[Sks-devel] Strange SKS traffic

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Strange SKS traffic

From:	Arnold
Subject:	[Sks-devel] Strange SKS traffic
Date:	Fri, 05 Nov 2010 00:48:39 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.22) Gecko/20090707 Thunderbird/2.0.0.22 Mnenhy/0.7.6.666

Hello,

Since Tue Oct 26, my firewall blocks some strange outgoing traffic. It
turned out to be SKS data I try to send to keyserver.gingerbear.net at
destination port _2_1371.

I do not understand why my server tries to contact gingerbear at that
special port, as it is listed in my membership file with the normal 11370.
While examining the stats, I found gingerbear has a gossip peer 'basket'
that is configured at port 21370. Now it seems to me that the configuration
data of gingerbear for basket somehow 'leaks' to my system. That, in turn,
makes my system try to use that port 21371 (for basket) while communicating
with gingerbear.

Can somebody explain why this happens?

@John, did you modify your configuration at Tue Oct 26? I did not modify
anything that day.

Kind regards,
   Arnold

Below are some lines from the stats, my log and configuration files.


/etc/sks/membership
keyserver.gingerbear.net 11370 # John P. Clizbe
/var/log/syslog:
Nov  4 17:36:54 gateway kernel: [337692.787306] Shorewall:fw2all:REJECT:IN=
OUT=eth2 SRC=192.168.1.1 DST=76.185.38.113 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=31406 DF PROTO=TCP SPT=38472 DPT=21371 WINDOW=5840 RES=0x00 SYN URGP=0

/var/log/sks/recon.log:
2010-11-04 17:34:40 Hashes recovered from <ADDR_INET 76.185.38.113:21371>
2010-11-04 17:34:50 Requesting 4 missing keys from <ADDR_INET
76.185.38.113:21371>, starting with 5C47F4E6B7AF815FBD41F864364F526D

$ host keyserver.gingerbear.net
keyserver.gingerbear.net has address 76.185.38.113


SKS OpenPGP Keyserver statistics
Taken at 2010-11-04 03:00:06 CET
Settings
Hostname:       pgpkeys.mallos.nl
Version:        1.1.0
HTTP port:      11371
Recon port:     11370
Debug level:    4

Gossip Peers
keyserver.gingerbear.net 11370

SKS OpenPGP Keyserver statistics
Taken at 2010-11-04 18:00:05 CST
Settings
Hostname:       keyserver.gingerbear.net
Version:        1.1.1
HTTP port:      11371
Recon port:     11370
Debug level:    5

Gossip Peers
keyserver.gingerbear.net 11370
basket 21370
pgpkeys.mallos.nl 11370


pgpkeys.mallos.nl runs on Debian Stable (Lenny) with kernel 2.6.32 from
Debian backports.

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Strange SKS traffic, Arnold <=
- Re: [Sks-devel] Strange SKS traffic, Kim Minh Kaplan, 2010/11/05

Prev by Date: Re: [Sks-devel] SKS, Content-Length and HEAD requests
Next by Date: Re: [Sks-devel] Strange SKS traffic
Previous by thread: [Sks-devel] SKS, Content-Length and HEAD requests
Next by thread: Re: [Sks-devel] Strange SKS traffic
Index(es):
- Date
- Thread