Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Drama212131

macrumors newbie
Original poster
Aug 25, 2018
3
0
Could I please get some help breaking down what some of these are? I know it’s not good, but maybe origins or an idea of why this is happening to me? Please.

kXAdxp

[doublepost=1535184782][/doublepost]
Could I please get some help breaking down what some of these are? I know it’s not good, but maybe origins or an idea of why this is happening to me? Please.

kXAdxp
Forgive me, this is what I’m concerned about:

IP Address: 192.168.20.2
MAC Address:
Hostname: iphone
State: Online
First seen: 12 July 2018 at 8:46:12 PM
Last Update: 22 August 2018 at 12:03:04 AM
Type: MOBILE

Active services: 210
4672/rfa remote file access server
4827/squid-htcp Squid proxy HTCP port
4899/radmin Radmin (www.radmin.com) remote PC control software
4987/maybe-veritas
4998/maybe-veritas
5000/upnp also complex-main
5001/commplex-link
5002/rfe Radio Free Ethernet
5003/filemaker Filemaker Server - http://www.filemaker.com/ti/104289.html
5009/airport-admin Apple AirPort WAP Administration
5010/telelpathstart
5011/telelpathattack
5050/mmcc multimedia conference control tool
5060/sip Session Initiation Protocol (SIP)
5100/admd (chili!soft asp admin port) or Yahoo pager
5101/admdog (chili!soft asp)
5102/admeng (chili!soft asp)
5145/rmonitor_secure
5190/aol America-Online. Also can be used by ICQ
5191/aol-1 AmericaOnline1
5192/aol-2 AmericaOnline2
5193/aol-3 AmericaOnline3
5232/sgi-dgl SGI Distributed Graphics
5236/padl2sim
5300/hacl-hb HA cluster heartbeat
5301/hacl-gs HA cluster general services
5302/hacl-cfg HA cluster configuration
5303/hacl-probe HA cluster probing
5304/hacl-local
5305/hacl-test
5308/cfengine
5353/zeroconf Mac OS X Bonjour/Zeroconf port
5400/pcduo-old RemCon PC-Duo - old port
5405/pcduo RemCon PC-Duo - new port
5428/omid OpenMosix Info Dissemination
5432/postgresql PostgreSQL database server
5490/connect-proxy Many HTTP CONNECT proxies
5500/securid SecurID
5510/secureidprop ACE/Server services
5520/sdlog ACE/Server services
5530/sdserv ACE/Server services
5540/sdxauthd ACE/Server services
5550/sdadmind ACE/Server services
5555/rplay
5560/isqlplus Oracle web enabled SQL interface (version 10g+)
5631/pcanywheredata
5632/pcanywherestat
5679/activesync Microsoft ActiveSync PDY synchronization
5680/canna Canna (Japanese Input)
5713/proshareaudio proshare conf audio
5714/prosharevideo proshare conf video
5715/prosharedata proshare conf data
5716/prosharerequest proshare conf request
5717/prosharenotify proshare conf notify
5800/vnc-http Virtual Network Computer HTTP Access, display 0
5801/vnc-http-1 Virtual Network Computer HTTP Access, display 1
5802/vnc-http-2 Virtual Network Computer HTTP Access, display 2
5803/vnc-http-3 Virtual Network Computer HTTP Access, display 3
5900/vnc Virtual Network Computer display 0
5901/vnc-1 Virtual Network Computer display 1
5902/vnc-2 Virtual Network Computer display 2
5903/vnc-3 Virtual Network Computer display 3
5977/ncd-pref-tcp NCD preferences tcp port
5978/ncd-diag-tcp NCD diagnostic tcp port
5997/ncd-pref NCD preferences telnet port
5998/ncd-diag NCD diagnostic telnet port
5999/ncd-conf NCD configuration telnet port
6000/X11 X Window server
6001/X11:1 X Window server
6002/X11:2 X Window server
6003/X11:3 X Window server
6004/X11:4 X Window server
6005/X11:5 X Window server
6006/X11:6 X Window server
6007/X11:7 X Window server
6008/X11:8 X Window server
6009/X11:9 X Window server
6017/xmail-ctrl XMail CTRL server
6050/arcserve ARCserve agent
6101/backupexec Backup Exec UNIX and 95/98/ME Aent
6103/RETS-or-BackupExec Backup Exec Agent Accelerator and Remote Agent also sql server and cisco works blue
6105/isdninfo isdninfo
6106/isdninfo i4lmond
6110/softcm HP SoftBench CM
6111/spc HP SoftBench Sub-Process Control
6112/dtspc CDE subprocess control
6141/meta-corp Meta Corporation License Manager
6142/aspentec-lm Aspen Technology License Manager
6143/watershed-lm Watershed License Manager
6144/statsci1-lm StatSci License Manager - 1
6145/statsci2-lm StatSci License Manager - 2
6146/lonewolf-lm Lone Wolf Systems License Manager
6147/montage-lm Montage License Manager
6148/ricardo-lm Ricardo North America License Manager
6222/radmind Radmind protocol
6346/gnutella Gnutella file sharing protocol
6347/gnutella2 Gnutella2 file sharing protocol
6400/crystalreports Seagate Crystal Reports
6401/crystalenterprise Seagate Crystal Enterprise
6502/netop-rc NetOp Remote Control (by Danware Data A/S)
6543/mythtv
6544/mythtv
6547/powerchuteplus
6548/powerchuteplus
6549/powerchuteplus
6558/xdsxdm
