Why are there mulitple ports open and listening?
Posted:
Thu Mar 12, 2015 2:40 pmby ericvonnine
I run my subsonic instance behind an apache proxy to handle everything over https. So (I think) I have configured subsonic to only listen on the loopback interface. netstat confirms that, indeed it is listening there:
- Code: Select all
tcp6 0 0 :::9412 :::* LISTEN 11059/java
tcp6 0 0 127.0.0.1:4040 :::* LISTEN 11059/java
tcp6 0 0 X.X.X.X:54763 :::* LISTEN 11059/java
tcp6 0 0 :::60399 :::* LISTEN 11059/java
Where X.X.X.X is my external IP address.
That is a whole pile of open ports when it _should_ be listening to 127.0.0.1:4040 only. Why are these extra TCP ports open?
Re: Why are there mulitple ports open and listening?
Posted:
Thu Mar 19, 2015 3:02 pmby ericvonnine
Is this the wrong place to ask this question? Do any of the devs read this forum?
Re: Why are there mulitple ports open and listening?
Posted:
Sun Mar 29, 2015 9:42 pmby acroyear
Something like this was mentioned in the API users group.
This is normal for Java based web servers like Jetty and Tomcat (and JBoss and other J2EE servers). They keep ports open for internal communications. It is not necessary to open them up to anybody outside your firewall, and generally they restrict any attempt to connect from a different machine unless the administrator has specifically configured them for site mirroring in a production cloud environment.
tl;dr? don't worry about it. It's a Java thing.
Joe
Re: Why are there mulitple ports open and listening?
Posted:
Thu Apr 02, 2015 2:21 pmby ericvonnine
Thanks for the reply.
It is pretty spooky that Java would be listening without being told to do so. If it were localhost only, I would be fine, but this is attempting to listen to the outside world.
Re: Why are there mulitple ports open and listening?
Posted:
Thu Apr 02, 2015 7:55 pmby acroyear
it is actually necessary because of the nature of sockets and IPs. if the internal tried to connect to 'localhost' but something about the network library at the OS level made it come from the machine's IP (192.168.x.y), then the connect would fail. That isn't something that can be as tightly controlled as Java would like.
That said, "outside world" is relative. don't open those ports on your firewall and only your LAN can see them. don't open those ports on your machine's personal firewall, and only your box can see them. if you don't trust yourself, who can you trust?
In addition, the protocol they are expected is extremely tight, white-list driven, and generally binary. it isn't easy to spoof. I've known of no vulnerabilities that took advantage of those ports in at last 12 years.