[Touch-packages] [Bug 1176046] Re: isc-dhcp dhclient listens on extra random ports

Eric Desrochers Thu, 24 Nov 2016 10:45:06 -0800

NSUPDATE is disabled in Xenial, will keep the same approach for Trusty
and then test.


More details can be found here :

xenial/isc-dhcp-4.3.3/debian/patches/disable-nsupdate.patch 
description: undefine NSUPDATE
author: cchip
origin: http://forums.debian.net/viewtopic.php?f=10&t=95273
bug-debian: https://bugs.debian.org/712503

--- a/includes/site.h
+++ b/includes/site.h
@@ -121,7 +121,7 @@
 
 /* Define this if you want DNS update functionality to be available. */
 
-#define NSUPDATE
+/* #define NSUPDATE */
 
 /* Define this if you want to enable the DHCP server attempting to
    find a nameserver to use for DDNS updates. */

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1176046

Title:
  isc-dhcp dhclient listens on extra random ports

Status in isc-dhcp package in Ubuntu:
  In Progress

Bug description:
  Ubuntu 13.04 Server 64-bit.  Fresh install.  Only one network adapter.

  dhclient process is listening on two randomly chosen udp ports in
  addition to the usual port 68.  This appears to be a bug in the
  discovery code for probing information on interfaces in the system.

  Initial research of the code also suggested omapi, but adding omapi
  port 9999 to /etc/dhcp/dhclient.conf only opened a forth port with the
  two random udp ports still enabled.

  Version of included distro dhclient was 4.2.4.  I also tested with the
  latest isc-dhclient-4.2.5-P1 and got the same results.

  Debian has the same bug:
  http://forums.debian.net/viewtopic.php?f=10&t=95273&p=495605#p495605

  One impact of these random ports is that security hardening becomes
  more difficult.  The purpose of these random ports and security
  implications are unknown.

  
  Example netstat -lnp  output:

  udp        0      0 0.0.0.0:21117           0.0.0.0:*                         
  2659/dhclient   
  udp        0      0 0.0.0.0:68              0.0.0.0:*                         
  2659/dhclient   
  udp6       0      0 :::45664                :::*                              
  2659/dhclient

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1176046/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1176046] Re: isc-dhcp dhclient listens on extra random ports

Reply via email to