[Bug 1176046] Re: isc-dhcp dhclient listens on extra random ports

Robie Basak 1176046 at bugs.launchpad.net
Mon Nov 28 21:29:46 UTC 2016 

> Will ask the SRU team if it would be acceptable to split up the binary
package in two to include changes (already applied in Xenial) to trusty.

I think that it's important that existing Trusty users can continue to
use this DDNS functionality after the SRU without any necessary
intervention. They may be depending on this functionality. If they have
to do something (such as install the additional package manually), then
that would be a regression and not acceptable in an SRU.

If there's a way to do the split such that users will automatically get
isc-dhcp-client-ddns installed but users bothered by this bug then have
the option to switch to the one without it, then that might work. But
perhaps it would be simpler to provide users a way to disable this
functionality manually? Is there any kind of runtime configuration
available?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1176046

Title:
  isc-dhcp dhclient listens on extra random ports

Status in isc-dhcp package in Ubuntu:
  In Progress

Bug description:
  Ubuntu 13.04 Server 64-bit.  Fresh install.  Only one network adapter.

  dhclient process is listening on two randomly chosen udp ports in
  addition to the usual port 68.  This appears to be a bug in the
  discovery code for probing information on interfaces in the system.

  Initial research of the code also suggested omapi, but adding omapi
  port 9999 to /etc/dhcp/dhclient.conf only opened a forth port with the
  two random udp ports still enabled.

  Version of included distro dhclient was 4.2.4.  I also tested with the
  latest isc-dhclient-4.2.5-P1 and got the same results.

  Debian has the same bug:
  http://forums.debian.net/viewtopic.php?f=10&t=95273&p=495605#p495605

  One impact of these random ports is that security hardening becomes
  more difficult.  The purpose of these random ports and security
  implications are unknown.

  
  Example netstat -lnp  output:

  udp        0      0 0.0.0.0:21117           0.0.0.0:*                           2659/dhclient   
  udp        0      0 0.0.0.0:68              0.0.0.0:*                           2659/dhclient   
  udp6       0      0 :::45664                :::*                                2659/dhclient

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1176046/+subscriptions

More information about the foundations-bugs mailing list