Title
#kolide
hilt

hilt

06/17/2021, 5:46 AM
Also I’m seeing k2 appear to connect to hosts on port 9?
terracatta

terracatta

06/17/2021, 1:15 PM
Our servers (K2) don't actually initiate any connections to hosts, the hosts poll the servers over standard TLS/HTTPs ports via TCP. You should see traffic over 443. I can confirm that IP address is our k2device load balancer. This IP only listens to 80/443. I'm not aware of any explicit code in our agent that would cause the agent to attempt to connect on port 9. That being said, Port 9 is sometimes used to active Wake-On-LAN on a remote server. It can also be used to troubleshoot connectivity (since it's the TCP/UDP equivalent of
dev/null
) My theory, is that our agent's TCP library may attempt to send traffic over this port as part of a series of steps to troubleshoot connectivity issues. I will speak more to our agent engineers to validate that theory, but I wouldn't be alarmed. If you'd rather block that port, feel free our agent works correctly with just outbound 443 enabled. See https://help.kolide.com/en/articles/4252704-kolide-agent-to-servers-connectivity for more details.
s

seph

06/19/2021, 8:15 PM
I don’t know how to read that — is that udp or tcp?