Groups | Search | Server Info | Login | Register

Groups > comp.security.unix > #218

xpdf 4.03 connecting to unknown hosts??

From Dario Niedermann <dario@darioniedermann.it>
Newsgroups comp.security.unix, comp.os.linux.security
Subject xpdf 4.03 connecting to unknown hosts??
Followup-To comp.security.unix
Date 2022-03-10 15:59 +0100
Organization Not speaking for any
Message-ID <slrnt2k4j4.6t6.dario@darioniedermann.it> (permalink)

Cross-posted to 2 groups.

Followups directed to: comp.security.unix

Show all headers | View raw

I just randomly found out that running xpdf instances are connecting via
https to unknown internet hosts:

-----
$ lsof -i:https
COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
xpdf     4548  ndr   60u  IPv4 3240798      0t0  TCP myhost:60178->151.101.1.140:https (CLOSE_WAIT)
xpdf     4548  ndr   62u  IPv4 3241136      0t0  TCP myhost:54798->151.101.193.140:https (CLOSE_WAIT)
xpdf     4548  ndr   64u  IPv4 3241163      0t0  TCP myhost:59904->151.101.65.140:https (CLOSE_WAIT)
xpdf     4548  ndr   66u  IPv4 3241168      0t0  TCP myhost:58196->151.101.114.49:https (CLOSE_WAIT)
xpdf     4548  ndr   67u  IPv4 3242068      0t0  TCP myhost:37120->151.101.0.95:https (CLOSE_WAIT)
xpdf     4548  ndr   68u  IPv4 3241177      0t0  TCP myhost:44826->151.101.66.49:https (CLOSE_WAIT)
xpdf     4548  ndr   69u  IPv4 3242069      0t0  TCP myhost:60520->104.16.149.64:https (CLOSE_WAIT)
xpdf     4548  ndr   78u  IPv4 3241196      0t0  TCP myhost:58432->104.16.19.94:https (CLOSE_WAIT)
xpdf     4548  ndr   80u  IPv4 3241189      0t0  TCP myhost:60516->104.16.149.64:https (CLOSE_WAIT)
[...]
-----

I can't think of a good, non-malicious explanation to this...
What does everyone think?

-- 
Dario Niedermann   -:-   finger my email address for PGP key, etc.

Also on the Internet at:            <gopher://darioniedermann.it/>
                                 <https://www.darioniedermann.it/>

Back to comp.security.unix | Previous | NextNext in thread | Find similar

Thread

xpdf 4.03 connecting to unknown hosts?? Dario Niedermann <dario@darioniedermann.it> - 2022-03-10 15:59 +0100
  Re: xpdf 4.03 connecting to unknown hosts?? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-03-10 10:48 -0500
    Re: xpdf 4.03 connecting to unknown hosts?? Dario Niedermann <dario@darioniedermann.it> - 2022-03-11 11:08 +0100
      Re: xpdf 4.03 connecting to unknown hosts?? "Carlos E. R." <robin_listas@es.invalid> - 2022-04-20 20:29 +0200
  Re: xpdf 4.03 connecting to unknown hosts?? "Carlos E.R." <robin_listas@es.invalid> - 2022-04-19 23:45 +0200

csiph-web