Chromium is trying to connect to 74.125.133.188 on port 5228

monojp · 2017-02-08 08:35:37

Hi there,

I have a very basic, but restrictive ufw config with an outgoing and incoming whitelist. Furthermore I use chromium without being signed in, without cloud printing, without any extensions and everything disabled that looks like it tries to talk to some external service. But still I get some ufw blocking messages in my journal from time to time:

[UFW BLOCK] IN= OUT=eth0 SRC=<my ip> DST=74.125.133.188 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23571 DF PROTO=TCP SPT=<source port> DPT=5228 WINDOW=29200 RES=0x00 SYN URGP=0

Looks like 74.125.133.188 is mtalk.google.com which could be part of their gcm/xmpp service I guess. Any idea how to disable this completely? I did not find any flags / config for it and find it rather scandalous for privacy reasons that something like this seems to be hardcoded in the browser.

Or could you help me out with networking skills to debug it further?

rexx · 2017-02-08 16:03:34

Chrom* browsers are undoubtedly more secure thanks to Googles Bug Bounty programs and out of the box Sandboxing.

If you're concerned about privacy, you might consider using a different browser. Brave might be the best option if you favor chrom* over firefox. It makes more sense than trying to plug leaks all day. Afterall, when google siphons off data about you, they do it over port 443.

Stebalien · 2017-02-08 20:27:14

FYI, chromium will also make IPv6 DNS requests directly to Google's IPv6 DNS resolver and there's no way to change this (other than to write a firewall NAT rule to redirect these requests to a different resolver).

monojp · 2017-02-09 13:06:56

Well thanks for your posts! I ended up finding, compiling and currently using https://aur.archlinux.org/packages/ungoogled-chromium/ which seems to be "silent"
@rexx: According to Wikipedia Brave is replacing google-stuff with their current ads and so on, which is not what I am looking for, but it brought me in the right direction.

philo · 2017-02-09 13:41:10

monojp wrote:

I ended up finding, compiling and currently using https://aur.archlinux.org/packages/ungoogled-chromium/ which seems to be "silent"

Reading the web page of that AUR package, it seems that building it and making it work is not like a walk in the park.

Last edited by philo (2017-02-09 13:42:26)

monojp · 2017-02-09 13:50:59

philo wrote:

monojp wrote:
I ended up finding, compiling and currently using https://aur.archlinux.org/packages/ungoogled-chromium/ which seems to be "silent"
Reading the web page of that AUR package, it seems that building it and making it work is not like a walk in the park.

I just had to to the renaming and permission fixing of the sandbox binary, but yeah, the PKGBUILD needs to be fixed..

R00KIE · 2017-02-09 15:19:01

Stebalien wrote:

FYI, chromium will also make IPv6 DNS requests directly to Google's IPv6 DNS resolver and there's no way to change this (other than to write a firewall NAT rule to redirect these requests to a different resolver).

And it will probably freak out since the reply will come from a different IP than the one it is expecting.

Arch Linux

#1 2017-02-08 08:35:37

Chromium is trying to connect to 74.125.133.188 on port 5228

#2 2017-02-08 16:03:34

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

#3 2017-02-08 20:27:14

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

#4 2017-02-09 13:06:56

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

#5 2017-02-09 13:41:10

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

#6 2017-02-09 13:50:59

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

#7 2017-02-09 15:19:01

Re: Chromium is trying to connect to 74.125.133.188 on port 5228

Board footer