Suspicius TCP Connections in Porteus 5.01 Fresh Install

Post here if you are a new Porteus member and you're looking for some help.
hosico
Ronin
Ronin
Posts: 1
Joined: 10 Jan 2025, 08:31
Distribution: 5.01

Suspicius TCP Connections in Porteus 5.01 Fresh Install

Post#1 by hosico » 10 Jan 2025, 13:07

Sub:- Suspicious TCP Connections in Proteus 5.01 Fresh Install
I have done a Proteus 5.01 Fresh Install as I wanted to try it out as email checking only as it is a secure distro
as per it's reputation. I have downloaded Firefox 133.0.3 from its browser tools from porteus server and update the
distribution from Porteus updater Tools.
But surprisingly while i only checking my emails [without opening any other website, Just gmail TAB in Firefox, no other site has opened after install - only Gmail], I have notice the following via netstat:-
[Facebook] + [Microsoft Azure @ Korea ISP + Web hosting] + [ISP CloudFlare DataCenter/Web Hosting/Transit US] + [Microsoft Corporation] + [Verizon Business] and Lots lots of different google server are connected!!!!!!!?????
Why there is some "Facebook", Microsoft or Verizon Business connection when I am only browsing my Gmail ???!!!
Pl. somebody care to explain?

Pl. note I am a user of Endeavouros also. I have attached my netstat result at the end for endeavouros for the same actions.
It is only google servers and nothing else!

I have attached my netstat result for ready reference :-
Gmail Session:-
30.5 MB Download 29.0MB Upload. [I did not Upload or download any attachment, Only text]
1h 28min

