LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   my linux box chit-chatting too much to 1e100.net (Google) (http://www.linuxquestions.org/questions/linux-security-4/my-linux-box-chit-chatting-too-much-to-1e100-net-google-946610/)

tix 05-24-2012 07:33 AM

my linux box chit-chatting too much to 1e100.net (Google)
 
I have noticed over the past while that on my Linux box (Slackware 13.1), there has been traffic flowing from the Linux box to servers at domain 1e100.net
Upon closer examination of the 1e100.net domain using WHOIS, I discovered that actually belongs to GOOGLE (google.com) :(
1.) Servers: (listing is too big to list all the 1e100.net servers here)
par03s02-in-f5.1e100.net
par03s02-in-f13.1e100.net
par03s02-in-f19.1e100.net
par03s02-in-f25.1e100.net

2) Connection port:
port: https (443) or www-http (80)

Some Notes:
------------
The linux box has a firewall configured using IPTABLES.
The connections to 1e100.net are outgoing connections.
I use the machine both as a server and as a desktop computer (running KDE).
The machine can be sitting idle, and network connections to the 1e100.net occur! WTF!

(T.I.Q.) The Important Questions
---------------------------------
1) What could be causing the traffic to 1e100.net servers from within Slackware 13.1?
2) Could there be a possibility that some software (e.g. Firefox browser) is too chatty and sending information to Google?
3) Could google have imbedded software into Slackware 13.1 that sends information regarding usage of the Slack box back to Google?
4) Is it only Slackware that is affected or are other Linux distributions also very chatty to 1e100.net servers?
5) We all know that google is a military project based on collecting information about you so that it can be used against you! :)
Could information about my usage of my linux box being collected by google be the reason behind customized ads on webpages and
unsolicited mail in my e-mail and snail mail (p.o. box)?

If I try blocking acccess to the 1e100.net domain, I end up blocking access to common google services such as Google.com, gmail.com, ...etc

ANYONE CARE TO HELP A *PARANOID* SLACKWARE USER?
YOUR HELP WILL NOT GO UN-APPRECIATED!

--------------------------WHOIS BEGIN-----------------------
tux@slackbox:/$ whois 1e100.net

Registrant:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571

Domain Name: 1e100.net

Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com

Administrative Contact:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571
Technical Contact, Zone Contact:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571

Created on..............: 2009-09-24.
Expires on..............: 2019-09-24.
Record last updated on..: 2012-04-20.

Domain servers in listed order:

ns1.google.com
ns4.google.com
ns2.google.com
ns3.google.com
--------------------------WHOIS END-----------------------


------MOTD------
Nice Car!

273 05-24-2012 07:45 AM

Having googled it (oh, the irony) I find that the main reason you would see this is browsers checking "safe site" lists against the google servers. Firefox and, of course, Chrome do this and perhaps others also?
If you run a web server then perhaps there are spiders also?
If you don't trust google then you should probably modify Firefox's (or an other browser's) configuration accordingly.

Noway2 05-24-2012 10:04 AM

Quote:

The connections to 1e100.net are outgoing connections.
The machine can be sitting idle, and network connections to the 1e100.net occur!
Do you know what process is making these connections? If not, I would suggest you run tcpdump or wireshark with an appropriate filter to capture some of the traffic and see what is happening.

As far as item #5 goes, I doubt that the international community of people who eyeball the Linux Kernel and the various open source applications on a regular basis would allow a "phone home" kit to be embedded into Slackware (or any of the other main distributions for that matter).


All times are GMT -5. The time now is 03:19 PM.