[Twisted-Python] twisted listening on UDP port, why?

[Jonathan Vanasco]

Thanks all.

I was going to write everything below, then finally tracked it down.

A specific library was keeping the port open.  I'm tracking down how/why right now.

The worry on this, FYI, was that there is a critical vulnerability in glibc from a few months ago where a server could be compromised via UDP traffic.

One of my servers was compromised last week, and I think the vector was in-part exploiting that bug (it was also exploited by redis, but redis was secured, so somehow it got loosened).


On Apr 20, 2016, at 9:22 AM, Jean-Paul Calderone wrote:

> What do the logs for the app say?  Twisted logs a message when it binds a UDP port.

Nothing.  I don't think Twisted itself is doing this, I think it's just happening when other code is running in twisted.

> You could also try sending some traffic to the port and see what happens. :)  Maybe you'll get something back that identifies it or maybe you'll provoke some more logging code somewhere.

That was my first attempt!  It just closed the connection no matter what I sent.  I also made about 20 test cases.


> Or, another though, you could put a breakpoint on listenUDP (or socket.bind or something) and then run the process under pdb and look at the stack trace.

Aggressive use of pdb.set_trace() on some modified code finally let me find the issue.