Hi All,
I have Apache Flink running as part of our java program , on a linux
machine.
The Flink runs on thread(s) within the same java process.
I see that the machine has the BLOB server port 1098 exposed to the outside
:
davc@sdavc:~$ netstat -anp | grep LISTEN
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN -
tcp 0 0 127.0.0.1:5432 0.0.0.0:*
LISTEN 311/postgres
tcp6 0 0 :::8080 :::*
LISTEN -
tcp6 0 0 :::21 :::*
LISTEN -
tcp6 0 0 :::22 :::*
LISTEN -
tcp6 0 0 ::1:5432 :::*
LISTEN 311/postgres
tcp6 0 0 :::8443 :::*
LISTEN -
*tcp6 0 0 :::1098 :::*
LISTEN -*
This bring to our team security concerns , when other external user/system
open connection (for telnet or other protocols) to this port
(accidentally or not), we get below error in the java app log:
2020-04-23 07:54:58 ERROR BlobServerConnection:131 - Error while executing
BLOB connection.
java.io.IOException: Unknown operation 3
at
org.apache.flink.runtime.blob.BlobServerConnection.run(BlobServerConnection.java:122)
My question if is there a way to avoid exposing this port to the outside,
and keep it available only for it's original purpose : serving the
localhost/127.0.0.1 requests which come from the flink engine.
Thank you and stay safe.
Omar
