Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Suspecious UDP traffic related to UDP 7191 CDP Agent Flood

avatar
author-rank Yasine
Explorer

Created ‎08-15-2023 04:48 AM

Hello,

 

After CDP deployment we observed a suspecious traffic from diffrent internet IPs to CDP Agent

port UDP 7191

After an investigation it comes from 

/opt/cloudera/cm-agent/bin/flood

Please could anyone give us more details about this traffic ?

UDP 7191 suspecious traffic.PNG

 

Regards

Yasine L

2,160 Views
0 Kudos
5 REPLIES 5

avatar
author-rank steven-matison
Guru

Created ‎08-15-2023 04:54 AM

A quick dig shows this port 7191 is for parcel distribution and internal only

Peer-to-peer parcel distribution7190, 7191Hosts > All Hosts > Configuration > P2P Parcel Distribution PortUsed to distribute parcels to cluster hosts during installation and upgrade operations.

Reference

https://docs.cloudera.com/cdp-private-cloud-base/7.1.6/installation/topics/cdpdc-ports-used-by-cm.ht...

 

 

2,159 Views
0 Kudos

avatar
author-rank Yasine
Explorer

Created ‎08-15-2023 05:41 AM

So normally it should be an internal traffic, but the firewall is showing external traffic to different IPs in different countries.

 

 

 

2,149 Views
0 Kudos

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎08-30-2023 06:00 AM

@Yasine, Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. 


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
2,050 Views
0 Kudos

avatar
author-rank vaishaakb author-rank
Master Collaborator

Created ‎09-05-2023 01:57 PM

Hello @Yasine Thank you for bringing this in our Community.

So normally it should be an internal traffic, but the firewall is showing external traffic to different IPs in different countries.

May I ask you to be specific and present evidences such as screenshots, tests or logs citing this issue? 

Thanks

V

2,018 Views
0 Kudos

avatar
author-rank ssummers author-rank
Contributor

Created ‎10-13-2023 07:31 PM

@vaishaakb 

I noticed this same activity after deploying to the latest version of CM and after deploying parcels in my Lab cluster.  I started getting P2P violations from my IDS and IPS. Is there any way to control the external p2p process? 

I've gone ahead and attached screen captures from my firewall. 

CDP - 7.1.9-1.cdh7.1.9.p0.44702451 - CM - 7.11.3

Example of the detection:

Screenshot 2023-10-13 at 10.12.57 PM.png

All 5 of my nodes repeatedly trying to talk across the globe. 

Screenshot 2023-10-13 at 10.12.37 PM.png

1,842 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements