Strange SKS traffic

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Strange SKS traffic

Arnold-27
Hello,

Since Tue Oct 26, my firewall blocks some strange outgoing traffic. It
turned out to be SKS data I try to send to keyserver.gingerbear.net at
destination port _2_1371.

I do not understand why my server tries to contact gingerbear at that
special port, as it is listed in my membership file with the normal 11370.
While examining the stats, I found gingerbear has a gossip peer 'basket'
that is configured at port 21370. Now it seems to me that the configuration
data of gingerbear for basket somehow 'leaks' to my system. That, in turn,
makes my system try to use that port 21371 (for basket) while communicating
with gingerbear.

Can somebody explain why this happens?

@John, did you modify your configuration at Tue Oct 26? I did not modify
anything that day.

Kind regards,
   Arnold

Below are some lines from the stats, my log and configuration files.


/etc/sks/membership
keyserver.gingerbear.net 11370 # John P. Clizbe
/var/log/syslog:
Nov  4 17:36:54 gateway kernel: [337692.787306] Shorewall:fw2all:REJECT:IN=
OUT=eth2 SRC=192.168.1.1 DST=76.185.38.113 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=31406 DF PROTO=TCP SPT=38472 DPT=21371 WINDOW=5840 RES=0x00 SYN URGP=0

/var/log/sks/recon.log:
2010-11-04 17:34:40 Hashes recovered from <ADDR_INET 76.185.38.113:21371>
2010-11-04 17:34:50 Requesting 4 missing keys from <ADDR_INET
76.185.38.113:21371>, starting with 5C47F4E6B7AF815FBD41F864364F526D

$ host keyserver.gingerbear.net
keyserver.gingerbear.net has address 76.185.38.113


SKS OpenPGP Keyserver statistics
Taken at 2010-11-04 03:00:06 CET
Settings
Hostname: pgpkeys.mallos.nl
Version: 1.1.0
HTTP port: 11371
Recon port: 11370
Debug level: 4

Gossip Peers
keyserver.gingerbear.net 11370

SKS OpenPGP Keyserver statistics
Taken at 2010-11-04 18:00:05 CST
Settings
Hostname: keyserver.gingerbear.net
Version: 1.1.1
HTTP port: 11371
Recon port: 11370
Debug level: 5

Gossip Peers
keyserver.gingerbear.net 11370
basket 21370
pgpkeys.mallos.nl 11370


pgpkeys.mallos.nl runs on Debian Stable (Lenny) with kernel 2.6.32 from
Debian backports.


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Strange SKS traffic

Kim Minh Kaplan
Arnold writes:

> Hello,
>
> Since Tue Oct 26, my firewall blocks some strange outgoing traffic. It
> turned out to be SKS data I try to send to keyserver.gingerbear.net at
> destination port _2_1371.
>
> I do not understand why my server tries to contact gingerbear at that
> special port, as it is listed in my membership file with the normal 11370.
> While examining the stats, I found gingerbear has a gossip peer 'basket'
> that is configured at port 21370. Now it seems to me that the configuration
> data of gingerbear for basket somehow 'leaks' to my system. That, in turn,
> makes my system try to use that port 21371 (for basket) while communicating
> with gingerbear.
>
> Can somebody explain why this happens?

I have seen this happen too.  The peer recon process tells your server
on which port the DB process listens so it is normal that if one of your
peers tells your recon process to fetch keys using port 21371 it does
so.
--
Kim Minh

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel