TMG Flooding Port 5223 (MAC OS)

Hi Everyone,
 
Over the last few months a customer was facing the issue that A Proxy Server was being taken down every few days due to one computer flooding the gateway with requests, we restart the affected client and all is well however this problem persists and every time it came from a MAC on port 5223,
 
After much research I discovered Mac’s use this Port for ICloud Services, now the customers users were unaware that ICloud was not configured and attempted to use it, every time their clients tried to pull down information, the requests ended up being bounced around from one proxy to another due to web chaining, the resolution therefore to this for this particular customer was to block all communications from all Mac’s for this Port however if you wanted to allow users access you could always just allow access from that affected IP Range.
 
Our main issue was that this was incredibly hard to prove which I’m sure if you are reading this, you don’t like to try to work on theories and hypotheticals, so check your ports, see if users are using this port for anything, ask them if they use ICloud and then block if needs be.
 
Joe Hardy

Support | Risual Ltd |
 

About the author