Connexions bizarres à l'ouverture de Firefox

jojo81 · Message par **jojo81** » 31 août 2015, 18:22

Bonjour.

Depuis peu, je remarque des choses bizarres concernant Firefox, surtout au démarrage où il a une fâcheuse tendance à se connecter et dialoguer avec un ensemble de serveurs.

Je vous donne ici une trace des connexions avec Wireshark et le filtre

Code : Tout sélectionner

(tcp.dstport == 443 || tcp.srcport == 443 || udp.dstport == 443 || udp.srcport == 443) && ssl.handshake.type == 1

Code : Tout sélectionner

"No.","Time","Source","Destination","Protocol","Length","Info"
"124","13:09:50.673948000","_MOI_","locprod1-elb-eu-west-1.prod.mozaws.net","TLSv1.2","275","Client Hello"
"127","13:09:50.734327000","_MOI_","bedrock-prod-zlb.vips.scl3.mozilla.com","TLSv1.2","261","Client Hello"
"174","13:09:51.934333000","_MOI_","tiles.r53-2.services.mozilla.com","TLSv1.2","272","Client Hello"
"201","13:09:52.542495000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","268","Client Hello"
"220","13:09:52.662838000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","571","Client Hello"
"221","13:09:52.663127000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","571","Client Hello"
"222","13:09:52.663371000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","571","Client Hello"
"379","13:09:53.154927000","_MOI_","www-googletagmanager.l.google.com","TLSv1.2","270","Client Hello"
"382","13:09:53.170169000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","268","Client Hello"
"425","13:09:53.289212000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","571","Client Hello"
"546","13:09:53.460958000","_MOI_","accounts.firefox.com","TLSv1.2","266","Client Hello"
"767","13:09:54.134967000","_MOI_","www-google-analytics.l.google.com","TLSv1.2","270","Client Hello"
"822","13:09:54.513115000","_MOI_","accounts.firefox.com","TLSv1.2","571","Client Hello"
"824","13:09:54.513328000","_MOI_","accounts.firefox.com","TLSv1.2","571","Client Hello"
"831","13:09:54.519865000","_MOI_","accounts.firefox.com","TLSv1.2","571","Client Hello"
"847","13:09:54.693336000","_MOI_","www.google.com","TLSv1.2","260","Client Hello"
"878","13:09:54.886127000","_MOI_","stats.l.doubleclick.net","TLSv1.2","269","Client Hello"
"1112","13:09:56.081277000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","270","Client Hello"
"1195","13:09:56.333275000","_MOI_","sb.l.google.com","TLSv1.2","269","Client Hello"
"1359","13:09:57.335263000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","270","Client Hello"
"1441","13:09:57.592343000","_MOI_","safebrowsing.cache.l.google.com","TLSv1.2","275","Client Hello"
"1553","13:09:57.742042000","_MOI_","geo.mozilla.org","TLSv1.2","261","Client Hello"
"1669","13:09:58.197705000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","269","Client Hello"
"1754","13:09:58.442436000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","571","Client Hello"
"1811","13:09:58.736145000","_MOI_","geo.mozilla.org","TLSv1.2","293","Client Hello"
"6594","13:10:39.990594000","_MOI_","geo.mozilla.org","TLSv1.2","293","Client Hello"
"6619","13:10:51.233880000","_MOI_","aus4.vips.phx1.mozilla.com","TLSv1.2","262","Client Hello"
"7196","13:11:12.963968000","_MOI_","geo.mozilla.org","TLSv1.2","293","Client Hello"
"7326","13:11:57.418852000","_MOI_","accounts.firefox.com","TLSv1.2","571","Client Hello"
"7365","13:12:22.564952000","_MOI_","tiles.r53-2.services.mozilla.com","TLSv1.2","272","Client Hello"
"7389","13:12:25.959992000","_MOI_","bedrock-prod.zlb.phx.mozilla.net","TLSv1.2","261","Client Hello"
"8236","13:15:45.659608000","_MOI_","www.google.com","TLSv1.2","260","Client Hello"
"8239","13:15:45.688173000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","270","Client Hello"
"8285","13:15:45.931973000","_MOI_","snippets-stats.zlb.phx.mozilla.net","TLSv1.2","272","Client Hello"
"8290","13:15:46.011813000","_MOI_","geo.mozilla.org","TLSv1.2","261","Client Hello"
"8344","13:15:50.268743000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","269","Client Hello"
"8358","13:15:50.340861000","_MOI_","sb.l.google.com","TLSv1.2","269","Client Hello"
"8365","13:15:50.355003000","_MOI_","geo.mozilla.org","TLSv1.2","293","Client Hello"
"8405","13:15:50.562082000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","571","Client Hello"
"8550","13:15:51.087253000","_MOI_","safebrowsing.cache.l.google.com","TLSv1.2","275","Client Hello"
"12713","13:17:33.220658000","_MOI_","www.google.com","TLSv1.2","571","Client Hello"
"13205","13:27:08.931473000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","269","Client Hello"
"13221","13:27:09.057595000","_MOI_","sb.l.google.com","TLSv1.2","269","Client Hello"
"13317","13:27:09.616734000","_MOI_","safebrowsing.cache.l.google.com","TLSv1.2","275","Client Hello"

Cette capture s'est faite sur un profil firefox neuf. J'ai moins de connexions suspectes avec mes profils courants.

Je n'ai pas de pages au démarrage, ni de vignettes.
Page d'accueil : about:blank
J'ai testé plusieurs méthodes sur plusieurs environnements : Suppression des plugins (moteurs de recherche et tout le reste), désactivation des extensions, etc...

Je suis sûr que ce n'est pas lié à un malware, car ça me le fait sur n'importe quelle installation de Windows ou Linux fraîche.

Je ne suis pas le seul à rencontrer ces bizarreries.

Plus de précisions ici : http://forum.ubuntu-fr.org/viewtopic.ph ... #p20507381
Et là http://forum.ubuntu-fr.org/viewtopic.php?id=1896601&p=1

RainbowChild · Message par **RainbowChild** » 31 août 2015, 20:18

Et j'ajoute ce lien, où la question est également posée :
https://twitter.com/firefox/status/6383 ... 93792?s=09

Abraxas · Message par **Abraxas** » 31 août 2015, 23:38

C'est le client Hello (le skype façon WebRTC) + safebrowsing de Google.
Y des a connexions vers le datacenter de Mozilla et les serveurs de GG.

Geckozone

Connexions bizarres à l'ouverture de Firefox

Connexions bizarres à l'ouverture de Firefox

Re: Connexions bizarres à l'ouverture de Firefox

Re: Connexions bizarres à l'ouverture de Firefox

Qui est en ligne ?