I noticed that the recent update had dhcpd in it. For no particular reason I
decided to do a minor health check and see what it was doing.
I was surprised to see that dhcpd was listening on some random high port in
addition to its usual dhcp port.
[root@shorty ~]# ps -ef | grep dhcp
dhcpd 1352 1 0 09:41 ? 00:00:00 /usr/sbin/dhcpd -f -cf
/etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
[root@shorty ~]# ls -al /proc/1352/fd
lrwx------. 1 root root 64 Apr 23 09:43 20 -> 'socket:[24079]'
/proc/net/udp showed the socket bound to port 36755
[root@shorty ~]# netstat -a | grep 36755
udp 0 0 0.0.0.0:36755 0.0.0.0:*
The regular dhcp port correctly listens only on the subnet. But this thing
is open to the whole wide world.
Some searching around found that people noticed this ten years ago, and it's
something dynamic dns-related.
There was no configuration option to turn it off when people were talking
about it. There was only a compile-time option. I combed through the man
page. "ddns-updates off" sounded like a promising candidate, I put it into
dhcpd.conf, restarted dhcpd, and I don't see dhcpd listening on some high
port anymore.
This doesn't really matter for Fedora, firewalld will block this. But it's
awesome how this is enabled by default, and it's listening on all IP
addresses, and not just the DHCP subnet.