Off Topic - Block iCloud -

Bob Goodwin - Zuni, Virginia, USA bobgoodwin at wildblue.net
Wed Apr 10 09:26:43 UTC 2013 

On 09/04/13 21:28, Sam Varshavchik wrote:
>
> I'm not sure if this is the same issue, but when one member of my 
> household acquired a Macbook, that thing just started flooding my 
> bandwidth.
>
> I didn't know, at first, WTF was going on, and I didn't tie it to the 
> Macbook, but, fortunately, at that time I /was/ running a router with 
> DD-WRT firmware, so I could ssh into the router itself, and see that 
> it was the Macbook flinging crap into the Intertubes.

Yes, about the same thing happened here but it cost me a lot of 
bandwidth usage/money before I understood what was happening. I couldn't 
believe anyone would create a system that worked that way! Last fall she 
put all the Apple stuff on the iCloud system and the mysterious usage began.

>
> That hacked router, sadly, gave up the magic blue smoke some time ago, 
> and I just didn't have the mental fortitude to set up another 
> hackarouter, so I now have a stock Netgear WNDR3700v3 which, AFAIK, 
> doesn't have any way to report which connected device is generating 
> how much bandwidth, so I don't think I'd have any way of know what is 
> coming out of which device, but, back then I was lucky.
>
> Anyway, the traffic that I saw coming out of the Macbook was massive 
> amounts of /UDP/ traffic to high ports, looked like some kind of a 
> peer-to-peer protocol. But it was all UDP. I didn't want to waste any 
> more time on this nonsense. The DD-WRT firmware allowed me to bind 
> filtering rules to MAC addresses. So, I set up a rule tied to the 
> Macbook MAC address, that blocked all traffic to UDP ports 1024-65535.

I'm presently using a Buffalo WZR-HP-G450H which I believe came with 
DD-WRT installed. I have several other routers in which I have installed 
DD-WRT but settled on this one for no special reason, they all work. It 
looks to me like I should be able to block connection to "icloud.com" in 
the router but so far that has not worked. The usage continues to grow 
when I allow the Mac with iCloud to connect.

I can block other addresses, when the kids want iTunes or a PS3 update I 
have to enable the connections for them.

>
> That solved the problem for good, and I had no complaints. There's no 
> legitimate, mainstream, consumer Intertube use that needs high UDP 
> port ranges.

It should be that simple for me too, but alas nothing is easy!

>
> P.S. The replacement Netgear router's firmware couldn't do MAC-based 
> filtering. So, when I carefully configured it, I just had the router's 
> DHCP server bind the Macbook's MAC address to a statically assigned IP 
> address, and set up the router to block all traffic from that IP 
> address to UDP ports 1024-65535.
>

I don't see a way to block ports in this Buffalo DD-WRT? Perhaps they 
removed something. I'll try another router later, but what I've done it 
seems should work ...

-- 

http://www.qrz.com/db/W2BOD

box10   Fedora-18 XFCE Linux

More information about the users mailing list