Thanks, Alexander; I will check out the vid. I kind of assumed that this port was used for exactly the purpose you mention.
Is TLS a possibility here? -Paul On Tue, Oct 6, 2015 at 8:15 AM, Alexander Rojas <[email protected]> wrote: > Hi Paul, > > I can refer you to the talk given by Adam Bordelon at MesosCon > https://www.youtube.com/watch?v=G3sn1OLYDOE > > If you want to the short answer, the solution is to put a firewall around > your cluster. > > On a closer look on the port, it is the one used for message passing > between the mesas-docker-executor and other mesos components. > > > On 05 Oct 2015, at 19:04, Paul Bell <[email protected]> wrote: > > Hi All, > > I am running an nmap port scan on a Mesos agent node and noticed nmap > reporting an open TCP port at 50577. > > Poking around some, I discovered exactly 5 mesos-docker-executor > processes, one for each of my 5 Docker containers, and each with an open > listen port: > > root 14131 3617 0 10:39 ? 00:00:17 mesos-docker-executor > --container=mesos-20151002-172703-2450482247-5050-3014-S0.5563c65a-e33e-4287-8ce4-b2aa8116aa95 > --docker=/usr/local/ecxmcc/weaveShim --help=false > --mapped_directory=/mnt/mesos/sandbox > --sandbox_directory=/tmp/mesos/slaves/20151002-172703-2450482247-5050-3014-S0/frameworks/20151002-172703-2450482247-5050-3014-0000/executors/postgres.ea2954fd-6b6e-11e5-8bef-56847afe9799/runs/5563c65a-e33e-4287-8ce4-b2aa8116aa95 > --stop_timeout=15secs > > I suppose that all of this is unsurprising. But I know of at least one big > customer who will without delay run Nmap or Nessus against my clustered > deployment. > > So I am wondering what the best practices approach is to securing these > open ports. > > Thanks for your help. > > -Paul > > > > >