6588/analogx AnalogX HTTP proxy port
6662/radmind Radmind protocol (deprecated)
6665/irc Internet Relay Chat
6666/irc internet relay chat server
6667/irc Internet Relay Chat
6668/irc Internet Relay Chat
6669/irc Internet Relay Chat
6670/irc Internet Relay Chat
6699/napster Napster File (MP3) sharing software
6700/carracho Carracho file sharing
6701/carracho Carracho file sharing
6881/bittorrent-tracker BitTorrent tracker
6969/acmsoda
7000/afs3-fileserver file server itself, msdos
7001/afs3-callback callbacks to cache managers
7002/afs3-prserver users & groups database
7003/afs3-vlserver volume location database
7004/afs3-kaserver AFS/Kerberos authentication service
7005/afs3-volser volume managment server
7006/afs3-errors error interpretation service
7007/afs3-bos basic overseer process
7008/afs3-update server-to-server updater
7009/afs3-rmtsys remote cache manager service
7010/ups-onlinet onlinet uninterruptable power supplies
7070/realserver
7100/font-service X Font Service
7200/fodms FODMS FLIP
7201/dlip
7273/openmanage Dell OpenManage
7326/icb Internet Citizen's Band
7464/pythonds Python Documentation Server
7597/qaz Quaz trojan worm
7634/hddtemp A cross-platform hard disk temperature monitoring daemon
7648/cucme-1 cucme live video/audio server
7649/cucme-2 cucme live video/audio server
7650/cucme-3 cucme live video/audio server
7651/cucme-4 cucme live video/audio server
7937/nsrexecd Legato NetWorker
7938/lgtomapper Legato portmapper
8076/slnp SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
8080/http-proxy Common HTTP proxy/second web server port
8081/blackice-icecap ICECap user console
8082/blackice-alerts BlackIce Alerts sent to this port
8123/polipo Polipo open source web proxy cache
8443/https-alt Common alternative https port
8770/apple-iphoto Apple iPhoto sharing
8888/sun-answerbook Sun Answerbook HTTP server. Or gnump3d streaming music server
9051/tor-control Tor ControlPort, www.torproject.org
9090/zeus-admin Zeus admin server
9101/jetdirect HP JetDirect card
9106/jetdirect HP JetDirect card
9107/jetdirect HP JetDirect card
9876/sd Session Director
9992/issc ISS System Scanner Console
10080/amanda Amanda Backup Util
10082/amandaidx Amanda indexing
10083/amidxtape Amanda tape indexing
13714/netbackup tsdd server
13715/netbackup tshd server
13718/netbackup lmfcd server
13720/netbackup bprd server
13721/netbackup bpdbm server
13722/netbackup bpjava-msvc client
13782/netbackup bpcd client
13783/netbackup vopied client
16080/osxwebadmin Apple OS X WebAdmin
18000/biimenu Beckman Instruments, Inc.
18181/opsec-cvp Check Point OPSEC
18183/opsec-sam Check Point OPSEC
18184/opsec-lea Check Point OPSEC
18187/opsec-ela Check Point OPSEC
19150/gkrellm GKrellM remote system activity meter daemon
20005/btx xcept4 (Interacts with German Telekom's CEPT videotext service)
20031/bakbonenetvault BakBone NetVault primary communications port
22273/wnn6 Wnn6 (Japanese input)
22370/hpnpd Hewlett-Packard Network Printer daemon
26000/quake Quake game server
27002/flexlm2 FlexLM license manager additional ports
27003/flexlm3 FlexLM license manager additional ports
27005/flexlm5 FlexLM license manager additional ports
27374/subseven Subseven Windows trojan
27444/Trinoo_Bcast Trinoo distributed attack tool Master
27500/quakeworld Quake world
27665/Trinoo_Master Trinoo distributed attack tool Master server control port
28910/heretic2 Heretic 2 game server
31335/Trinoo_Register Trinoo distributed attack tool Bcast Daemon registration port
32770/sometimes-rpc3 Sometimes an RPC port on my Solaris box
32771/sometimes-rpc5 Sometimes an RPC port on my Solaris box (rusersd)
32772/sometimes-rpc7 Sometimes an RPC port on my Solaris box (status)
32774/sometimes-rpc11 Sometimes an RPC port on my Solaris box (rusersd)
32777/sometimes-rpc17 Sometimes an RPC port on my Solaris box (walld)
32778/sometimes-rpc19 Sometimes an RPC port on my Solaris box (rstatd)
32779/sometimes-rpc21 Sometimes an RPC port on my Solaris box
32780/sometimes-rpc23 Sometimes an RPC port on my Solaris box
43188/reachout
44442/coldfusion-auth ColdFusion Advanced Security/Siteminder Authentication Port (by Allaire/Netegrity)
45000/ciscopop Cisco Postoffice Protocol for Cisco Secure IDS
47557/dbbrowse Databeam Corporation
49400/compaqdiag Compaq Web-based management
50000/iiimsf Internet/Intranet Input Method Server Framework
50002/iiimsf Internet/Intranet Input Method Server Framework
54320/bo2k Back Orifice 2K Default Port
54321/bo2k Back Orifice 2K Default Port
62078/iphone-sync Apparently used by iPhone while syncing - http://code.google.com/p/iphone-elite/source/browse/wiki/Port_62078.wiki
 

