Litespeed open second UDP port automatically without notification?

[local@work]

Hello,
I have litespeed and yesterday from chkrootkit I see that:

Checking `bindshell'... INFECTED (PORTS:  465 45454)

I have cPanel and the notice of the port 465 it's ok. It's the first time that chkrootkit alert me for one other port. The port 45454! After research I can't find this particular port (thing litespeed listen to another again) but instead I find litespeed run with a second PID process to a similar UDP port!!
See below:

lsof -i :41733
COMMAND     PID   USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
litespeed 14871 nobody   77u  IPv4 yyyyyyyyy      0t0  UDP *:41733
lsof -i :7080
COMMAND     PID   USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
litespeed 14867   root   44u  IPv4 xxxxxxxxx      0t0  TCP *:7080 (LISTEN)
litespeed 14871 nobody   44u  IPv4 xxxxxxxxx      0t0  TCP *:7080 (LISTEN)

udp 0 0 0.0.0.0:41733 0.0.0.0:* 0 yyyyyyyyy  14871/litespeed (ls

Also I have Quic UDP ports 443 allow to my csf firewall.

Is possible something malicious run with litespeed? I have cPanel and I made all the steps for litespeed from your docs... I have also comodo modsecurity litespeed rule set enable and everything...

Why litespeed open ports UDP?

 

[mistwang]

The random UDP port is likely opened by the Asynchronize DNS resolver library used in the server. It should not cause any security issue. see if we can turn it off.
it has nothing to do with QUIC.

 

[local@work]

Hello,
So it's nothing to worry about it as UDP random ports are open (for security reasons)?
Also if in the csf I don't have those ports it's possible be useless?
Thank you.

 

[mistwang]

Yes, no worry.
If csf block UDP outgoing, it could block the DNS query.