Re: Bug in Tiger check_listening_procs?

To: debian-security@lists.debian.org
Subject: Re: Bug in Tiger check_listening_procs?
From: Paul Hampson <Paul.Hampson@anu.edu.au>
Date: Mon, 31 Mar 2003 10:29:48 +1000
Message-id: <[🔎] 20030331002948.GB11759@keitarou.bubblesworth.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20030330185542.GA11442@seanet.com>
References: <[🔎] 20030330185542.GA11442@seanet.com>

On Sun, Mar 30, 2003 at 10:55:42AM -0800, Michael West wrote:
>      If I have found a bug then I will file a bug report.
>      My knowledge is imperfect.  I thought I would check here first
>      before filing.
> 
>      I am getting a report from tiger that squid is listening UDP on a high
>      port.  This is not the peer cache listener as I have disabled that
>      with the "-u0" squid command line option.
> 
>      `lsof -nPi | grep squid` gives:
> 
>      squid     19509     root    5u  IPv4 2036491       UDP *:32814 
>      squid     19509     root   12u  IPv4 2036495       TCP 127.0.0.1:3128 (LISTEN)
>      
>      My understanding is that this UDP port is used by squid for its DNS
>      client.  I do not understand why squid would want to bind to a port
>      for this. The port number changes when I restart squid.

Yes, that sounds right. Squid binds to a port for it's DNS resolver
simply because it expects to do so much DNS resolving that it's faster
to just fire the requests off and have an already-existing place for
them to arrive back at.

>      Tiger reports this as listening on port 32814, which I do not think
>      is correct.  

That's what it's doing. Although it (hopefully) drops unsolicited
packets, it may not.

>      If lose is found on the system 
>      /usr/lib/tiger/systems/Linux/2/check_listeningprocs uses the
>      command:
> 
>      $LSOF -nPi | $GREP "IPv" | $GREP -v "\->" | $AWK '{printf("%s %s %s
>      %s\n", $1, $3, $7, $8)}' | $SORT | $UNIQ |
>      
>      It seems that it should `grep LISTEN` as well.  
> 
>      Comments?

I would guess that only TCP sockets get 'LISTEN' but I don't
know the output of lsof to confirm this.

-- 
-----------------------------------------------------------
Paul "TBBle" Hampson, MCSE
6th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
Paul.Hampson@Anu.edu.au

Of course Pacman didn't influence us as kids. If it did,
we'd be running around in darkened rooms, popping pills and
listening to repetitive music.
 -- Kristian Wilson, Nintendo, Inc, 1989

This email is licensed to the recipient for non-commercial
use, duplication and distribution.
-----------------------------------------------------------

Attachment: pgpeYJAULcpzV.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Bug in Tiger check_listening_procs?
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- Bug in Tiger check_listening_procs?
  - From: Michael West <web@mitzit.net>

Prev by Date: Re: iptables forwarding to inside firewall
Next by Date: Re: SPAMMED ONCE AGIN !!! (Was: Re: Under 10 bucks, cell phone antenna boosters. qmnh coxehywqphhnsg)
Previous by thread: Bug in Tiger check_listening_procs?
Next by thread: Re: Bug in Tiger check_listening_procs?
Index(es):
- Date
- Thread