[Bug 1854491] [NEW] portsentry blocks local systemd-resolved.service on 127.0.0.53:53

Fri, 29 Nov 2019 04:32:01 -0800 

Public bug reported:

After enabling portsentry it starts after some (2) days to block
systemd-resolved service on my computer.

attackalert: UDP scan from host: 127.0.0.53/127.0.0.53 to UDP port: 54321
attackalert: Host 127.0.0.53 has been blocked via wrappers with string: "ALL: 
127.0.0.53 : DENY"
attackalert: Host 127.0.0.53 has been blocked via dropped route using command: 
"/sbin/route add -host 127.0.0.53 reject

I put the IP 127.0.0.53 to the list of ignored IP addresses but would expect 
that it ignores it by default.
But maybe this "attack" should not happen at all and something is wrong on my 
system or with systemd-resolved.

Is it secure to ignore?
Is this a normal behaviour of systemd-resolved?

Any help would be appreciated.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: portsentry 1.2-14build1
ProcVersionSignature: Ubuntu 5.0.0-36.39~18.04.1-generic 5.0.21
Uname: Linux 5.0.0-36-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.9
Architecture: amd64
Date: Fri Nov 29 13:03:36 2019
InstallationDate: Installed on 2018-12-31 (332 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
ProcEnviron:
 TERM=screen-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: portsentry
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.portsentry.portsentry.conf: 2019-11-29T12:59:43.236437
mtime.conffile..etc.portsentry.portsentry.ignore.static: 
2019-11-29T13:00:10.804437

** Affects: portsentry (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug bionic

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1854491

Title:
  portsentry blocks local systemd-resolved.service on 127.0.0.53:53

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/portsentry/+bug/1854491/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to