What causes RabbitMQ servers to log 'epmd: invalid packet size' messages as shown below after patching?

epmd: invalid packet size (5635)
epmd: invalid packet size (18245)

All versions

An 'epmd: invalid packet size' log message is an indication that the epmd port received non Erlang packets.

The 5635 octet sequence from the log message means the start of a TLS client "Hello",  and 18245 is an indication of an HTTP GET method request.  These can be logged by security scanner tools, LB health check or similar tools.

Neither of these are logged by RabbitMQ itself or the CLI tools. It is also not part of a pre or post script packaged with RabbitMQ to prevent these logs.

It is important to prevent access to the epmd port from outside a trusted network. The security risk from exposing epmd to public is described at length in the doc and mitigation techniques are described here.

If you continue to see these log messages after this step, you can delete the epmd port from security scanner tools or other health checks in your environment.