On 19. 09. 24 03:01, Roger Marquis wrote:
Is there any way to disable these (random?) UDP listening ports
(47998|32542|14380|34448|45248|22313|26237|61057) or any downside
to filtering them?
Roger
# lsof | grep -w vscan | grep UDP
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE
NAME
perl 79714 vscan 10u IPv4 0xfffff80164e96b40 0 UDP
$amavis.ip:59511->$nameserver.ip:53
perl 79714 vscan 12u IPv4 0xfffff802071cb880 0 UDP *:47998->*:*
perl 79715 vscan 10u IPv4 0xfffff8010be3c340 0 UDP
$amavis.ip:43712->$nameserver.ip:53
perl 79715 vscan 11u IPv4 0xfffff80151d19dc0 0 UDP *:32542->*:*
perl 79716 vscan 10u IPv4 0xfffff8005a7cb300 0 UDP
$amavis.ip:49013->$nameserver.ip:53
perl 79716 vscan 12u IPv4 0xfffff800215cfac0 0 UDP *:14380->*:*
perl 79717 vscan 10u IPv4 0xfffff8005a7cb140 0 UDP *:34448->*:*
perl 79717 vscan 11u IPv4 0xfffff80336cb4f20 0 UDP
$amavis.ip:21362->$nameserver.ip:53
perl 79718 vscan 10u IPv4 0xfffff8008a018c60 0 UDP *:45248->*:*
perl 79718 vscan 11u IPv4 0xfffff800702ece40 0 UDP
$amavis.ip:43194->$nameserver.ip:53
perl 79719 vscan 10u IPv4 0xfffff8010be3cdc0 0 UDP *:22313->*:*
perl 79719 vscan 11u IPv4 0xfffff800da7546a0 0 UDP
$amavis.ip:12460->$nameserver.ip:53
perl 79720 vscan 10u IPv4 0xfffff800702ec220 0 UDP *:26237->*:*
perl 79720 vscan 11u IPv4 0xfffff800661973c0 0 UDP
$amavis.ip:21489->$nameserver.ip:53
perl 79721 vscan 10u IPv4 0xfffff802d3897920 0 UDP *:61057->*:*
perl 79721 vscan 11u IPv4 0xfffff80066197800 0 UDP
$amavis.ip:43299->$nameserver.ip:53
These look like DNS lookups going from *$amavis.ip:[random_port]* to
*$nameserver.ip:53*.
I guess filtering them could have some downsides.
D.
