Hi All, I am running an nmap port scan on a Mesos agent node and noticed nmap reporting an open TCP port at 50577.
Poking around some, I discovered exactly 5 mesos-docker-executor processes, one for each of my 5 Docker containers, and each with an open listen port: root 14131 3617 0 10:39 ? 00:00:17 mesos-docker-executor --container=mesos-20151002-172703-2450482247-5050-3014-S0.5563c65a-e33e-4287-8ce4-b2aa8116aa95 --docker=/usr/local/ecxmcc/weaveShim --help=false --mapped_directory=/mnt/mesos/sandbox --sandbox_directory=/tmp/mesos/slaves/20151002-172703-2450482247-5050-3014-S0/frameworks/20151002-172703-2450482247-5050-3014-0000/executors/postgres.ea2954fd-6b6e-11e5-8bef-56847afe9799/runs/5563c65a-e33e-4287-8ce4-b2aa8116aa95 --stop_timeout=15secs I suppose that all of this is unsurprising. But I know of at least one big customer who will without delay run Nmap or Nessus against my clustered deployment. So I am wondering what the best practices approach is to securing these open ports. Thanks for your help. -Paul
