Firefox makes unknown connections

samy1029384756 · Post by **samy1029384756** » March 3rd, 2015, 12:10 pm

Hello,
I have this issue.

So basicaly, firefox is making connections I don't understand. Note that I disabled all addons, and disabled search prefetch.

Code: Select all

root@samy-pc:~# lsof -n -P -i +c 15 | grep firefox
firefox         6137       samy   42r  IPv4 235092      0t0  TCP 192.168.1.26:50025->54.200.165.244:443 (ESTABLISHED)
firefox         6137       samy   43u  IPv4 235918      0t0  TCP 192.168.1.26:50194->41.201.128.40:443 (ESTABLISHED)
firefox         6137       samy   46u  IPv4 235056      0t0  TCP 192.168.1.26:40545->41.201.128.59:443 (ESTABLISHED)
firefox         6137       samy   51u  IPv4 235057      0t0  TCP 192.168.1.26:56813->41.201.128.59:80 (ESTABLISHED)
firefox         6137       samy   52u  IPv4 235921      0t0  TCP 192.168.1.26:56814->41.201.128.59:80 (ESTABLISHED)
firefox         6137       samy   53u  IPv4 235062      0t0  TCP 192.168.1.26:50994->41.201.128.54:80 (ESTABLISHED)
firefox         6137       samy   54u  IPv4 235109      0t0  TCP 192.168.1.26:41786->93.184.220.29:80 (ESTABLISHED)
firefox         6137       samy   55u  IPv4 235114      0t0  TCP 192.168.1.26:56891->41.201.128.49:443 (ESTABLISHED)
firefox         6137       samy   56u  IPv4 235170      0t0  TCP 192.168.1.26:60491->52.11.99.64:443 (ESTABLISHED)
firefox         6137       samy   57u  IPv4 235159      0t0  TCP 192.168.1.26:56808->41.201.128.45:443 (ESTABLISHED)
firefox         6137       samy   58u  IPv4 235179      0t0  TCP 192.168.1.26:60494->52.11.99.64:443 (SYN_SENT)

41.201.x.x ips are local google ips and I don't know why firefox queries google when starting with a blank

More preoccupying, is the other ips 54.200.165.244 and 52.11.99.64 resolve to ec2 compute instances in amazon aws.

Also, 93.184.220.29 doesn't resolve to any ip.

Note: nothing is found regarding these 3 last ips in about:config.

Disabling anti-malware / phishing options doesn't help.

Here is ss -antu (local ips (127.x.x.x) removed from output)

Code: Select all

root@samy-pc:~# ss -antu
Netid  State      Recv-Q Send-Q                                                     Local Address:Port                                                       Peer Address:Port    
tcp    ESTAB      0      0                                                           192.168.1.26:49099                                                     41.201.128.30:443   
tcp    ESTAB      0      0                                                           192.168.1.26:42049                                                     41.201.128.40:80    
tcp    ESTAB      0      0                                                           192.168.1.26:39856                                                     41.201.128.24:443   
tcp    CLOSE-WAIT 1      0                                                           192.168.1.26:35103                                                      91.189.94.25:80    
tcp    ESTAB      0      0                                                           192.168.1.26:60123                                                     54.201.16.171:443   
tcp    ESTAB      0      0                                                           192.168.1.26:45893                                                     54.68.248.235:443   
tcp    ESTAB      0      0                                                           192.168.1.26:60109                                                     54.201.16.171:443   
tcp    ESTAB      0      0                                                           192.168.1.26:45409                                                     91.190.218.64:12350 
tcp    ESTAB      0      0                                                           192.168.1.26:59150                                                        64.4.47.13:443   
tcp    ESTAB      0      0                                                           192.168.1.26:42542                                                     93.184.220.29:80    
tcp    ESTAB      0      0                                                           192.168.1.26:42541                                                     93.184.220.29:80    
tcp    ESTAB      0      0                                                           192.168.1.26:45660                                                    157.55.130.169:40004

Any help is appreciated.

malliz · Post by **malliz** » March 3rd, 2015, 2:32 pm

See
http://kb.mozillazine.org/Connections_e ... _-_Firefox
(Maybe slightly out of date)
And
https://support.mozilla.org/en-US/kb/ho ... onnections

samy1029384756 · Post by **samy1029384756** » March 3rd, 2015, 2:35 pm

I have found those links too and no they didn't help.

