LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-24-2012, 06:33 AM   #1
tix
LQ Newbie
 
Registered: May 2011
Posts: 24

Rep: Reputation: 0
my linux box chit-chatting too much to 1e100.net (Google)


I have noticed over the past while that on my Linux box (Slackware 13.1), there has been traffic flowing from the Linux box to servers at domain 1e100.net
Upon closer examination of the 1e100.net domain using WHOIS, I discovered that actually belongs to GOOGLE (google.com)
1.) Servers: (listing is too big to list all the 1e100.net servers here)
par03s02-in-f5.1e100.net
par03s02-in-f13.1e100.net
par03s02-in-f19.1e100.net
par03s02-in-f25.1e100.net

2) Connection port:
port: https (443) or www-http (80)

Some Notes:
------------
The linux box has a firewall configured using IPTABLES.
The connections to 1e100.net are outgoing connections.
I use the machine both as a server and as a desktop computer (running KDE).
The machine can be sitting idle, and network connections to the 1e100.net occur! WTF!

(T.I.Q.) The Important Questions
---------------------------------
1) What could be causing the traffic to 1e100.net servers from within Slackware 13.1?
2) Could there be a possibility that some software (e.g. Firefox browser) is too chatty and sending information to Google?
3) Could google have imbedded software into Slackware 13.1 that sends information regarding usage of the Slack box back to Google?
4) Is it only Slackware that is affected or are other Linux distributions also very chatty to 1e100.net servers?
5) We all know that google is a military project based on collecting information about you so that it can be used against you!
Could information about my usage of my linux box being collected by google be the reason behind customized ads on webpages and
unsolicited mail in my e-mail and snail mail (p.o. box)?

If I try blocking acccess to the 1e100.net domain, I end up blocking access to common google services such as Google.com, gmail.com, ...etc

ANYONE CARE TO HELP A *PARANOID* SLACKWARE USER?
YOUR HELP WILL NOT GO UN-APPRECIATED!

--------------------------WHOIS BEGIN-----------------------
tux@slackbox:/$ whois 1e100.net

Registrant:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571

Domain Name: 1e100.net

Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com

Administrative Contact:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571
Technical Contact, Zone Contact:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571

Created on..............: 2009-09-24.
Expires on..............: 2019-09-24.
Record last updated on..: 2012-04-20.

Domain servers in listed order:

ns1.google.com
ns4.google.com
ns2.google.com
ns3.google.com
--------------------------WHOIS END-----------------------


------MOTD------
Nice Car!
 
Old 05-24-2012, 06:45 AM   #2
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,377

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Having googled it (oh, the irony) I find that the main reason you would see this is browsers checking "safe site" lists against the google servers. Firefox and, of course, Chrome do this and perhaps others also?
If you run a web server then perhaps there are spiders also?
If you don't trust google then you should probably modify Firefox's (or an other browser's) configuration accordingly.
 
Old 05-24-2012, 09:04 AM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
The connections to 1e100.net are outgoing connections.
The machine can be sitting idle, and network connections to the 1e100.net occur!
Do you know what process is making these connections? If not, I would suggest you run tcpdump or wireshark with an appropriate filter to capture some of the traffic and see what is happening.

As far as item #5 goes, I doubt that the international community of people who eyeball the Linux Kernel and the various open source applications on a regular basis would allow a "phone home" kit to be embedded into Slackware (or any of the other main distributions for that matter).
 
  


Reply

Tags
ads, google, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Secure Encryption on any cloud (backup) service (google drive, dropbox, box.net etc) LXer Syndicated Linux News 0 05-01-2012 04:50 PM
LXer: Mount your box.net (box.com) account in linux LXer Syndicated Linux News 0 01-13-2012 11:12 PM
DNS servers chatting it up with my box tobiusmaximus Linux - Networking 9 01-15-2008 06:27 PM
chit-chat server on linux platform celebnavin Linux - Server 1 12-18-2007 11:25 PM
Windows to net through linux box hate29 Linux - Networking 7 11-13-2007 01:17 PM


All times are GMT -5. The time now is 05:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration