I was surprised to see that dhcpd was listening on some random high port in addition to its usual dhcp port.
[root@shorty ~]# ps -ef | grep dhcpdhcpd 1352 1 0 09:41 ? 00:00:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
[root@shorty ~]# ls -al /proc/1352/fd lrwx------. 1 root root 64 Apr 23 09:43 20 -> 'socket:[24079]' /proc/net/udp showed the socket bound to port 36755 [root@shorty ~]# netstat -a | grep 36755 udp 0 0 0.0.0.0:36755 0.0.0.0:*The regular dhcp port correctly listens only on the subnet. But this thing is open to the whole wide world.
Some searching around found that people noticed this ten years ago, and it's something dynamic dns-related.
There was no configuration option to turn it off when people were talking about it. There was only a compile-time option. I combed through the man page. "ddns-updates off" sounded like a promising candidate, I put it into dhcpd.conf, restarted dhcpd, and I don't see dhcpd listening on some high port anymore.
This doesn't really matter for Fedora, firewalld will block this. But it's awesome how this is enabled by default, and it's listening on all IP addresses, and not just the DHCP subnet.
Attachment:
pgpUTur6wVWuv.pgp
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure