[BlueOnyx:21961] Re: BO5209 - increased outbound UDP traffic
john
jsikes at sikesland.com
Sat Apr 21 12:17:30 -05 2018
Hi Michael,
As always, you nailed it on the first attempt!
Looks like all 3 servers enabled rpcbind and stopping and disabling it immediately brought the traffic back down to normal levels.
The two rpcbind.socket commands did not elicit any response, but I still issued all 4 commands commands.
Checking netstat, everything there looks normal.
Ran TCPDump again and I still have quite a bit of UDP traffic, but all from one IP in China. There are a whole lot less of them and they are small.
Thanks again,
John
********************
Hi John,
> Thanks for the response Ken. I have alot of the traffic on port 111,
> but also other random ports.
That is weird indeed. To turn off rpcbind please use this on a 5209R:
systemctl stop rpcbind
systemctl disable rpcbind
systemctl stop rpcbind.socket
systemctl disable rpcbind.socket
We don't have rpcbind enabled by default, but some bloody OS related
updates occasionally turn it on.
I'm considering adding an Active Monitor component that makes sure it
stays off and disabled. But some people might actually be using NFS, so
I can't retroactively do this. :-/
What other UDP usage sticks out? Anything in particular visible via
"netstat -tupan|grep udp"?
-- With best regards Michael Stauber
_______________________________________________ Blueonyx mailing list
Blueonyx at mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20180421/717aab36/attachment.html>
More information about the Blueonyx
mailing list