lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 17 Jan 2007 12:39:10 -0500
From:	Lawrence MacIntyre <macintyrelp@...l.gov>
To:	Jan Engelhardt <jengelh@...ux01.gwdg.de>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Hung Port

If that was the case, would the port not show up in TIME_WAIT state?
Also, the kernel should only hold a closed socket in TIME_WAIT state for
2 minutes or so.  These hung ports stay around until the machine is
rebooted.

This one time, at band camp, Jan Engelhardt wrote:
>> Last week I had a port (TCP:52557) that was mysteriously unavailable on
>> my ubuntu machine (running kernel 2.6.15-27-k7 #1 SMP PREEMPT).  If you
>> tried to bind to it, it was unavailable.  However, nmap (both to
>> localhost and from an external host) reported the port closed.  fuser,
>> lsof, and netstat had no record of the port being used.
> 
> Did your application forgot to set SO_REUSEADDR?
> 
>>  Our firewall
>> logs didn't show any unusual traffic to the machine.  Nor did they show
>> any traffic at all to/from that port on the machine.  After checking
>> everything I could think of, I rebooted it, and there were no ports that
>> were unavailable in this way when it came back up.  This morning another
>> hung port has appeared (TCP:43355).  My best guess is that this is an
>> ephemeral port that has somehow gotten hung in the kernel somewhere.
>> Has anyone seen anything like this and/or is there anything else I could
>> look at to figure it out?
> 
> 	-`J'

-- 
  Lawrence MacIntyre   865.574.8696   macintyrelp@...l.gov
                Oak Ridge National Laboratory
Cyber Security and Information Infrastructure Research Group

Protect your digital freedom and privacy, eliminate DRM.
Learn more at http://www.defectivebydesign.org/what_is_drm
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