| View previous topic :: View next topic |
| Author |
Message |
linuxinit
Tux's lil' helper
Joined: 27 Mar 2006
Posts: 84
Location: Bumkcuf, Egypt
|
 Posted: Sun Jun 11, 2006 11:25 pm Post subject: Netstat is being ran by firefox?! |
 |
|
Okay, I use conky. I have a process monitor that shows the 3 most cpu intensive processes, and the 3 most memory intensive processes. Anyways. A few weeks ago I started noticing netstat keep popping up. It comes and goes, which makes sense since it's not a very cpu/memory intensive program. Anyways. The first time I saw it I freaked out and killed sshd, gaim, teamspeak2_server, brought down eth0 and unplugged the network cable. Yea that's excessive I know but I was freaking out. I went back through my firewall logs on my Slackware box and found nothing unusual. Just the regular subnet scans, rpc expoit attempts, and all that crap that seems to plague my ISP.
Anyways... After finding nothing, I went back through and checked my cronjobs and found nothing. So I decided maybe it was just some legit thing. Then just now, it happened again, and it stayed running, long enough for me to pstree it and see what it was running from.
I'm in shock, to find out that it's running under firefox-bin. I'm on amd64 so yea... I have to run -bin for flash, which is proving pointless since everyone is switching to flash8. :(
Anyways, here's a dump of pstree before I killed firefox:
| Code: | init-+-5*[agetty]
|-conky
|-cron
|-2*[dbus-daemon]
|-dbus-launch
|-events/0
|-gaim
|-gpm
|-khelper
|-khpsbpkt
|-2*[kjournald]
|-ksoftirqd/0
|-kswapd0
|-kthread-+-aio/0
| |-ata/0
| |-kacpid
| |-kblockd/0
| |-khubd
| |-kpsmoused
| |-kseriod
| |-2*[pdflush]
| |-scsi_eh_0
| `-scsi_eh_1
|-login---bash---xinit-+-X
| `-sh-+-sh---xscreensaver
| `-xfce4-session
|-migration/0
|-mozilla-launche---firefox-bin-+-netstat
| `-2*[{firefox-bin}]
|-ssh-agent
|-sshd
|-syslog-ng
|-terminal---bash---pstree
|-udevd
|-watchdog/0
|-xfce-mcs-manage
|-xfce4-panel-+-xfce4-menu-plug
| `-xfce4-mixer-plu
|-xfdesktop
`-xfwm4
|
I wasn't doing much else at the time... No SSH logins, etc... I'm on my own subnet from the rest of the computers in my house. So it's definitly strange to me. Call me paranoid, I don't care. ;) ;)
So yea... to the point:
Does anybody have any clue why firefox would be running netstat? It doesn't always do it, or at least I don't notice if it does. I might setup a clear;pstree loop to keep a watch on it. I did a quick search with Google and with the forums and found nothing.
Anyone have a clue what's going on? |
|
| Back to top |
|
 |
TheRAt
Veteran
Joined: 03 Jun 2002
Posts: 1580
|
| Posted: Sun Jun 11, 2006 11:38 pm Post subject: |
|
|
could this be caused by a firefox extension you have installed ?
maybe try to diable all your extension and re-run firefox to see if this is the case ?
_________________
All reality is the construct of the observer.
Get Firefox and rediscover the web!
BOFH Excuse #295:
The Token fell out of the ring. Call us when you find it. |
|
| Back to top |
|
|
linuxinit
Tux's lil' helper
Joined: 27 Mar 2006
Posts: 84
Location: Bumkcuf, Egypt
|
| Posted: Mon Jun 12, 2006 12:11 am Post subject: |
|
|
| TheRAt wrote: | could this be caused by a firefox extension you have installed ?
maybe try to diable all your extension and re-run firefox to see if this is the case ? |
Well it does it so rarely... But I'll run firefox with --safe-mode and see if it does it. Then I'll just keep grepping pstree for netstat and make it log it to a file or something. :) |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Mon Jun 12, 2006 5:43 am Post subject: |
|
|
thunderbird does this too. i've always wondered why. if anyone knows, please speak up 
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
TheRAt
Veteran
Joined: 03 Jun 2002
Posts: 1580
|
| Posted: Tue Jun 13, 2006 12:03 pm Post subject: |
|
|
| linuxinit wrote: | Well it does it so rarely... But I'll run firefox with --safe-mode and see if it does it. Then I'll just keep grepping pstree for netstat and make it log it to a file or something.  |
be very interested in your results...
_________________
All reality is the construct of the observer.
Get Firefox and rediscover the web!
BOFH Excuse #295:
The Token fell out of the ring. Call us when you find it. |
|
| Back to top |
|
|
linuxinit
Tux's lil' helper
Joined: 27 Mar 2006
Posts: 84
Location: Bumkcuf, Egypt
|
| Posted: Tue Jun 13, 2006 2:58 pm Post subject: |
|
|
| Code: | |-mozilla-launche---thunderbird-bin-+-netstat
| `-2*[{thunderbird-bin}] |
Explain that eh? :S Anyone know a way to dig deeper than with pstree? I use no plugins in Thunderbird except GnuPGP. :S |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Tue Jun 13, 2006 5:38 pm Post subject: |
|
|
| linuxinit wrote: | | Code: | |-mozilla-launche---thunderbird-bin-+-netstat
| `-2*[{thunderbird-bin}] |
Explain that eh? :S Anyone know a way to dig deeper than with pstree? I use no plugins in Thunderbird except GnuPGP. :S |
i use none. not even one. 
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
ScriptBlue
n00b
Joined: 27 Jul 2005
Posts: 21
Location: New York City, New York, US
|
| Posted: Tue Jun 13, 2006 7:55 pm Post subject: |
|
|
You guys should download the firefox source code and grep for any occurences of netstat.
EDIT:
Yep, there it is. File ./mozilla/security/nss/lib/freebl/unix_rand.c Line 883 (Latest release).
Apparently all it does is that it uses its output to mix up the random seed. |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Wed Jun 14, 2006 1:24 am Post subject: |
|
|
| ScriptBlue wrote: | You guys should download the firefox source code and grep for any occurences of netstat.
EDIT:
Yep, there it is. File ./mozilla/security/nss/lib/freebl/unix_rand.c Line 883 (Latest release).
Apparently all it does is that it uses its output to mix up the random seed. |
it should use /dev/urandom then... running netstat for entropy is stupid.
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
Aries-Belgium
l33t
Joined: 08 Jul 2005
Posts: 730
Location: Willebroek, Belgium
|
| Posted: Wed Jun 14, 2006 2:01 am Post subject: |
|
|
There is actually a bugreport on it since 2002 and this is the comment of one of the developers:
| Code: | I see no bug here. The code is presently working as intended.
The code works, and produces correct results, whether the OS has a
well-implemented /dev/urandom or not.
There are ***x OSes that have no /dev/urandom. It has been reported that
there are ***x OSes that have a bad implementation of /dev/urandom. |
_________________
Ep2.nl | Developers Community |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Wed Jun 14, 2006 2:41 am Post subject: |
|
|
then those ones can use /dev/random instead. 
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
linuxinit
Tux's lil' helper
Joined: 27 Mar 2006
Posts: 84
Location: Bumkcuf, Egypt
|
| Posted: Wed Jun 14, 2006 7:45 am Post subject: |
|
|
Well... Sad to say I'm not using Gentoo anymore. :( AMD64+Portage was a nightmare. I'm back to Slack for now. :) But yea... I was going to download the source from portage once I get this box working.
Guess what. That damn Nvidia bug I had is happening here too. So I'm gonna have to freaking hack the driver again to force 4x. :( |
|
| Back to top |
|
|
|
Networking & Security
