You are here
Brent Quick - Fri, 2016/06/03 - 22:26
So hosting on premise and out Cisco ASA is constantly seeing/blocking traffic from external IP of server to external IP of server. Not sure what might be the issue but wanted to check if there was something amiss or if I needed to do packet sniffing to identify cause of issue.
Thanks
Forum:
Tags:
Seems weird.
NETSTAT -at
Lots of normal connections but this one seems odd and is quite frequent.
Thoughts?
tcp6 0 0 ip6-localhost:44944 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44698 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44899 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44746 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44877 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44935 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44878 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44910 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44828 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44691 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44787 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44929 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44895 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44723 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44951 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44982 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44867 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44684 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44872 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44915 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44885 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44838 ip6-localhost:12322 TIME_WAIT
tcp6 0 0 ip6-localhost:44865 ip6-localhost:12322 TIME_WAIT
Port 12322 is Adminer
If you're not using Adminer, perhaps disable it?
In the LAMP based appliances it runs under apache so it can be disabled like this:
Results so far
I will need to do another netstat -at later and see but the first blush result is promissing. I had to reenable the error on the ASA to see if it occurs since it was filling the log with junk.
Will do VM restart to see if it stays solved.
Thanks
adminer IPV6?
netstat -at shows
tcp6 0 0 [::]:12322 [::]:* LISTEN
AFAIK it's listening on IPv4 too
Apologies as this was an oversight on my behalf. Whilst disabling the site will make Adminer not function, as you've noted Apache will still be listening on port 12322. To solve that you need to also remove 12322 from /etc/apache2/ports.conf and restart Apache.
No apologies needed.
As Apache and LAMP n00b - help is always appreciated and I should have figured even though service was removed Apache would still have port open for requests.
We got there in the end! :)
Add new comment