Page 1 of 1

strange TCP connection from porteus.org?

Posted: 21 Mar 2016, 20:21
by cdatgnp
We’re presently using Porteus for our off-site network back-up server. I’ve recently tightened my firewall settings on my Windows workstation and was checking out the present TCP connections in Windows’ Resource Monitor, and was directing my browser to the IP addresses that I was seeing. With the exception of one (see below image), I didn’t see anything unusual. When I ran a traceroute command on the IP address that directed me to this “Are you Brokenman?” message, I found it to be on the porteus.org domain. I hadn’t browsed to porteus.org for months, and the only activities I was engaged with on the site was using the build.porteus.org tool to configure custom .iso images, which I later wrote to CD’s to boot from, and reading up the online documentation. This causes me to wonder why there was a TCP connection to porteus.org during a session where I hadn’t connected to porteus.org at all, and hadn’t even connected in prior months. Is this something unusual?

http://postimg.org/image/er3mt6xkr/full/

edit: more descriptive subject...

Re: strange TCP connection from porteus.org?

Posted: 22 Mar 2016, 02:14
by brokenman
What version/desktop of Porteus are you using?

There is no reason I can think of that Porteus should be making any kind of connection to this address. The address in question is brokenman.porteus.org and it is where I store my projects. The home page used to be "Are you brokenman" but has since changed.

Try this:

Code: Select all

grep "brokenman.porteus.org" /opt/porteus-scripts/*
This is the location where porteus-specific scripts are run from. There are scripts that ping our storage server dl.porteus.org but none that should be connecting to the subdomain brokenman.porteus.org

Re: strange TCP connection from porteus.org?

Posted: 22 Mar 2016, 16:11
by cdatgnp
It's actually my Windows 7 workstation that was making the connection to brokenman.porteus.org. On our network I'm running a computer with Porteus 3.7.2 with XTCE, though. I've since turned off the machine remotely so I'll try that grep when I can. I'm going to try rebooting with my firewall off and see if whatever process it is starts making that connection again...

Re: strange TCP connection from porteus.org?

Posted: 22 Mar 2016, 16:54
by cdatgnp
It didn't happen spontaneously, but when I directed Chrome to porteus.org, it opened a connection with both 192.99.161.78. For reference, here's some links to screenshots before, during, and after connecting to porteus.org, showing my network connections:
http://postimg.org/image/khsag8kw5/full/
http://postimg.org/image/qw2voj98z/full/
http://postimg.org/image/g3kojmqlz/full/
TCPView shows the connection as being to helios.porteus.org.

My firewall settings didn't make a difference. It could be that browser cookies or something remembered the address and I got spooked when I saw it and thought I ought not to.