I was able to identify from where the port range list is initialize, and the decision is taken by binary package "libdns162" (source package "bind9")[1] which dhclient relies on. Basically, it randomly takes any port available between 1024 and 65535[2]
So there is a port randomization mechanism made by the library that take the decision instead of, for instance in some other cases, where the decision is leave it to the kernel[3]. In this particular case both sysctl options : net.ipv4.ip_local_port_range net.ipv4.ip_local_reserved_ports have no effect on port assignation decision. [1] - https://github.com/wklaebe/bind9/blob/ac1dcdd124a5abdec4969e2c33836d863bf73aa7/lib/dns/dispatch.c#L1921 [2] - https://tools.ietf.org/html/rfc6335 [3] - Example : net.ipv4.ip_local_port_range = 32768 60999 Regards, -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1176046 Title: isc-dhcp dhclient listens on extra random ports Status in isc-dhcp package in Ubuntu: In Progress Bug description: Ubuntu 13.04 Server 64-bit. Fresh install. Only one network adapter. dhclient process is listening on two randomly chosen udp ports in addition to the usual port 68. This appears to be a bug in the discovery code for probing information on interfaces in the system. Initial research of the code also suggested omapi, but adding omapi port 9999 to /etc/dhcp/dhclient.conf only opened a forth port with the two random udp ports still enabled. Version of included distro dhclient was 4.2.4. I also tested with the latest isc-dhclient-4.2.5-P1 and got the same results. Debian has the same bug: http://forums.debian.net/viewtopic.php?f=10&t=95273&p=495605#p495605 One impact of these random ports is that security hardening becomes more difficult. The purpose of these random ports and security implications are unknown. Example netstat -lnp output: udp 0 0 0.0.0.0:21117 0.0.0.0:* 2659/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 2659/dhclient udp6 0 0 :::45664 :::* 2659/dhclient To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1176046/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