guest@porteus:~$ netstat -ant | grep ESTABLISHED
tcp 0 0 192.168.0.101:52640 52.231.230.148:443 ESTABLISHED Microsoft Azure @ Korea ISP + Web hosting
tcp 0 0 192.168.0.101:60468 142.250.199.138:443 ESTABLISHED Google Servers US
tcp 0 0 192.168.0.101:39310 142.250.192.35:443 ESTABLISHED
tcp 0 0 192.168.0.101:49616 142.250.192.106:443 ESTABLISHED
tcp 0 0 192.168.0.101:44310 142.250.199.177:443 ESTABLISHED
tcp 0 0 192.168.0.101:47102 34.107.221.82:80 ESTABLISHED Google Cloud
tcp 0 0 192.168.0.101:44686 142.251.42.10:443 ESTABLISHED
tcp 0 0 192.168.0.101:40320 142.250.192.131:80 ESTABLISHED
tcp 0 0 192.168.0.101:42436 142.251.42.46:443 ESTABLISHED
tcp 0 0 192.168.0.101:43308 216.239.32.181:443 ESTABLISHED Google California (CA)
tcp 0 0 192.168.0.101:54080 142.250.199.131:443 ESTABLISHED
tcp 0 0 192.168.0.101:52696 152.195.38.76:80 ESTABLISHED Verizon Business US
tcp 0 0 192.168.0.101:59160 142.250.71.106:443 ESTABLISHED
tcp 0 0 192.168.0.101:59494 142.250.67.202:443 ESTABLISHED
tcp 0 0 192.168.0.101:40334 142.250.192.131:80 ESTABLISHED
tcp 0 0 192.168.0.101:38038 157.240.1.9:443 ESTABLISHED Facebook
tcp 0 0 192.168.0.101:33572 142.250.192.131:80 ESTABLISHED
tcp 0 0 192.168.0.101:59606 142.250.67.226:443 ESTABLISHED
tcp 0 0 192.168.0.101:52436 104.17.248.203:443 ESTABLISHED ISP CloudFlare DataCenter/Web Hosting/Transit US
tcp 0 0 192.168.0.101:52704 152.195.38.76:80 ESTABLISHED Verizon Business.
tcp 0 0 192.168.0.101:60480 142.250.199.138:443 ESTABLISHED
tcp 0 0 192.168.0.101:44356 142.250.192.99:443 ESTABLISHED
tcp 0 0 192.168.0.101:44700 142.251.42.10:443 ESTABLISHED
tcp 0 0 192.168.0.101:46922 142.251.42.97:443 ESTABLISHED
tcp 0 0 192.168.0.101:58990 142.250.199.174:443 ESTABLISHED
tcp 0 0 192.168.0.101:40322 142.250.192.131:80 ESTABLISHED
tcp 0 0 192.168.0.101:55516 142.250.67.138:443 ESTABLISHED
tcp 0 0 192.168.0.101:39328 142.250.192.35:443 ESTABLISHED
tcp 0 0 192.168.0.101:58148 142.250.71.110:443 ESTABLISHED
tcp 0 0 192.168.0.101:49878 142.250.192.99:443 ESTABLISHED
tcp 0 0 192.168.0.101:56318 142.250.67.226:443 ESTABLISHED
tcp 0 0 192.168.0.101:47096 34.107.221.82:80 ESTABLISHED Google Cloud
tcp 0 0 192.168.0.101:46622 142.250.199.161:443 ESTABLISHED
tcp 0 0 192.168.0.101:58988 142.250.199.174:443 ESTABLISHED
tcp 0 0 192.168.0.101:50858 142.250.70.37:443 ESTABLISHED
tcp 0 0 192.168.0.101:51462 172.217.174.81:443 ESTABLISHED Google Servers
tcp 0 0 192.168.0.101:59482 142.250.67.202:443 ESTABLISHED
tcp 0 0 192.168.0.101:39152 142.251.42.98:443 ESTABLISHED
tcp 0 0 192.168.0.101:60100 142.250.192.74:443 ESTABLISHED
tcp 0 0 192.168.0.101:35790 142.250.183.132:443 ESTABLISHED
tcp 0 0 192.168.0.101:53038 216.58.203.3:80 ESTABLISHED Google Servers
tcp 0 0 192.168.0.101:59158 142.250.71.106:443 ESTABLISHED
tcp 0 0 192.168.0.101:58248 34.117.188.166:443 ESTABLISHED
tcp 0 0 192.168.0.101:40326 142.251.42.14:443 ESTABLISHED
tcp 0 0 192.168.0.101:37418 142.250.183.195:443 ESTABLISHED
tcp 0 0 192.168.0.101:40132 142.250.183.138:443 ESTABLISHED
tcp 0 0 192.168.0.101:52144 74.125.68.84:443 ESTABLISHED Google Servers US
tcp 0 0 192.168.0.101:40116 142.250.183.138:443 ESTABLISHED
tcp 0 0 192.168.0.101:49628 142.250.192.106:443 ESTABLISHED
tcp 0 0 192.168.0.101:51880 142.250.70.99:443 ESTABLISHED
tcp 0 0 192.168.0.101:36166 142.250.183.132:443 ESTABLISHED Google Servers
tcp 0 0 192.168.0.101:52438 142.251.175.154:443 ESTABLISHED
tcp 0 0 192.168.0.101:52850 150.171.27.10:443 ESTABLISHED Microsoft Corporation
tcp 0 0 192.168.0.101:37352 142.251.42.8:443 ESTABLISHED
tcp 0 0 192.168.0.101:58914 157.240.1.35:443 ESTABLISHED Facebook
tcp 0 0 192.168.0.101:43784 13.107.246.58:443 ESTABLISHED Microsoft Azure US
tcp 0 0 192.168.0.101:55506 142.250.67.138:443 ESTABLISHED
tcp 0 0 192.168.0.101:50860 142.250.70.37:443 ESTABLISHED
tcp 0 0 192.168.0.101:58908 157.240.1.35:443 ESTABLISHED Facebook
tcp 0 0 192.168.0.101:58560 13.107.21.237:443 ESTABLISHED Microsoft Azure
tcp 0 0 192.168.0.101:54588 142.251.42.110:443 ESTABLISHED
tcp 0 0 192.168.0.101:60092 142.250.192.74:443 ESTABLISHED
tcp 0 0 192.168.0.101:34998 34.107.243.93:443 ESTABLISHED Google Cloud
tcp 0 0 192.168.0.101:51252 142.251.42.14:443 ESTABLISHED
tcp 0 0 192.168.0.101:50770 142.250.192.133:443 ESTABLISHED
tcp 0 0 192.168.0.101:40308 142.250.192.131:80 ESTABLISHED
tcp 0 0 192.168.0.101:57894 142.250.192.46:443 ESTABLISHED
tcp 0 0 192.168.0.101:46268 142.250.199.131:443 ESTABLISHED
guest@porteus:~$
*********************************************************************************

