0

I have Ubuntu 14 opening many UDP ports. The avadi_daemon was listed as the owner of the process (Using Netstat). I turned that off, but they then spawned with no owner. I can even kill the process and it starts again using another port.

I don't know what app is doing this. Is there any way to put some kind of check or rule that says before opening port check?

I am using ufw enabled.

Regards, Wesley

Wesley Davidson
  • 33
  • 3
  • Answer is here: http://askubuntu.com/questions/205937/how-can-i-disable-avahi-daemon#206592 From the manpage: `The Avahi mDNS/DNS-SD daemon implements Apple's Zeroconf architecture (also known as "Rendezvous" or "Bonjour"). The daemon registers local IP addresses and static services using mDNS/DNS-SD and provides two IPC APIs for local programs to make use of the mDNS record cache the avahi-daemon maintains. ` Little bit of search can not harm. – fugitive Feb 05 '17 at 22:28
  • Thanks, I read that information, but guess I didn't comprehend it. I just see 6 udp ports and non-users running --WARN-- [lin003w] The process `something' is listening on socket 0t0 (24236 on 0t0 interface) is run by 3606. {who is 3606) – Wesley Davidson Feb 05 '17 at 22:40
  • some of the udp are essential for a system to work properly. Each has it's own purpose. You can try to examine what each process does by looking to man pages. Simply `man -k avahi` and it will list up all manpages related to avahi. You can check your running UDP services with the netstat `sudo netstat -ulpa`. Edit your answer with the output of this command and let us know what you really want to turn off. – fugitive Feb 05 '17 at 22:46
  • udp 0 0 *:63510 *:* 5528/dhclient udp 0 0 xxxxx-xxxxxxxx-D:domain *:* 1236/dnsmasq udp 0 0 *:bootpc *:* 5528/dhclient udp 0 0 *:31925 *:* 3200/avahi-daemon: udp6 0 0 [::]:mdns [::]:* 3200/avahi-daemon: --- – Wesley Davidson Feb 05 '17 at 23:57
  • There are like 4 more that didn't have enough room. – Wesley Davidson Feb 05 '17 at 23:58

1 Answers1

0

The documentation above provides good information. After using some investigation the dnsmasq had somehow configured itself to use two mdns servers. In addition, it looks like I had an uninvited guest.

Another interesting item, if you turn on ufw, you enable the mdns(adding the two mdns servers) and alter you iptables.

ufw -list iptables -L
then

ufw enable iptables -L.

I tested this on two of my Ubuntu Trusty Tahr 14 boxes.

Anyway, ufw modified iptables to allow comm to two mdns servers.

regards, Wes

Wesley Davidson
  • 33
  • 3