Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'random port numbers' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
random port numbers
Authored by: Severian on Apr 06, '02 04:47:14PM
The behavior of the MS Database Daemon (PID Sniffer) is pretty well known by now. It uses UDP port 2222 to announce its presence and to find other daemons running on the local network. Then the various Office apps use a random TCP port in the range 3000-3999 to listen for other copies with the same serial number. Blocking these ports with your firewall is a prudent thing to do, whether or not you are trying to use multiple copies with the same serial number. Even if you are only using a single copy, it's possible for a hacker to sniff out your daemon and then terminate your MS Office apps by faking a serial number collision. If you have made any unsaved changes, they would be lost. For this reason alone, Microsoft should be roasted over a slow fire for implementing such a dangerous "anti-piracy" scheme. Since the applications use a random port number, you will actually have to block all TCP ports in the range 3000-3999. Blocking the port 3464 as you did will only be effective one time in a thousand. Here are the relevant lines from my firewall configuration file:
wcmd="/sbin/ipfw"
# Block MS Office PID Sniffer
$fwcmd add deny udp from $oip to any 2222 out
$fwcmd add deny log udp from any to $oip 2222 in
$fwcmd add deny tcp from $oip to any 3000-3999 out
$fwcmd add deny log tcp from any to $oip 3000-3999 in
This will silently block any outgoing connections from the daemon, and also block incoming connections while logging the attempts in system.log. Converting these lines to AppleScript is an exercise left for the reader.

[ Reply to This | # ]
Even easier in 10.2
Authored by: heavyboots on Oct 18, '02 02:29:21PM

As near as I can tell, if you don't want open listening ports through your cable modem connection, you can now just use 10.2's built-in Firewall and make a new "Other" Firewall item called "MS Office" that blocks 2222, 3000-3999. Correct?



[ Reply to This | # ]
Even easier in 10.2
Authored by: symphonitron on Jul 25, '03 11:33:05AM

Actually you just need to go to the computer that gives you the error and turn on the firewall settings. ALL ports will be blocked EXCEPT those which you mark in the checklist, so you don't need to create a new one. The problem goes away immediately after you turn on the firewall.



[ Reply to This | # ]