Thanks for your help though.

edit: request to 93.184.220.29, is for checking certificate validity (OCSP).
I'm still looking for the two other ips though.

edit2: I re-followed th einstructions on the provided links (just in case), removed all the bookmarks but still the same problem.

The OCSP request is not here anymore, nor the google requests, but I still have the problem with those two ips (54.200.165.244, and 52.10.126.28) . Help!.

Code: Select all

root@samy-pc:~# lsof -n -P -i +c 15 | grep firefox
firefox         7722       samy   42r  IPv4 451096      0t0  TCP 192.168.1.26:52103->54.200.165.244:443 (ESTABLISHED)
firefox         7722       samy   49u  IPv4 452380      0t0  TCP 192.168.1.26:53711->52.10.126.28:443 (ESTABLISHED)
firefox         7722       samy   54u  IPv4 452453      0t0  TCP 192.168.1.26:52106->54.200.165.244:443 (ESTABLISHED)

edit4: I just noticed the Ips are not the same:

Code: Select all

52.10.126.28
52.11.99.62
54.68.248.235
54.200.165.244
54.201.16.171

and my firefox version is: 35.0.1+build1-0ubuntu0.12.04.1 (official package)

is the package compromized!!?

JayhawksRock · Post by **JayhawksRock** » March 3rd, 2015, 3:45 pm

One range is Amazon and may be part of their hosting service. They are a provider of hosting services for small websites that cant afford a Server.
http://whatmyip.co/view/ip_addresses/87 ... 10.126.255
Amazon Cloud > https://www.google.com/search?hl=en&sit ... 1vbsa1sC5M

patrickjdempsey · Post by **patrickjdempsey** » March 3rd, 2015, 3:46 pm

Also, just an FYI since you appear to have come here in response to this: http://askubuntu.com/questions/592324/f ... onnections

We are not Mozilla, we are just a user forum: http://www.mozillazine.org/about/

samy1029384756 · Post by **samy1029384756** » March 3rd, 2015, 4:10 pm

Yes addresses points to ec2 instances.

And, Yes Patrick I know you are not mozilla :lol:

well, after quick analyzis using wireshark I find:

Code: Select all

2   0.113789   205.251.192.206   192.168.1.26   DNS   271   Standard query response A 54.200.165.244 A 54.201.16.171

So basically, it seems that firefox is using its own dns server!

edit:just in case the request was:

Code: Select all

1   0.000000   192.168.1.26   205.251.192.206   DNS   102   Standard query A loop.r53-2.services.mozilla.com

samy1029384756 · Post by **samy1029384756** » March 3rd, 2015, 4:28 pm

Setting loop.enabled to false in about:config resolves this problem
Firefox does not try to make stupid connections anymore.

The question is: is this connection really stupid? what is this loop service about anyways.. Answer here: https://wiki.mozilla.org/Loop .

patrickjdempsey · Post by **patrickjdempsey** » March 3rd, 2015, 4:29 pm

"Loop" is the new "Hello" WebRTC service. Type about:config in the addressbar and press Enter. Click through the warnings. Search for loop.enabled and double-click the entry to change it to false.

https://support.mozilla.org/en-US/produ ... llo-webrtc

Firefox makes unknown connections

Firefox makes unknown connections

Re: Firefox makes unknown connections

Re: Firefox makes unknown connections

Re: Firefox makes unknown connections

Re: Firefox makes unknown connections

Re: Firefox makes unknown connections

Re: Firefox makes unknown connections

Re: Firefox makes unknown connections