ubd and Amazon AWS

If you enable ~/Library/Mobile Documents and drop a file in here, Little Snitch will ask if you want to allow UDP traffice to Amazon. At first I thought, "Gee, Apple is using Amazon S3 to do iWork file sharing between iPad, iPhone and the Mac." But then I tried creating a permanent rule in Little Snitch to deny this UDP traffic and the filles still synchornize immediately between macs. I hope someone else can suggest what this might be. I'm clueless.

/System/Library/PrivateFrameworks/Ubiquity.framework/Versions/A/Support/ubd

Dency TCP connection to port 443 (https) uf us-nca-0001.s3-external-1amazonaws.com

I've found the following:

UBD is the ubiquity server process. It is primarily used for "Mobile Documents". There are no configuration options to ubd, and users should not run ubd.

• Source: http://triviaware.com/macprocess/all

My little snitch is seeing requests from fdb2:e318:ed70:5efe:129a:ddff:fe65:b513 on ports 58867 and 58895. According to Apple's well know TCP and UDP ports support page, this is in the XSAN range. I have XSAN in my system preferences but it's not enabled. Could it be that UBD is being used for iCloud documents and those are running on XSAN? I'd love it if someone could explain this.

• Source: http://support.apple.com/kb/TS1629

If have enabled my Mobile Documents folder on my mac to sync files between Macs using iCloud. What's weird is that dropping files into this folder cause Little Snitch to want to send ubd TCP traffice to Amazon over port 443 the SSL port to us-nca-00001.s3-external-1.amazonaws.com. I did a little tracing and found that us-nca-0001.... is owned by MarkMonitor which is a brand identiy web firm for large companies who want to protect their brand. I've denied traffic to this site as I'm not clear what it's for and the files sync between my Macs just fine. Here are some URLs about what I just mentioned in this bullet:

If anyone has more information, it'd be great.

G4M

For me, the Amazon AWS LittleSnitch prompt occurs when I upload something via "messages" for the Mac. I noticed that whenever I send something (text message or attachments), the imtransferagent triggers this LittleSnitch prompt. When I denied access to the port, the messages went through, but the attachment did not. When I allowed access to the port, the attachment got delivered successfully.

G4Monster, late reply I know but just noticed this myself and found your question via a web search.

The MarkMonitor company you found is just a Whois shield company that Amazon uses for their cloud services IP range. They handle any complaints about improper content hosted on Amazon, instead of Amazon doing it themselves. Whois information is usually used for reporting such problems.

Since that server is part of Amazon's cloud you get that information when you lookup its IP on Whois. It's the same for all of Amazon AWS IP ranges. It doesn't mean that company owns that address or the server!

I find it disturbing that whenever I open a document I've recently downloaded with Preview, ubd makes this connection. It's not like the file is getting mirrored to iCloud (right? am I forgetting something?) so why should I be informing Amazon and Apple about every new PDF I happen to be looking at. (such as a confidential document).

https://en.wikipedia.org/wiki/MarkMonitor#History describes the company better.