strange TCP connection from porteus.org?

Post here if you are a new Porteus member and you're looking for some help.
cdatgnp
Ronin
Ronin
Posts: 3
Joined: 21 Mar 2016, 20:05
Distribution: Porteus 3.7.2
Location: Canada

strange TCP connection from porteus.org?

Post#1 by cdatgnp » 21 Mar 2016, 20:21

We’re presently using Porteus for our off-site network back-up server. I’ve recently tightened my firewall settings on my Windows workstation and was checking out the present TCP connections in Windows’ Resource Monitor, and was directing my browser to the IP addresses that I was seeing. With the exception of one (see below image), I didn’t see anything unusual. When I ran a traceroute command on the IP address that directed me to this “Are you Brokenman?” message, I found it to be on the porteus.org domain. I hadn’t browsed to porteus.org for months, and the only activities I was engaged with on the site was using the build.porteus.org tool to configure custom .iso images, which I later wrote to CD’s to boot from, and reading up the online documentation. This causes me to wonder why there was a TCP connection to porteus.org during a session where I hadn’t connected to porteus.org at all, and hadn’t even connected in prior months. Is this something unusual?

http://postimg.org/image/er3mt6xkr/full/

edit: more descriptive subject...

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: strange TCP connection from porteus.org?

Post#2 by brokenman » 22 Mar 2016, 02:14

What version/desktop of Porteus are you using?

There is no reason I can think of that Porteus should be making any kind of connection to this address. The address in question is brokenman.porteus.org and it is where I store my projects. The home page used to be "Are you brokenman" but has since changed.

Try this:

Code: Select all

grep "brokenman.porteus.org" /opt/porteus-scripts/*
This is the location where porteus-specific scripts are run from. There are scripts that ping our storage server dl.porteus.org but none that should be connecting to the subdomain brokenman.porteus.org
How do i become super user?
Wear your underpants on the outside and put on a cape.

cdatgnp
Ronin
Ronin
Posts: 3
Joined: 21 Mar 2016, 20:05
Distribution: Porteus 3.7.2
Location: Canada

Re: strange TCP connection from porteus.org?

Post#3 by cdatgnp » 22 Mar 2016, 16:11

It's actually my Windows 7 workstation that was making the connection to brokenman.porteus.org. On our network I'm running a computer with Porteus 3.7.2 with XTCE, though. I've since turned off the machine remotely so I'll try that grep when I can. I'm going to try rebooting with my firewall off and see if whatever process it is starts making that connection again...

cdatgnp
Ronin
Ronin
Posts: 3
Joined: 21 Mar 2016, 20:05
Distribution: Porteus 3.7.2
Location: Canada

Re: strange TCP connection from porteus.org?

Post#4 by cdatgnp » 22 Mar 2016, 16:54

It didn't happen spontaneously, but when I directed Chrome to porteus.org, it opened a connection with both 192.99.161.78. For reference, here's some links to screenshots before, during, and after connecting to porteus.org, showing my network connections:
http://postimg.org/image/khsag8kw5/full/
http://postimg.org/image/qw2voj98z/full/
http://postimg.org/image/g3kojmqlz/full/
TCPView shows the connection as being to helios.porteus.org.

My firewall settings didn't make a difference. It could be that browser cookies or something remembered the address and I got spooked when I saw it and thought I ought not to.

Post Reply