[arch-security] strange netstat connections after having opened Firefox
Elmar Stellnberger
estellnb at elstel.org
Fri Dec 4 22:46:08 UTC 2015
ok; fine to know Remi; then there was already everything good with the
configuration Jonathan had recommended me! (Qwant will have been there
because of the search machine status bar)
However what I would find really interesting are the remaining servers
that there was a connection to when the '100% CPU fan' bug hit my
machine. I really did nothing at all when it heated up that much; - and
the desktop search should not have caused that, I would at least believe.
Elmar
P.S.: By the way which name server did you use for reverse lookup, Remi?
208.67.222.222 (OpenDNS server) did not do that for me in case of the
Qwant search engine; even sites like ping.eu do not succeed in the
reverse lookup of the 194.187.168.xx addresses.
Am 2015-12-04 um 21:32 schrieb Remi Gacogne:
> On 12/04/2015 10:58 PM, Elmar Stellnberger wrote:
>
>> Unfortunately I can not prevent Firefox entirely from connecting to
>> apparently random web addresses once I open it; not even with the
>> settings (malware, phishing) you have recommended me to try; not even
>> with disabling all addons. Three servers that were contacted while/upon
>> an about:blank invocation:
>
> Are you sure those connections come from Firefox? Some IPs are Arch
> mirrors, it could be established by pacman or another Arch package manager.
>
>>> nslookup 178.255.83.1
>> 1.83.255.178.in-addr.arpa name = ocsp.comodoca.com.
>
> This is an OCSP server, to check whether a X.509 (SSL/TLS) certificate
> has been revoked.
>
>>> nslookup 194.187.168.99
>>> nslookup 194.187.168.106
>
> This range belongs to qwant, a search engine. It could simply be firefox
> looking to refresh the search engines information.
>
>> Annoying; isn`t it? I`d simply wish a more trustworthy OSS browser.
>
> The thing is, you need to understand that a lot of connections are made
> to do very simple things like opening a single HTTPS page. DNS queries,
> check for browsers update, OCSP checks, CRLs fetching, anti-phishing /
> malwares blacklist updates, and so on.. I am not saying you should not
> be looking what is done by your browser, that's certainly good to keep
> an eye on it, but it will be time consuming :)
> Don't forget resource pre-fetching, bookmarks update.. I would advise
> you to use a fresh firefox profile to minimize false positives.
>
>
More information about the arch-security
mailing list