[SOLVED] arch computer contacting amazon servers all the time

destou · 2018-05-13 08:33:03

I was playing around with etherape and noticed that my computer, through a ton of different ports, send data to amazon servers ALL. THE. TIME. It happens when I have almost have no programs open in the background (no visible ones) and I have no program that I know of that rely on amazon servers. So my questions are:

Should I block these amazon IPs?
Is there any way to see what program is responsible for this data traffic?

I route all traffic through tun0 (a VPN)
all amazon traffic happens on port 443 but is sent from my computer on ports ranging from 40 000 - 55 000
All data is sent via HTTPS
When I press on one of the IP adresses in Wireshark there is usually some info about Manchester or usertrust.com/AddTrustExternalCARoot ... and so on.

https://imgur.com/a/v5vRKzk

Last edited by destou (2018-05-13 13:41:49)

progandy · 2018-05-13 08:44:06

Can you see the connections with "netstat -pe"? That should give you the pid that created the socket.

The source ports ranging from 40000-55000 are normal, a tcp connection has a source port that is randomly selected.

destou · 2018-05-13 09:34:26

I can see lots of connections from netstat -pe but how do I know which one is connected to an amazonws server? Or is using a port in the range?
Also I've noticed in etherape that the connections doesn't seem to route through my VPN... When I start the scan with etherape with the mode IP I see that all connections to amazon is from an ip that follows 10.x.x.x whilst my network activity on the web is form 192, as usual.

seth · 2018-05-13 09:40:40

Look into the "Foreign Address" column.

I'll take a limb and claim that you've dropbox installed?

destou · 2018-05-13 12:55:44

I can't see any program that is responsible for the connection when runnig "netstat -pe" both as root and without root privileges after reboot and after having the computer on for a while. I tried rebooting, ran "netstat -pe" and started etherape on interface tun0 and I still see connections to 5 different amazonws servers. These servers gets contacted every ~0.5 seconds in a specific order! I don't have dropbox or any telemetry shit installed either.

seth · 2018-05-13 13:00:17

sudo netstat -pec | grep ama

destou · 2018-05-13 13:24:22

That gives me nothing. I have etherape on the other screen and I can see how my computer is sending data to 5 different amazon servers whilst I ran that netstat command. If I have 0 programs open and look at interface tun0 in etherape, the only connections there is the amazon connections... every ~0.5 seconds in order... I almost only have X11, i3-gaps, etherape, urxvt, kworker, dbus and compton on whilst doing this scan too. I have no idea what's going on...

destou · 2018-05-13 13:38:05

I call conky from my i3 config to get my i3 status bar at the bottom. Inside the conky file I used curl to contact ipify to get my IP and after changing it to canihazip the amazon servers disapeared I am still perplexed as to why and how curl was able to contact 5 different amazon servers, in order, every ~0.5 seconds despite itself being called only once every 5 seconds... anyways, thanks for the support!

seth · 2018-05-13 13:43:45

ipfy is hosted on amazon AWS, so no surprise there. As for the interval, I'd say that's a flaw in your conkyrc - how do you query the IP? execi?

Arch Linux

#1 2018-05-13 08:33:03

[SOLVED] arch computer contacting amazon servers all the time

#2 2018-05-13 08:44:06

Re: [SOLVED] arch computer contacting amazon servers all the time

#3 2018-05-13 09:34:26

Re: [SOLVED] arch computer contacting amazon servers all the time

#4 2018-05-13 09:40:40

Re: [SOLVED] arch computer contacting amazon servers all the time

#5 2018-05-13 12:55:44

Re: [SOLVED] arch computer contacting amazon servers all the time

#6 2018-05-13 13:00:17

Re: [SOLVED] arch computer contacting amazon servers all the time

#7 2018-05-13 13:24:22

Re: [SOLVED] arch computer contacting amazon servers all the time

#8 2018-05-13 13:38:05

Re: [SOLVED] arch computer contacting amazon servers all the time

#9 2018-05-13 13:43:45

Re: [SOLVED] arch computer contacting amazon servers all the time

Board footer