Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How to prevent APN from SYN Flood attacking My Firewall?

Hi,

I work for a large organisation that has a border firewall protecting our network from The Internet.
Our firewall also requires that users authenticate before they are allowed Web access so that their Internet use can be monitored.


The problem is that our firewall is getting spammed by APN traffic (TCP ports 5223 & 443) from unauthenticated internal users.

This is caused by the behaviour of the APN app that continously tries to connect to the external Apple servers in the 17.0.0.0/8 range. We see up to 2.5 million failed connection attempts per client per hour hence the 'SYN flood attack' attempts that the firewall blocks. Most apps would normally backoff for a period after a few failed connection attempts but APN just keeps going!


This doesn't affect users who have authenticated via our firewall as the TCP connection(s) are successful and the session is maintained whilst the device is active, but it can be very common for users to turn on their Macs and not bother authenticating because they don't need Web access, but the APN app is going crazy in the background.


Does anyone know if this is normal APN behaviour and if there's anyway I can limit the session retries at source.


Please note - I don't want to know what ports to open or to allow any unauthenticated traffic though our firewall - I want to prevent the problem at source for unauthenticated users, preferably without having to turn off APN altogether.


Many thanks,

ukSTE

Posted on Nov 6, 2013 4:47 AM

Reply
3 replies

How to prevent APN from SYN Flood attacking My Firewall?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.