avatarTeri Radichel

Summary

Teri Radichel discusses the excessive network traffic generated by Apple Macintosh computers on startup and operation, expressing a desire for more control over these processes and highlighting the challenges in monitoring and managing network security due to this noise.

Abstract

The article by Teri Radichel addresses the significant amount of network traffic generated by Apple Macintosh systems during startup and while running, which can complicate network security monitoring by obscuring important data. Radichel, a cybersecurity expert, notes the difficulty in managing and disabling unnecessary services and protocols, such as Apple Push, to reduce network traffic and potential attack vectors. She advocates for a simpler method to control the services that generate traffic and suggests that users should be aware of the traffic their systems produce to better understand what should and should not be present on their networks. Radichel also provides resources for further reading on the topic, including her book and a series of posts on automating cybersecurity metrics, and invites readers to follow her for updates on her ongoing efforts to minimize network noise.

Opinions

  • Radichel believes that not all network traffic generated by Apple Macintosh computers is necessary and that some services could be turned off to reduce noise.
  • She suggests that the current process of disabling unwanted services on MacOS is not straightforward and should be simplified.
  • Radichel emphasizes the importance of users having the ability to control the services that generate network traffic for better security and monitoring.
  • She points out that the excessive traffic makes it difficult to create network rules and monitor for rogue traffic, indicating a need for a dashboard to manage traffic-generating services.
  • Radichel implies that while some users might be fine with default settings, security-conscious users should have the option to limit ports, protocols, and services.
  • She expresses an intention to delve deeper into the traffic generated by her Macintosh and other systems in the future to better understand and control it.

Apple Macintosh Network Traffic

Noise on your network makes it more challenging to find what matters.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: OS and IoT Security | Network Security | Apple Mac Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Have you ever looked at how much network traffic an Apple Macintosh generates on startup and as it continues to run? I am always monitoring the traffic on my network and each time I start up my system I see what seems like an excessive amount of traffic from Apple Macintosh computers. Perhaps it is all necessary but I suspect there are some things here I don’t need.

[Update: Have some posts at the bottom where I’m turning various services off to try to reduce network traffic and services I don’t need. Why is this not simple to find?]

I briefly explored how to turn off things like Apple Push and didn’t seem to be a simple task to permanently turn it off. Additionally, there are some services I only want to run at the point I want to update my system. For the average user, they should probably just leave these services running and get updates immediately. Some of us want a little more control over the process. I don’t run certain noisy Apple protocols used for IOT devices on my network either.

When designing systems there is always a trade-off between putting everything on one port or splitting things up onto multiple addresses and ports to be able to monitor the traffic to different services or route it independently. The problem with so much noise on so many ports is that it makes it painful to create network rules and monitor traffic. I wish there was a simple dashboard in the system to control the things that generate this traffic.

Apple isn’t the only software vendor that generates a lot of noise but recently has been the noisiest on my network. I haven’t fired up my Windows or Google Chromebook systems lately. I’m guessing they do something similar, based on the traffic generated by Google Chrome and Microsoft Applications when I start them.

Maybe someday I’ll have time to delve into all this traffic further but for now, be aware of the traffic generated by your systems as I explain in my book, and understand what is and is not supposed to be there. You also may want to limit ports, protocols, and services that are either risky, based on past breaches and vulnerabilities, or simply extraneous. If you can reduce the noise on your network it will be easier to spot rogue traffic. Not to mention, every time you fire up your computer, Apple and anyone monitoring the network knows you are online.

Here’s an incomplete list of services, ports, and protocols. As I am writing this I am getting more Apple traffic alerts so this is not all-inclusive by any means.

direction: outgoing priority: regular process: /usr/libexec/adprivacyd owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/adprivacyd owner: me destination: partiality.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd owner: me destination: gsa.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent owner: me destination: init.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AppleMediaServices.framework/Versions/A/Resources/amsaccountsd owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AppleMediaServicesUI.framework/amsengagementd owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstoreagent owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 1-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 11-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 12-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 19-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 24-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 29-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 34-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 38-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 42-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 45-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 49-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 5-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 7-courier.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: init.push.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 11-courier.push.apple.com ports: 5223 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 12-courier.push.apple.com ports: 5223 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 17-courier.push.apple.com ports: 5223 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 2-courier.push.apple.com ports: 5223 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 21-courier.push.apple.com ports: 5223 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 23-courier.push.apple.com ports: 5223 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 29-courier.push.apple.com ports: 5223 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 31-courier.push.apple.com ports: 5223 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/askpermissiond owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd owner: me destination: init.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd owner: me destination: init.ess.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod owner: me destination: configuration.ls.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod owner: me destination: gsp-ssl.ls.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod owner: me destination: gspe1-ssl.ls.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod owner: me destination: gspe35-ssl.ls.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/Versions/A/com.apple.Safari.SafeBrowsing.Service owner: me destination: configuration.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/Versions/A/com.apple.Safari.SafeBrowsing.Service owner: me destination: token.safebrowsing.apple ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/Versions/A/com.apple.Safari.SafeBrowsing.Service owner: me destination: safebrowsing.googleapis.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce owner: me destination: init.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock owner: me destination: itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder owner: me destination: itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd owner: me destination: cds.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd owner: me destination: init.ess.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd owner: me destination: pds-init.ess.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd owner: me destination: profile.ess.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd owner: me destination: init.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd owner: me destination: play.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/CoreServices/mapspushd owner: me destination: gspe35-ssl.ls.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/mobileassetd owner: system destination: gdmf.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/mobileassetd owner: system destination: xp.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app/Contents/MacOS/nbagent owner: me destination: swscan.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Applications/News.app/Contents/PlugIns/NewsToday2.appex/Contents/MacOS/NewsToday2 owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter owner: me destination: itunes.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/nsurlsessiond owner: system destination: mesu.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/nsurlsessiond owner: system destination: valid.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/CoreParsec.framework/parsec-fbf owner: me destination: swallow.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/CoreParsec.framework/parsecd owner: me destination: api.smoot.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/rapportd owner: me destination: init.ess.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/remindd owner: me destination: configuration.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/rtcreportingd owner: system destination: pancake.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated owner: system destination: swscan.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated owner: system destination: xp.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/syspolicyd owner: system destination: api.apple-cloudkit.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/transparencyd owner: me destination: init-kt.apple.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd owner: me destination: apps.mzstatic.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd owner: me destination: s.mzstatic.com ports: 443 protocol: 6

direction: outgoing priority: regular process: /usr/libexec/locationd owner: system destination: gs-loc.apple.com ports: 443 protocol: 6

Here are some posts where I’m turning off various servcies in a start up script.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2021

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Apple
Macintosh
Network Traffic
Networking
Cybersecurity
Recommended from ReadMedium
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarJake Nesler
Bare-metal k3s + Proxmox + 24TB CephFS

3 min read
avatarDavid Lewis
Apple & MacBook Pro saved me — 1st rule be VERY careful

Keep your guard up at ALL times — the baddies are out there…

10 min read
avatarLogan Hugli
Constructing a vulnerable Active Directory Hacking Lab Environment

Introduction

7 min read
avatarArtturi Jalli
I Built an App in 6 Hours that Makes $1,500/Mo

Copy my strategy!

3 min read
avatarTaimur Ijlal
The Cybersecurity Job market Is Changing... Are you ready for the next 5 years ???

The industry is changing .. Adapt or get left behind!

5 min read