[arch-security] strange netstat connections after having opened Firefox

Elmar Stellnberger estellnb at elstel.org
Fri Dec 4 22:46:08 UTC 2015

ok; fine to know Remi; then there was already everything good with the 
configuration Jonathan had recommended me! (Qwant will have been there 
because of the search machine status bar)

However what I would find really interesting are the remaining servers 
that there was a connection to when the '100% CPU fan' bug hit my 
machine. I really did nothing at all when it heated up that much; - and 
the desktop search should not have caused that, I would at least believe.


P.S.: By the way which name server did you use for reverse lookup, Remi? (OpenDNS server) did not do that for me in case of the 
Qwant search engine; even sites like ping.eu do not succeed in the 
reverse lookup of the 194.187.168.xx addresses.

Am 2015-12-04 um 21:32 schrieb Remi Gacogne:
> On 12/04/2015 10:58 PM, Elmar Stellnberger wrote:
>> Unfortunately I can not prevent Firefox entirely from connecting to
>> apparently random web addresses once I open it; not even with the
>> settings (malware, phishing) you have recommended me to try; not even
>> with disabling all addons. Three servers that were contacted while/upon
>> an about:blank invocation:
> Are you sure those connections come from Firefox? Some IPs are Arch
> mirrors, it could be established by pacman or another Arch package manager.
>>> nslookup
>>       name = ocsp.comodoca.com.
> This is an OCSP server, to check whether a X.509 (SSL/TLS) certificate
> has been revoked.
>>> nslookup
>>> nslookup
> This range belongs to qwant, a search engine. It could simply be firefox
> looking to refresh the search engines information.
>> Annoying; isn`t it? I`d simply wish a more trustworthy OSS browser.
> The thing is, you need to understand that a lot of connections are made
> to do very simple things like opening a single HTTPS page. DNS queries,
> check for browsers update, OCSP checks, CRLs fetching, anti-phishing /
> malwares blacklist updates, and so on.. I am not saying you should not
> be looking what is done by your browser, that's certainly good to keep
> an eye on it, but it will be time consuming :)
> Don't forget resource pre-fetching, bookmarks update.. I would advise
> you to use a fresh firefox profile to minimize false positives.

More information about the arch-security mailing list