You are not logged in.

#1 2017-02-08 08:35:37

monojp
Member
From: Karlsruhe, Germany
Registered: 2011-05-16
Posts: 17

Chromium is trying to connect to 74.125.133.188 on port 5228

Hi there,

I have a very basic, but restrictive ufw config with an outgoing and incoming whitelist. Furthermore I use chromium without being signed in, without cloud printing, without any extensions and  everything disabled that looks like it tries to talk to some external service. But still I get some ufw blocking messages in my journal from time to time:

[UFW BLOCK] IN= OUT=eth0 SRC=<my ip> DST=74.125.133.188 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23571 DF PROTO=TCP SPT=<source port> DPT=5228 WINDOW=29200 RES=0x00 SYN URGP=0

Looks like 74.125.133.188 is mtalk.google.com which could be part of their gcm/xmpp service I guess. Any idea how to disable this completely? I did not find any flags / config for it and find it rather scandalous for privacy reasons that something like this seems to be hardcoded in the browser.

Or could you help me out with networking skills to debug it further?

Offline

#2 2017-02-08 16:03:34

rexx
Member
Registered: 2017-02-04
Posts: 10

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

Chrom* browsers are undoubtedly more secure thanks to Googles Bug Bounty programs and out of the box Sandboxing.

If you're concerned about privacy, you might consider using a different browser. Brave might be the best option if you favor chrom* over firefox. It makes more sense than trying to plug leaks all day. Afterall, when google siphons off data about you, they do it over port 443.

Offline

#3 2017-02-08 20:27:14

Stebalien
Member
Registered: 2010-04-27
Posts: 1,237
Website

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

FYI, chromium will also make IPv6 DNS requests directly to Google's IPv6 DNS resolver and there's no way to change this (other than to write a firewall NAT rule to redirect these requests to a different resolver).


Steven [ web : git ]
GPG:  327B 20CE 21EA 68CF A7748675 7C92 3221 5899 410C
Do not email: honeypot@stebalien.com

Offline

#4 2017-02-09 13:06:56

monojp
Member
From: Karlsruhe, Germany
Registered: 2011-05-16
Posts: 17

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

Well thanks for your posts! I ended up finding, compiling and currently using https://aur.archlinux.org/packages/ungoogled-chromium/ which seems to be "silent" smile
@rexx: According to Wikipedia Brave is replacing google-stuff with their current ads and so on, which is not what I am looking for, but it brought me in the right direction.

Offline

#5 2017-02-09 13:41:10

philo
Member
From: indoors
Registered: 2015-01-26
Posts: 96

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

monojp wrote:

I ended up finding, compiling and currently using https://aur.archlinux.org/packages/ungoogled-chromium/ which seems to be "silent"

Reading the web page of that AUR package, it seems that building it  and making it work is not like a walk in the park.

Last edited by philo (2017-02-09 13:42:26)

Offline

#6 2017-02-09 13:50:59

monojp
Member
From: Karlsruhe, Germany
Registered: 2011-05-16
Posts: 17

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

philo wrote:
monojp wrote:

I ended up finding, compiling and currently using https://aur.archlinux.org/packages/ungoogled-chromium/ which seems to be "silent"

Reading the web page of that AUR package, it seems that building it  and making it work is not like a walk in the park.

I just had to to the renaming and permission fixing of the sandbox binary, but yeah, the PKGBUILD needs to be fixed..

Offline

#7 2017-02-09 15:19:01

R00KIE
Forum Moderator
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

Stebalien wrote:

FYI, chromium will also make IPv6 DNS requests directly to Google's IPv6 DNS resolver and there's no way to change this (other than to write a firewall NAT rule to redirect these requests to a different resolver).

And it will probably freak out since the reply will come from a different IP than the one it is expecting.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

Board footer

Powered by FluxBB