Subsonic Forum

forum.subsonic.org
http://forum.subsonic.org/forum/

Subsonic listening on UDP/bzr port question

http://forum.subsonic.org/forum/viewtopic.php?f=2&t=6715

Page 1 of 1

Subsonic listening on UDP/bzr port question

PostPosted: Fri May 13, 2011 1:54 pm
by dman777
localhost one # lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 1762 root 1u IPv4 35514 0t0 UDP *:syslog
irssi 6950 one 3u IPv4 6103 0t0 TCP 192.168.1.23:47535->card.freenode.net:ircd (ESTABLISHED)
java 7378 subsonic 68u IPv4 11795 0t0 UDP *:1901
java 7378 subsonic 72u IPv4 11812 0t0 TCP *:43167 (LISTEN)
java 7378 subsonic 73u IPv4 11813 0t0 TCP *:bzr (LISTEN)
java 7378 subsonic 76u IPv4 11815 0t0 TCP *:9412 (LISTEN)
java 7378 subsonic 77u IPv4 11816 0t0 TCP *:35443 (LISTEN)
java 7378 subsonic 78u IPv4 13506 0t0 TCP 192.168.1.23:bzr->216-82-212-222.static.grandenetworks.net:47115 (ESTABLISHED)
java 7378 subsonic 79u IPv4 13508 0t0 TCP 192.168.1.23:bzr->216-82-212-222.static.grandenetworks.net:47742 (ESTABLISHED)
firefox 10046 one 29u IPv4 80038 0t0 TCP 192.168.1.23:37085->74.125.227.24:https (ESTABLISHED)
firefox 10046 one 70u IPv4 79185 0t0 TCP 192.168.1.23:36085->74.125.227.22:https (ESTABLISHED)
localhost one #

What is bzr in this as a port? and Subsonic is a Java software that uses TCP...why is "java 7378 subsonic 68u IPv4 11795 0t0 UDP *:1901" in there?

PostPosted: Fri May 13, 2011 2:36 pm
by GJ51
I've never seen this before. Are you scobbling or using any other service like Internet Radio that you're connecting to while in SS?

http://en.wikipedia.org/wiki/Bazaar_(software)

PostPosted: Sat May 14, 2011 6:47 am
by dman777
No, I'm really freaked out though because I'm scared my system has been exploited through subsonic. I wish someone could help. Does Java use bazaar for communications? Why would bzr be used as a port number?

PostPosted: Sat May 14, 2011 9:20 am
by GJ51
I've asked Sindre to answer this one.

I wouldn't get too worked up though, most of these things a usually harmless. If you don't open the ports on the router, your network should not be esxposed. Reading the links I referenced, it appears that this is related to identifying software revisions. It may have to do with software libraries that SS uses.

http://en.wikipedia.org/wiki/Bazaar_(software)

I've got a pretty big network with a lot of safegaurds in place. I haven't noticed any red flags yet and as you can see, my link to my public server is posted in my signature.

PostPosted: Sat May 14, 2011 12:45 pm
by sindre_mehus
"bzr" is simply an alias for port 4155. Maybe you're running Subsonic on this port?

PostPosted: Mon May 16, 2011 8:21 am
by dman777
that is correct...i was running it on a port already spoken for.

I'm using a diff port now. I see that Subsonic still listens on UDP with lsof -i. I thought Subsonic was only TCP?

PostPosted: Mon May 16, 2011 8:42 am
by sindre_mehus
I'm not quite sure what the UDP port is used for, but I'm guessing that it's related to the router discovery protocols (NAT-PMP and UPnP).

Sindre
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/