I am a user of endeavouros also.
Here is the result of the same actions and it is only Google Servers--->

[liveuser@eos-2024.09.22 ~]$ netstat -ant | grep ESTABLISHED
tcp 0 0 192.168.0.101:52994 142.250.70.37:443 ESTABLISHED Google Servers
tcp 0 0 192.168.0.101:35868 142.251.42.106:443 ESTABLISHED
tcp 0 0 192.168.0.101:57248 142.251.42.97:443 ESTABLISHED
tcp 0 0 192.168.0.101:57940 142.250.192.3:443 ESTABLISHED
tcp 0 0 192.168.0.101:34692 142.250.183.170:443 ESTABLISHED
tcp 0 0 192.168.0.101:39904 142.251.42.78:443 ESTABLISHED
tcp 0 0 192.168.0.101:35520 34.107.243.93:443 ESTABLISHED Google Cloud
tcp 0 0 192.168.0.101:52988 142.250.70.37:443 ESTABLISHED
tcp 0 0 192.168.0.101:47306 142.250.182.234:443 ESTABLISHED
tcp 10899 0 192.168.0.101:40804 172.217.174.229:443 ESTABLISHED Google Servers
tcp 0 0 192.168.0.101:57944 142.250.192.3:443 ESTABLISHED Google Servers
tcp 0 0 192.168.0.101:44724 142.250.182.225:443 ESTABLISHED
tcp 0 0 192.168.0.101:55364 142.250.199.131:443 ESTABLISHED
tcp 0 0 192.168.0.101:50000 142.250.199.131:443 ESTABLISHED
tcp 0 0 192.168.0.101:44354 142.250.182.202:443 ESTABLISHED
tcp 0 0 192.168.0.101:57416 172.217.174.74:443 ESTABLISHED Google Servers
tcp 0 0 192.168.0.101:35592 216.58.203.46:443 ESTABLISHED Google Servers
[liveuser@eos-2024.09.22 ~]$

Very Very Suspicious!!!!!???? :sos:
Pl. help.

User avatar
ncmprhnsbl
DEV Team
DEV Team
Posts: 4167
Joined: 20 Mar 2012, 03:42
Distribution: v5.0-64bit
Location: australia
Contact:

Suspicius TCP Connections in Porteus 5.01 Fresh Install

Post#2 by ncmprhnsbl » 12 Jan 2025, 06:11

hi welcome to porteus forum :)
disclaimer: i am by no means a network security expert ..far from it.
1. do you have porteus firewall on? (it's off by default > see menu>system>porteus settings centre>security(padlock icon)>porteus firewall >toggle will turn on "normal" <usually enough.)
2. could be that the firefox binary from mozilla which our module is made with is 'looser' than endeavour's compilation ..take a good look at firefox's settings.
3. does your endeavour firefox have any active addons? ie. ublock, noscript or similar..
4. which DE flavour are you using? pretty sure none of them have any telemetry active (not that any of those entities suggest that)
5. i certainly haven't (knowingly) enabled anything nefarious and it seems unlikely anything like that would come from upstream (slackware)
Forum Rules : https://forum.porteus.org/viewtopic.php?f=35&t=44

User avatar
AcnapyxoB
Shogun
Shogun
Posts: 220
Joined: 24 Dec 2014, 10:15
Distribution: Porteus 5.01
Location: Planet Earth

Suspicius TCP Connections in Porteus 5.01 Fresh Install

Post#3 by AcnapyxoB » 12 Jan 2025, 08:53

hosico wrote:
10 Jan 2025, 13:07
Sub:- Suspicious TCP Connections in Proteus 5.01 Fresh Install
Hi hosico

Tipicaly Firefox uses a lot of connections with servers like Amazon, Cloudflare, Micro$oft etc, some of them for their services and some of them to fund themselves.

To see exactly which program uses connections, try this 'netstat' commands:

Code: Select all

netstat -ap | grep http
or

Code: Select all

watch netstat -ntpu
Porteus v5.01 KDE x86_64

Post Reply