antipiracy Server Ports
Show which processes are listening to which ports
Hi..
sorry but what about:
mysqld 205 nobody 4u IPv4 0x01f62f50 0t0 TCP 127.0.0.1:50701 (LISTEN)
I know it must be MySQL, but being run by 'nobody'?
Could that be a problem?
sorry but what about:
mysqld 205 nobody 4u IPv4 0x01f62f50 0t0 TCP 127.0.0.1:50701 (LISTEN)
I know it must be MySQL, but being run by 'nobody'?
Could that be a problem?
Show which processes are listening to which ports
Macos Block Apps From Using Certain Ports On Iphone
On the contrary, this is a good thing. Some processes (like mysqld) drop their privileges after launchinf and acquiring a socket to listen on, running under an unprivileged 'nobody' user ID. So if the security of that process is compromised somehow, at least the attacker cannot easily exploit the elevated privileges of that process to do more damage.
I use 'Little Snitch' which handles all this for me.
http://www.obdev.at/products/littlesnitch/
Create a chrome app mac.
http://www.obdev.at/products/littlesnitch/
Create a chrome app mac.
Try to use the command lsof -i TCP and you get a more complete list and more details (in FreeBSD).
I don't know what I'm doing at all, but I decided to combine two of the suggestions already posted by johnqsmith, tice, and doctype to come up with:sudo lsof -nP | grep TCP
and
sudo lsof -nP | grep UDP
The first one gave me the most information that I could somewhat understand. But in either case, they both gave me more information than any of the other suggestions by themselves.
Using sudo lsof -nP | grep TCP, I got:
mDNSRespo 33 root 11u IPv4 0x0333eca0 0t0 TCP *:* (CLOSED)
netinfod 34 root 7u IPv4 0x02358e8c 0t0 TCP localhost:netinfo-local (LISTEN)
netinfod 34 root 8u IPv4 0x0333f69c 0t0 TCP localhost:netinfo-local->localhost:956 (ESTABLISHED)
netinfod 34 root 10u IPv4 0x023573ec 0t0 TCP localhost:netinfo-local->localhost:1021 (ESTABLISHED)
Directory 45 root 6u IPv4 0x02357740 0t0 TCP localhost:1021->localhost:netinfo-local (ESTABLISHED)
Macos Block Apps From Using Certain Ports On Windows 10
Directory 45 root 11u IPv4 0x02f473ec 0t0 TCP *:* (CLOSED)
Macos Block Apps From Using Certain Ports Free
Directory 45 root 33u IPv4 0x03340a94 0t0 TCP *:* (CLOSED)
cupsd 367 root 0u IPv4 0x02d587e4 0t0 TCP localhost:ipp (LISTEN)
Safari 2519 admin 25u IPv4 0x02e56d44 0t0 TCP 192.168.2.20:52459->scds77.ord.llnw.net:http (CLOSED)
lookupd 3770 root 6u IPv4 0x02e56348 0t0 TCP localhost:956->localhost:netinfo-local (ESTABLISHED)
And using sudo lsof -i UDP, I got:
mDNSRespo 33 root 7u IPv4 0x01fb1ad0 0t0 UDP *:mdns
mDNSRespo 33 root 8u IPv6 0x01fb1a00 0t0 UDP *:mdns
mDNSRespo 33 root 9u IPv4 0x01fb0340 0t0 UDP 10.0.1.2:52066
mDNSRespo 33 root 12u IPv4 0x01fb0000 0t0 UDP *:mdns
Macos Block Apps From Using Certain Ports On Android
netinfod 34 root 6u IPv4 0x01fb1e10 0t0 UDP localhost:netinfo-local
syslogd 35 root 17u IPv4 0x01fb1d40 0t0 UDP *:*
Directory 45 root 10u IPv4 0x01fb0750 0t0 UDP *:*
Directory 45 root 31u IPv4 0x01fb1860 0t0 UDP *:*
ntpd 193 root 5u IPv4 0x01fb1ba0 0t0 UDP *:ntp
ntpd 193 root 6u IPv4 0x01fb1790 0t0 UDP localhost:ntp
ntpd 193 root 7u IPv4 0x01fb1c70 0t0 UDP 192.168.2.20:ntp
automount 228 root 8u IPv4 0x01fb0b60 0t0 UDP localhost:1023
automount 234 root 8u IPv4 0x01fb12b0 0t0 UDP localhost:1022
cupsd 367 root 6u IPv4 0x01fb1110 0t0 UDP *:ipp
While I don't know what all that means, what I can do is run these commands randomly and keep a log of the results. So I'd then have something to compare with if I'm concerned that something is not going right.
I think what might work is to log into my 'clean admin' account, run both commands, and log what came up. Then I'd have a baseline to work with that isn't so highly affected by my personal user activities.
Does anyone see any problems with this?
---
Vicki
Vicki
Just kidding. I put the two in a shell script like this: And I made it executable by owner, with owner root. That will remind me to run it with sudo, for more complete results.
For a few records to compare, you could put something like that into a daily or hourly cron job & direct the output into a log file.
For a few records to compare, you could put something like that into a daily or hourly cron job & direct the output into a log file.
Show which processes are listening to which ports
Never use setuid on a shell script! Simply by making a softlink from your script to a file named '-i', anyone can root you. Google it for details, but basically adding #!/bin/sh to the beginning of the file will cause the shell to take the name of the script ($0) and create a new command with /bin/sh and then the name of the script. If the filename of the script is -i, then the command becomes '/bin/sh -i', and your attacker just got an interactive root shell.
Show which processes are listening to which ports
hi,
netstat -an | grep LISTEN
should work on osx i tried it on my macbook . works fine and btw. lsof -i | grep LISTEN returned with nothing netstat sais i have something on .1033 on localhost maybe that lsof bypasses loopback ifaces ?