[arch-security] strange netstat connections after having opened Firefox

Remi Gacogne rgacogne at archlinux.org
Fri Dec 4 20:32:30 UTC 2015

On 12/04/2015 10:58 PM, Elmar Stellnberger wrote:

> Unfortunately I can not prevent Firefox entirely from connecting to
> apparently random web addresses once I open it; not even with the
> settings (malware, phishing) you have recommended me to try; not even
> with disabling all addons. Three servers that were contacted while/upon
> an about:blank invocation:

Are you sure those connections come from Firefox? Some IPs are Arch
mirrors, it could be established by pacman or another Arch package manager.

>> nslookup
>       name = ocsp.comodoca.com.

This is an OCSP server, to check whether a X.509 (SSL/TLS) certificate
has been revoked.

>> nslookup
>> nslookup

This range belongs to qwant, a search engine. It could simply be firefox
looking to refresh the search engines information.

> Annoying; isn`t it? I`d simply wish a more trustworthy OSS browser.

The thing is, you need to understand that a lot of connections are made
to do very simple things like opening a single HTTPS page. DNS queries,
check for browsers update, OCSP checks, CRLs fetching, anti-phishing /
malwares blacklist updates, and so on.. I am not saying you should not
be looking what is done by your browser, that's certainly good to keep
an eye on it, but it will be time consuming :)
Don't forget resource pre-fetching, bookmarks update.. I would advise
you to use a fresh firefox profile to minimize false positives.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20151204/efca4e7c/attachment.asc>

More information about the arch-security mailing list