i thought i get hacked ,i scanned ports and found some suspicious ports

khomkrit48 Said:

"i thought i get hacked ,i scanned ports and found some suspicious ports"

-------

Thank you for the screenshot.

Set this Up Anew:

If you are so concerned, then reset your iPhone, as if you were to sell it. Perform as interacted here, including the backup: What to do Before you Sell, Give Away, or Trade in your iPhone, iPad, or iPod touch - Apple Support

Here are the official ports: TCP and UDP ports used by Apple software products - Apple Support

Looking at open ports tells you nothing about what is actually running on those ports.

It’s not unheard of for a malicious app to spoof another legitimate (but transient) app.

macOS uses the following range for ephemeral ports:

net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.last: 65535

That iOS follows that same range would not surprise. Though technically, 1025 to 65535 was RFC-permissible as an ephemeral range, when last I checked.

Which means you’re probably looking at some local app with a TCP port open. Which would be commonplace.

TCP 62078 was usually UPnP, when last I checked. Wouldn’t surprise that iTunes sync was associated with UPnP.

There are VNC/RDP apps around for iPhone.

nmap won’t tell you much about that activity, and getting the routing information (for an iPhone, which doesn’t expose routing info) usually involves the information available on an intermediate router, such as a firewall router. That’ll tell you connection source IP and port, and destination IP and port, when a connection is established.

When a port is open and otherwise inactive with no open connections, fingerprinting is sometimes possible, but not particularly reliable.

It used to be possible to poke at the ARP tables on an iPhone, but that was discouraged. There’s source code around, if you have an inclination to test whether the ARP data is still available to non-app-store apps. Accessing other apps isn’t an option.

Open ports discussions aside, what steps have you taken to improve your security, particularly given your concerns around having been hacked? In particular, a response would usually involve a factory reset and all-password change, among other steps..

As for your own security, are you worth most of a million dollars plus another chunk of a million dollars to hack? If so, a better source of info than what can be obtained here in the communities from folks like me is probably warranted. If not, you’re not likely breached.

khomkrit48 Said:

"i thought i get hacked ,i scanned ports and found some suspicious ports: yes sir, i can reset if ports is not normal but i dont know this is normal or un-normal espacially port 49152 i have no idea what is it"

-------

Troubleshooting "Port 49152":

Troubleshoot the iPhone's WiFi:

Try these Thoughts:

A. Clear Temporary Internet Files:

If connecting is unsuccessful, try clearing out your Temporary Internet Files: History, Cache, and Cookies

Go Here: Clear your Safari Browser History and Set Up Content Blockers on your iPhone, iPad, or iPod touch - Apple Support

and...

B. Try manually restarting your iPhone:

1. Go To: Settings
2. Select: General
3. Scroll to: the Very Bottom
4. Select: Shut Down
5. Slide Finger: to the Right
6. Wait: 30 Seconds
7. Power One: the iPhone
8. Try this Once More

and...

C. Troubleshooting Connectivity:

Wi-Fi: If your iPhone won’t Connect to a Wi-Fi Network - Apple Support

and...

D. Reset your Network Settings:

• Go Here: If your iPhone, iPad, or iPod touch won't Connect to a Wi-Fi network - Apple Support
• Scroll To: Reset your Network Settings.

Where do you see these port data?

If you are experiencing any difficulty with third-party apps or a specific website then please contact the app developer or site publisher/host directly --> How to contact an app developer - Apple Support

khomkrit48 Said:

"i thought i get hacked ,i scanned ports and found some suspicious ports: yes sir, i can reset if ports is not normal but i dont know this is normal or un-normal espacially port 49152 i have no idea what is it"

-------

Troubleshooting "Port 49152":

Xsan Filesystem Access:

This is not a builtin port-based firewall. So, it is created by an app iself. Are you using an app with a Firewall on it? Are you using a firewall in your router? This seems to be a firewall issue, and is cause by that of a third-party app. So, any Security Software or other things connected your iPhone that you can think of? Security Software just gets in the way on an Apple device, and this is a pure example of how and why.

1. See here: TCP and UDP Ports Used by Apple Software Products - Apple Support
2. Scroll to: the very bottom
3. As it Reads: "49152–65535 - TCP - Xsan — — Xsan Filesystem Access"
4. As it Reads: "The application firewall in macOS is not a port-based firewall. It controls access by app, instead of by port."

Those TCP ports are not open ports.

See filtered here: https://nmap.org/book/man-port-scanning-basics.html

As for TCP 49152, it’s an open port, whether it’s an Apple app or third-party is unclear, and it’s not evidence of an exploit.

As for security concerns, if you have issues reported in, for instance, the entries in Settings > Passwords > Security Recommendations, best start there, and less with nmap.