Attachments

  • 24DD24DD-E38E-4B8D-A5F6-FA88EC38DD09.jpeg
    24DD24DD-E38E-4B8D-A5F6-FA88EC38DD09.jpeg
    254.5 KB · Views: 903
  • 714F5059-1FF9-4073-8EF8-C972443B75AB.jpeg
    714F5059-1FF9-4073-8EF8-C972443B75AB.jpeg
    125.9 KB · Views: 377
  • Angry
Reactions: ideaprison

casperes1996

macrumors 604
Jan 26, 2014
7,599
5,771
Horsens, Denmark
Well you need to give us some context for all of this. Is this a jailbroken device? Why did you make a list of what seems like open ports? And what are you worried about?
 

Drama212131

macrumors newbie
Original poster
Aug 25, 2018
3
0
Well you need to give us some context for all of this. Is this a jailbroken device? Why did you make a list of what seems like open ports? And what are you worried about?

Sorry, I am not used to speaking in forums. It was a replacement iPhone 7plus which I got directly from Apple last year. This is just a copy of a scan from my phone of the different ports, 1-10,000. I am concerned as about 80% of them seem to be Trojans, tunnels, malware, spyware, screen sharing virtual networks, iPhoto sharing networks, relays etc.. Even something which affects my iOS updates and app updates. My concern is that my privacy is being breached. Is it possible to get some insight as to how seriously these things could have breached my privacy, assuming that there’s someone trying to steal sensitive information/private photos and other things which are non of their business. And then I guess any advice on what I need to do to ensure I’m not vulnerable moving forwards. Is there any way to monitor the upload/download from specific apps? One app I have which monitors the overall usage seems to consistently read the UL/DL amounts as the same. I accept that often these things are not as bad as they read, I am however concerned. Any help with the above would be truely amazing!
 

flaubert

macrumors 6502
Jun 16, 2015
485
200
Portland, Oregon
Here is an Apple support article that ties together port numbers with Apple software technologies:

https://support.apple.com/en-us/HT202944

It is technically for MacOS, but iOS is likely using the same ports.

That being said, if your device is not jail-broken, and you’ve kept your device software up-to-date, it is unlikely that you’re running any scary Trojans or malware. Or at least you’re no more at risk than any of Apple’s 100 million other customers.
 

HDFan

Contributor
Jun 30, 2007
7,302
3,349
I am concerned as about 80% of them seem to be Trojans, tunnels, malware, spyware, screen sharing virtual networks,

Why do you say that? Which ones do you feel are malware, spyware, etc.? Where are you getting the list of processes/ports?

There are a number of things you can do if you really do have malware, spyware (which is unlikely):

Wipe your phone (after making multiple backups, of course). Do not do a restore from backup, setup as a new phone. Note which ports/processes are running. Compare with

Here is an Apple support article that ties together port numbers with Apple software technologies:

Then add back programs one by one and see what changes.

Install anti-virus, anti-malware, anti-ransomeware, etc. software. These are rather controversial as many will say that they aren't needed.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.