Brent Quick's picture
Brent Quick - Fri, 2016/06/03 - 22:26

So hosting on premise and out Cisco ASA is constantly seeing/blocking traffic from external IP of server to external IP of server. Not sure what might be the issue but wanted to check if there was something amiss or if I needed to do packet sniffing to identify cause of issue.

Thanks

Forum: 
Support
Tags: 
adminer
Jeremy Davis's picture

Jeremy Davis - Mon, 2016/06/06 - 15:12
But to be honest I'm not familiar enough with it's normal behaviour to know quite what to think of that. Please let us know anything of interest you discover.
Brent Quick's picture

Brent Quick - Mon, 2016/06/06 - 19:05

Lots of normal connections but this one seems odd and is quite frequent.

Thoughts?

tcp6       0      0 ip6-localhost:44944     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44698     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44899     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44746     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44877     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44935     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44878     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44910     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44828     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44691     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44787     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44929     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44895     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44723     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44951     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44982     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44867     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44684     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44872     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44915     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44885     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44838     ip6-localhost:12322     TIME_WAIT
tcp6       0      0 ip6-localhost:44865     ip6-localhost:12322     TIME_WAIT

Jeremy Davis's picture

Jeremy Davis - Tue, 2016/06/07 - 03:30
But any communication it has with the server should be internal only. Although your netstat suggests that it's only communicating via localhost. Having said that I haven't noticed that behaviour before.

If you're not using Adminer, perhaps disable it?

In the LAMP based appliances it runs under apache so it can be disabled like this: 

a2dissite adminer
service apache2 restart
Brent Quick's picture

Brent Quick - Wed, 2016/06/08 - 23:27

I will need to do another netstat -at later and see but the first blush result is promissing.  I had to reenable the error on the ASA to see if it occurs since it was filling the log with junk.

Will do VM restart to see if it stays solved.

Thanks

Brent Quick's picture

Brent Quick - Thu, 2016/06/09 - 01:52

netstat -at shows
tcp6 0 0 [::]:12322 [::]:* LISTEN

Jeremy Davis's picture

Jeremy Davis - Thu, 2016/06/09 - 05:43
When Apache notes IPv6 connections AFAIK that means that it's also listening on IPv4 too. Anyway...

Apologies as this was an oversight on my behalf. Whilst disabling the site will make Adminer not function, as you've noted Apache will still be listening on port 12322. To solve that you need to also remove 12322 from /etc/apache2/ports.conf and restart Apache.

Brent Quick's picture

Brent Quick - Thu, 2016/06/09 - 18:37

As Apache and LAMP n00b - help is always appreciated and I should have figured even though service was removed Apache would still have port open for requests.

Jeremy Davis's picture

Jeremy Davis - Fri, 2016/06/10 - 03:39
We got there in the end! :)

Add new comment