ftpd - security thread ?
Hello,
Recently I have played with ftpd package from stable repository and I
have discovered that every time the package gets installed it connects
to certain IP address on port 80. With simple bash script I have
captured output of netstat while the ftpd package is getting
installed:
+++++++++++++++++++
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 1 10.1.1.200:3938 203.8.116.111:80 SYN_SENT
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::ffff:10.1.1.200:22 ::ffff:10.1.1.2:4716 ESTABLISHED
tcp6 0 0 ::ffff:10.1.1.200:22 ::ffff:10.1.1.2:2572 ESTABLISHED
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 154 10.1.1.200:3938 203.8.116.111:80 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::ffff:10.1.1.200:22 ::ffff:10.1.1.2:4716 ESTABLISHED
tcp6 0 0 ::ffff:10.1.1.200:22 ::ffff:10.1.1.2:2572 ESTABLISHED
++++++++++++++++++++++
running reverse dig command:
dig -x 203.8.116.111
;; ANSWER SECTION:
111.116.8.203.in-addr.arpa. 21600 IN PTR poledra.it.net.au.
I get poledra.it.net.au and a web browser reveals :
"Hello. Welcome to the FTP archives of Informed Technology."
++++++++++++
This web page is run by company http://www.it.net.au.
Can anyone explain why is this happening? Why is my box connecting to
that IP address without me actually knowing about that? To me it seems
as a security thread. At the moment it appears that this happens only
if ftpd package is installed for a first time so
# dpkg -P ftpd
# apt-get install ftpd
does not create any connections.
thank you
lubos
Reply to: