[Twisted-Python] twisted listening on UDP port, why?
Jonathan Vanasco
twisted-python at 2xlp.com
Wed Apr 20 11:31:15 MDT 2016
Thanks all.
I was going to write everything below, then finally tracked it down.
A specific library was keeping the port open. I'm tracking down how/why right now.
The worry on this, FYI, was that there is a critical vulnerability in glibc from a few months ago where a server could be compromised via UDP traffic.
One of my servers was compromised last week, and I think the vector was in-part exploiting that bug (it was also exploited by redis, but redis was secured, so somehow it got loosened).
On Apr 20, 2016, at 9:22 AM, Jean-Paul Calderone wrote:
> What do the logs for the app say? Twisted logs a message when it binds a UDP port.
Nothing. I don't think Twisted itself is doing this, I think it's just happening when other code is running in twisted.
> You could also try sending some traffic to the port and see what happens. :) Maybe you'll get something back that identifies it or maybe you'll provoke some more logging code somewhere.
That was my first attempt! It just closed the connection no matter what I sent. I also made about 20 test cases.
> Or, another though, you could put a breakpoint on listenUDP (or socket.bind or something) and then run the process under pdb and look at the stack trace.
Aggressive use of pdb.set_trace() on some modified code finally let me find the issue.
More information about the Twisted-Python
mailing list