Hello friends,

Could someone give me more information about it?

curiously and randomly I run this command on my lab computers.

and I am surprised with the following connections..
here we see that my PCs connect to a [remote ip] port 80/443

I do an analysis (abuseipdb.com) of the ownership of these IPs [Remote IP] and I get as a result...

I am using Linux as the operating system, and through Google I was seeing cases similar to mine, but they correspond to users who have Windows, they receive updates from Microsoft.

But in my case what could it be?

Thank you

probably: https://en.wikipedia.org/wiki/Akamai_Technologies

yes, i understood that akamai was a content replicator...

here my query is if anyone knew why I have these connections from my LAN to their servers (akamai).

Using subdomains with IP numbers from my ISP.

I feel like they're updating something, without my consent.

Linux is not a single OS. What specifically are you using?

A search for +"linux" deploy.akamaitechnologies.com has hits for both Arch and Mint - they both suggest it could be a browser plugin, or perhaps a desktop widget.

sorry, I did not specify my linux distribution "Debian".


yes, I have also found result with linux for Arch, Mint and others... with desktop installations.

The curious thing is that I have a PC that acts as a web server, it only has the basics installed to serve a small LAMP installation, and it demonstrated those connections at some point in the survey.

That's only a partial answer - presumably a web server is running Debian Stable (i.e. not Debian Testing or Debian Unstable), but which version? (i.e. v10 buster or v11 bullseye) What desktop environments are you using, or did you do a custom install and explicitly not install any GUIs?

Inxi is a convenient tool for providing version info; e.g. "$ inxi -SGxx" will confirm OS info, as well as whether there's a graphics server / display manager running, even if accessing over a tty.


Anyhow, the very first option in your netstat command is -p which outputs "the PID and name of the program to which each socket belongs" - and the sample output you show includes "2093/chrome" suggesting the culprit is Google.

Does "pstree -as 2093" or "ps -F 2093" give any clues as to why? (Changing the pid in accordance to what netstat shows, since it may not always be the same process.)


Depending on the function of the web server, maybe you can configure the firewall to block all outgoing HTTP/HTTPS traffic and manually whitelist expected traffic?