From owner-freebsd-questions@FreeBSD.ORG Mon Jun 16 13:02:51 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2851A37B401 for ; Mon, 16 Jun 2003 13:02:51 -0700 (PDT) Received: from home.towles.com (cs6668123-6.austin.rr.com [66.68.123.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F77543F93 for ; Mon, 16 Jun 2003 13:02:49 -0700 (PDT) (envelope-from brian@towles.com) Received: by homestar.home.towles.com (Postfix, from userid 405) id 2BC4554D4; Mon, 16 Jun 2003 10:48:25 -0500 (CDT) Received: from home.towles.com (localhost.home.towles.com [127.0.0.1]) by homestar.home.towles.com (Postfix) with SMTP id BF96454BB for ; Mon, 16 Jun 2003 10:48:16 -0500 (CDT) Received: from 209.163.141.62 (SquirrelMail authenticated user brian) by home.towles.com with HTTP; Mon, 16 Jun 2003 10:48:17 -0500 (CDT) Message-ID: <61204.209.163.141.62.1055778497.squirrel@home.towles.com> Date: Mon, 16 Jun 2003 10:48:17 -0500 (CDT) From: brian@towles.com To: "FreeBSD-Questions" User-Agent: SquirrelMail/1.4.0 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 Importance: Normal X-Spam-Status: No, hits=1.3 required=5.0 tests=NO_REAL_NAME,PRIORITY_NO_NAME,USER_AGENT version=2.55 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: 4.8 and NIS enabled client spawning listening UDP ports per process X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2003 20:02:51 -0000 Howdy All I have a very weird issue. Im running a 4.8 Release box as a NIS client and for every process that either logs in or changes running as user a Listening UDP port is created. Im putting some sample output from ps sockstat and lsof to show what I mean. The problem is these UDP ports are listening ports bound to all interfaces. It appears to be releated to NIS because when i uncomment the +::::(etc) from the passwd and group files it goes away for any newly started processes. I dont even have to turn off ypbind. Ive tried to put ypbind in secure mode and well as non broadcast mode and the same results happen. Any ideas as to what this is? More importantly, any idea of how to get rid of it? Thanks -=Brian ------Applicable rc.conf entries------ nisdomainname="nisdomain" nis_client_enable="YES" nis_client_flags="-m -S nisdomain,192.168.0.20" ------sample ps awux entries--------- root 189 0.0 0.1 952 656 d0 Is+ 10:28AM 0:00.07 /usr/libexec/getty std.9600 ttyd0 www 191 0.9 2.1 12428 10808 ?? S 10:28AM 0:00.44 /usr/local/sbin/httpd -k start -DSSL www 192 0.2 1.8 10664 8968 ?? S 10:28AM 0:00.34 /usr/local/sbin/httpd -k start -DSSL www 193 0.0 2.4 13832 12296 ?? S 10:28AM 0:01.41 /usr/local/sbin/httpd -k start -DSSL www 194 0.9 2.1 12332 10728 ?? S 10:28AM 0:00.47 /usr/local/sbin/httpd -k start -DSSL root 221 0.0 0.5 5708 2484 ?? I 10:30AM 0:00.54 sshd: brian [priv] (sshd) brian 223 0.0 0.5 5700 2532 ?? S 10:30AM 0:00.69 sshd: brian@ttyp0 (sshd) brian 224 0.0 0.2 1120 936 p0 Is 10:30AM 0:00.47 -bash (bash) root 229 0.0 0.2 1116 956 p0 S 10:30AM 0:00.93 -su (bash) postfix 366 0.0 0.3 2280 1352 ?? S 10:43AM 0:00.07 proxymap -t unix -u postfix 368 0.0 0.3 2272 1348 ?? S 10:43AM 0:00.15 trivial-rewrite -n rewrite -t unix -u --- results of sockstat -4 | grep udp ----- www httpd 241 16 udp4 *:984 *:* www httpd 238 16 udp4 *:989 *:* brian bash 224 4 udp4 *:1068 *:* brian sshd 223 6 udp4 *:995 *:* root sshd 221 7 udp4 *:996 *:* www httpd 194 16 udp4 *:1005 *:* www httpd 193 16 udp4 *:1008 *:* www httpd 192 16 udp4 *:1007 *:* www httpd 191 16 udp4 *:1006 *:* www httpd 190 16 udp4 *:1009 *:* brian imapd 188 4 udp4 *:1010 *:* root snmpd 185 6 udp4 *:161 *:* postfix qmgr 178 9 udp4 *:1012 *:* postfix pickup 177 9 udp4 *:1013 *:* root ypbind 81 4 udp4 *:1017 *:* daemon portmap 79 3 udp4 *:111 *:* bind named 76 3 udp4 *:53 *:* bind named 76 20 udp4 192.168.0.2:53 *:* bind named 76 22 udp4 127.0.0.1:53 *:* root syslogd 73 4 udp4 *:514 *:* ----results of lsof | grep UDP ----- syslogd 73 root 4u IPv4 0xd5220e00 0t0 UDP *:syslog named 76 bind 3u IPv4 0xd5220d40 0t0 UDP *:domain named 76 bind 20u IPv4 0xd5220c80 0t0 UDP homestar.home.towles.com:domain named 76 bind 22u IPv4 0xd5220bc0 0t0 UDP localhost.home.towles.com:domain portmap 79 daemon 3u IPv4 0xd5220b00 0t0 UDP *:sunrpc ypbind 81 root 4u IPv4 0xd5220a40 0t0 UDP *:1017 pickup 177 postfix 9u IPv4 0xd5220980 0t0 UDP *:1013 qmgr 178 postfix 9u IPv4 0xd52208c0 0t0 UDP *:1012 snmpd 185 root 6u IPv4 0xd5220800 0t0 UDP *:snmp imapd 188 brian 4u IPv4 0xd5220740 0t0 UDP *:1010 httpd 190 www 16u IPv4 0xd52205c0 0t0 UDP *:1009 httpd 191 www 16u IPv4 0xd5220380 0t0 UDP *:1006 httpd 192 www 16u IPv4 0xd5220440 0t0 UDP *:1007 httpd 193 www 16u IPv4 0xd5220500 0t0 UDP *:1008 httpd 194 www 16u IPv4 0xd52202c0 0t0 UDP *:1005 sshd 221 root 7u IPv4 0xd5221280 0t0 UDP *:vsinet sshd 223 brian 6u IPv4 0xd5221340 0t0 UDP *:pop3s bash 224 brian 4u IPv4 0xd5221400 0t0 UDP *:instl_bootc httpd 238 www 16u IPv4 0xd52214c0 0t0 UDP *:ftps-data httpd 241 www 16u IPv4 0xd5221640 0t0 UDP *:984