architectscott

Q: Ipad Port 35837 suspicious network access

I reviewed my router logs -- I am getting a huge number of LAN accesses from suspicious IP addresses to my IPAD on Port 35837 (like 1-4 attempts per minute) -- checking the web, these IP addresses are coming from Latin America and Eastern Europe -- two questions:

 

1.  Any idea what is running on this port or how I can check

2.  How can I block a specific inbound port on the IPAD

iPad Air, iOS 9.3.4, Apple support is poor

Posted on Aug 10, 2016 5:46 AM

Close

Q: Ipad Port 35837 suspicious network access

  • All replies
  • Helpful answers

  • by JimHdk,Helpful

    JimHdk JimHdk Aug 10, 2016 6:21 AM in response to architectscott
    Level 7 (28,565 points)
    iPad
    Aug 10, 2016 6:21 AM in response to architectscott
  • by architectscott,

    architectscott architectscott Aug 10, 2016 6:22 AM in response to JimHdk
    Level 1 (4 points)
    iPad
    Aug 10, 2016 6:22 AM in response to JimHdk

    I saw this -- but port 35837 is not mentioned -- it is an "obscure" port -- I am wondering if one one the Ipad applications has snaked a back door ...

  • by Michael Black,Helpful

    Michael Black Michael Black Aug 10, 2016 6:51 AM in response to architectscott
    Level 7 (24,146 points)
    Aug 10, 2016 6:51 AM in response to architectscott

    Check your routers documentation about how to set firewall rules.  Most routers would already be blocking it, but you should be able to use your routers admin access to make sure.  If its blocked and they are just pinging it, you can still send an email to your ISP's report-abuse or equivalent email address and report the IP addresses you've captured that are pinging your router.  If they determine its not legitimate network traffic, they can stop them too, at their end of things.

  • by architectscott,

    architectscott architectscott Aug 10, 2016 6:53 AM in response to Michael Black
    Level 1 (4 points)
    iPad
    Aug 10, 2016 6:53 AM in response to Michael Black

    Problem is there are so many of them from multiple addresses e.g. 100s of them -- they are obviosly using a port scanning spam -- my interest is how to find out if there is something running on that specific port on the ipad -- I think it is an application on my ipad but at a loss to figure out what ports are used on the ipad and what application -- I can do this easily on Windows and Linux -- but not sure how to determine on ipad

  • by Diana.McCall,

    Diana.McCall Diana.McCall Aug 10, 2016 7:37 AM in response to architectscott
    Level 4 (2,942 points)
    Apple TV
    Aug 10, 2016 7:37 AM in response to architectscott

    Hi. The System Status app (not free) displays the current connections and the routing table, but it cannot show the apps. You say these are different sites attempting to open connections to this specific port on your iPad. Is that actually true, or are they responding on a port already opened? Also, is your router using IPv6 (funny-looking addresses with letters)? If not then your iPad is behind NAT on the router, so no outside connections can be directed to your iPad.

     

    Try force quitting all the apps and let it sleep for a while. If that stops these accesses, start apps one by one and see if they resume. Games and other exotica would be the primary suspects.

  • by architectscott,

    architectscott architectscott Aug 10, 2016 8:02 AM in response to Diana.McCall
    Level 1 (4 points)
    iPad
    Aug 10, 2016 8:02 AM in response to Diana.McCall

    thanks Diana -- I will try SystemStatus

  • by Michael Black,Solvedanswer

    Michael Black Michael Black Aug 10, 2016 8:12 AM in response to architectscott
    Level 7 (24,146 points)
    Aug 10, 2016 8:12 AM in response to architectscott

    Since you saw this in your router logs, the simplest test is just power off the iPad for awhile and see if the traffic ceases. 

     

    If it is just incoming requests to the router and they are being blocked by the router, then there is no issue anyway, and it would indicate nothing inside your intranet is running on that port - somebody is just sniffing for open ports.  There are some reported Windows trojans and root kits that will use ports in the 35-thousand range.

     

    iOS, being a sandboxed operating system, only opens a port at all if it is needed by an iOS service or an App.  Otherwise, iOS blocks all ports.

  • by architectscott,

    architectscott architectscott Aug 10, 2016 9:17 AM in response to Michael Black
    Level 1 (4 points)
    iPad
    Aug 10, 2016 9:17 AM in response to Michael Black

    Thanks Michael -- and yes - I know they are fishing e.g. trojans and root kits -- I did not know that re pessimistic ports on ipad -- thanks!