I'm looking for help (again) if you can spare a minute.
This morning, my home ISP sent me a 'security note'. Apparently another subscriber had complained about port scans that were, apparently, originating from my cable modem. My cable modem is attached to a wireless router, which has up to three machines running Mac OS 10.3.x and one machine running Win 98 on it.
A snippet of the complaining customer's firewall log had this information:
Ping of Death Detect src:24.57.191.44:47964 dst:224.0.0.251:50427 Packet Dropped Jul/14/2004 19:53:21
Ping of Death Detect src:24.57.191.44:47964 dst:224.0.0.251:50427 Packet Dropped
Ping of Death Detect src:24.57.191.44:47964 dst:224.0.0.251:50427 Packet Dropped Jul/14/2004 19:31:12
Now about that time of the day, I was listening to someone else's playlist via iTunes. So here's the working theory I had on this to my ISP:
The latest version of Apple's iTunes product has the ability for a user to share audio files. A user opens the preferences pane within the iTunes application and then selects the “Sharing” tab.
At that point, a user can choose to share all or selected playlists of his or her iTunes music library. A user may also select a radio button to automatically have iTunes seek out and identify other users on a given network who are sharing their music libraries.
One of my Macintosh machines is configured to seek out and automatically identify other users on a network are sharing their music libraries and, in fact, iTunes on my machine routinely discovers other users (on my ISPs network) who are sharing their iTunes library.
From time to time, I will select a playlist from one of these users and play their music. This music is streamed from the remote machine to my machine.
Perhaps this automatic discovery of other iTunes playlists and my own machines broadcast that a playlist is available to share with others is what is triggering your port-scanning investigation.
So my questions, dear blog readers, are this:
1. How do I determine if, in fact, any of machines are port-scanning?
2. How would I figure out if I am, indeed, broadcasting the Ping of Death?
3. What do you think of my iTunes theory? Does iTunes cause big honkin' oversize packets to be transmitted?
Any and all theories welcomed, by private e-mail or in the comments here.