[arch-security] strange netstat connections after having opened Firefox
Remi Gacogne
rgacogne at archlinux.org
Fri Dec 4 20:32:30 UTC 2015
On 12/04/2015 10:58 PM, Elmar Stellnberger wrote:
> Unfortunately I can not prevent Firefox entirely from connecting to
> apparently random web addresses once I open it; not even with the
> settings (malware, phishing) you have recommended me to try; not even
> with disabling all addons. Three servers that were contacted while/upon
> an about:blank invocation:
Are you sure those connections come from Firefox? Some IPs are Arch
mirrors, it could be established by pacman or another Arch package manager.
>> nslookup 178.255.83.1
> 1.83.255.178.in-addr.arpa name = ocsp.comodoca.com.
This is an OCSP server, to check whether a X.509 (SSL/TLS) certificate
has been revoked.
>> nslookup 194.187.168.99
>> nslookup 194.187.168.106
This range belongs to qwant, a search engine. It could simply be firefox
looking to refresh the search engines information.
> Annoying; isn`t it? I`d simply wish a more trustworthy OSS browser.
The thing is, you need to understand that a lot of connections are made
to do very simple things like opening a single HTTPS page. DNS queries,
check for browsers update, OCSP checks, CRLs fetching, anti-phishing /
malwares blacklist updates, and so on.. I am not saying you should not
be looking what is done by your browser, that's certainly good to keep
an eye on it, but it will be time consuming :)
Don't forget resource pre-fetching, bookmarks update.. I would advise
you to use a fresh firefox profile to minimize false positives.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20151204/efca4e7c/attachment.asc>
More information about the arch-security
mailing list