InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

How to stop Firefox connecting to these IPs?

https://forums.informaction.com/viewtopic.php?t=21375

Page 1 of 1

How to stop Firefox connecting to these IPs?

Posted: Wed Nov 04, 2015 6:54 pm
by Csky
If I saw the browser making a connection to some random domain like cksks.soie.net, then I would have no idea what it was, but I would be pretty sure it was nothing to do with NoScript.
Did you read the OP? It was noscript and another addon.

So after updating firefox is making connections to Google, Amazon, Edgecast and GoDaddy even in safe mode with no tabs loaded. How do I stop this?

173.194.219.100 Google Inc.
54.192.219.139 Amazon Technologies Inc.
72.21.91.29 EdgeCast Networks, Inc.
54.152.180.212 Amazon Technologies Inc.
205.178.187.13 Network Solutions, LLC
74.125.21.138 Google Inc.
72.167.18.239 GoDaddy.com, LLC

Re: Why Is NoSCRIPT Connecting to Third Party IPs upon Start

Posted: Wed Nov 04, 2015 6:59 pm
by barbaz
^ Can't possibly be NoScript related, so I'll split it off of viewtopic.php?f=7&t=20790 to a new thread in Security.
EDIT Feel free to pick a better topic title if you want.

The connections to Google are probably still safebrowsing related?

Have you tried reverse DNS lookup on thise IPs? Please do that and post the results.

Create a new profile, import your settings (quit Fx & copy prefs.js and user.js (if exists) to the new profile), install HTTPFox, set it to sutomatically start watching connections on browser startup, and see what it catches. (May or may not get everything.)

Re: How to stop Firefox connecting to these IPs?

Posted: Wed Nov 04, 2015 7:09 pm
by barbaz
Oh, and what version did you update from? Some of the changes to Firefox have added more things that could be connecting.

Re: How to stop Firefox connecting to these IPs?

Posted: Sat Nov 07, 2015 3:55 am
by barbaz
I should also ask, how have you been determining what's connecting?

FWIW, these are the connections my SeaMonkey 2.39 (like Firefox 42.0) makes on startup:
- My WAN IP (NoScript doing this)
- My home page
- These:

Code: Select all

referer | method | destination
(none) GET https://secure.informaction.com/ipecho/
(none) POST http://ocsp.comodoca.com/
(none) POST http://safebrowsing.clients.google.com/safebrowsing/downloads?client=api&apikey=ABQIAAAALT_LuARPWqUj7bX2mqWTJRQt2QEr-yGktcva5ZhZnWk7HItT7w&appver=2.39&pver=2.2
(none) POST https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=2.39&pver=2.2
(none) POST http://ocsp.digicert.com/
Later on, the only non-browsing-related requests I'm seeing are one for another extension and a few safebrowsing related POST requests.

Do any of these match any of your unknown connections?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited