Connexions bizarres à l'ouverture de Firefox
Publié : 31 août 2015, 18:22
Bonjour.
Depuis peu, je remarque des choses bizarres concernant Firefox, surtout au démarrage où il a une fâcheuse tendance à se connecter et dialoguer avec un ensemble de serveurs.
Je vous donne ici une trace des connexions avec Wireshark et le filtre
Cette capture s'est faite sur un profil firefox neuf. J'ai moins de connexions suspectes avec mes profils courants.
Je n'ai pas de pages au démarrage, ni de vignettes.
Page d'accueil : about:blank
J'ai testé plusieurs méthodes sur plusieurs environnements : Suppression des plugins (moteurs de recherche et tout le reste), désactivation des extensions, etc...
Je suis sûr que ce n'est pas lié à un malware, car ça me le fait sur n'importe quelle installation de Windows ou Linux fraîche.
Je ne suis pas le seul à rencontrer ces bizarreries.
Plus de précisions ici : http://forum.ubuntu-fr.org/viewtopic.ph ... #p20507381
Et là http://forum.ubuntu-fr.org/viewtopic.php?id=1896601&p=1
Depuis peu, je remarque des choses bizarres concernant Firefox, surtout au démarrage où il a une fâcheuse tendance à se connecter et dialoguer avec un ensemble de serveurs.
Je vous donne ici une trace des connexions avec Wireshark et le filtre
Code : Tout sélectionner
(tcp.dstport == 443 || tcp.srcport == 443 || udp.dstport == 443 || udp.srcport == 443) && ssl.handshake.type == 1Code : Tout sélectionner
"No.","Time","Source","Destination","Protocol","Length","Info"
"124","13:09:50.673948000","_MOI_","locprod1-elb-eu-west-1.prod.mozaws.net","TLSv1.2","275","Client Hello"
"127","13:09:50.734327000","_MOI_","bedrock-prod-zlb.vips.scl3.mozilla.com","TLSv1.2","261","Client Hello"
"174","13:09:51.934333000","_MOI_","tiles.r53-2.services.mozilla.com","TLSv1.2","272","Client Hello"
"201","13:09:52.542495000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","268","Client Hello"
"220","13:09:52.662838000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","571","Client Hello"
"221","13:09:52.663127000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","571","Client Hello"
"222","13:09:52.663371000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","571","Client Hello"
"379","13:09:53.154927000","_MOI_","www-googletagmanager.l.google.com","TLSv1.2","270","Client Hello"
"382","13:09:53.170169000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","268","Client Hello"
"425","13:09:53.289212000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","571","Client Hello"
"546","13:09:53.460958000","_MOI_","accounts.firefox.com","TLSv1.2","266","Client Hello"
"767","13:09:54.134967000","_MOI_","www-google-analytics.l.google.com","TLSv1.2","270","Client Hello"
"822","13:09:54.513115000","_MOI_","accounts.firefox.com","TLSv1.2","571","Client Hello"
"824","13:09:54.513328000","_MOI_","accounts.firefox.com","TLSv1.2","571","Client Hello"
"831","13:09:54.519865000","_MOI_","accounts.firefox.com","TLSv1.2","571","Client Hello"
"847","13:09:54.693336000","_MOI_","www.google.com","TLSv1.2","260","Client Hello"
"878","13:09:54.886127000","_MOI_","stats.l.doubleclick.net","TLSv1.2","269","Client Hello"
"1112","13:09:56.081277000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","270","Client Hello"
"1195","13:09:56.333275000","_MOI_","sb.l.google.com","TLSv1.2","269","Client Hello"
"1359","13:09:57.335263000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","270","Client Hello"
"1441","13:09:57.592343000","_MOI_","safebrowsing.cache.l.google.com","TLSv1.2","275","Client Hello"
"1553","13:09:57.742042000","_MOI_","geo.mozilla.org","TLSv1.2","261","Client Hello"
"1669","13:09:58.197705000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","269","Client Hello"
"1754","13:09:58.442436000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","571","Client Hello"
"1811","13:09:58.736145000","_MOI_","geo.mozilla.org","TLSv1.2","293","Client Hello"
"6594","13:10:39.990594000","_MOI_","geo.mozilla.org","TLSv1.2","293","Client Hello"
"6619","13:10:51.233880000","_MOI_","aus4.vips.phx1.mozilla.com","TLSv1.2","262","Client Hello"
"7196","13:11:12.963968000","_MOI_","geo.mozilla.org","TLSv1.2","293","Client Hello"
"7326","13:11:57.418852000","_MOI_","accounts.firefox.com","TLSv1.2","571","Client Hello"
"7365","13:12:22.564952000","_MOI_","tiles.r53-2.services.mozilla.com","TLSv1.2","272","Client Hello"
"7389","13:12:25.959992000","_MOI_","bedrock-prod.zlb.phx.mozilla.net","TLSv1.2","261","Client Hello"
"8236","13:15:45.659608000","_MOI_","www.google.com","TLSv1.2","260","Client Hello"
"8239","13:15:45.688173000","_MOI_","cs163.wpc.taucdn.net","TLSv1.2","270","Client Hello"
"8285","13:15:45.931973000","_MOI_","snippets-stats.zlb.phx.mozilla.net","TLSv1.2","272","Client Hello"
"8290","13:15:46.011813000","_MOI_","geo.mozilla.org","TLSv1.2","261","Client Hello"
"8344","13:15:50.268743000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","269","Client Hello"
"8358","13:15:50.340861000","_MOI_","sb.l.google.com","TLSv1.2","269","Client Hello"
"8365","13:15:50.355003000","_MOI_","geo.mozilla.org","TLSv1.2","293","Client Hello"
"8405","13:15:50.562082000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","571","Client Hello"
"8550","13:15:51.087253000","_MOI_","safebrowsing.cache.l.google.com","TLSv1.2","275","Client Hello"
"12713","13:17:33.220658000","_MOI_","www.google.com","TLSv1.2","571","Client Hello"
"13205","13:27:08.931473000","_MOI_","d22io8ipz38kkf.cloudfront.net","TLSv1.2","269","Client Hello"
"13221","13:27:09.057595000","_MOI_","sb.l.google.com","TLSv1.2","269","Client Hello"
"13317","13:27:09.616734000","_MOI_","safebrowsing.cache.l.google.com","TLSv1.2","275","Client Hello"Je n'ai pas de pages au démarrage, ni de vignettes.
Page d'accueil : about:blank
J'ai testé plusieurs méthodes sur plusieurs environnements : Suppression des plugins (moteurs de recherche et tout le reste), désactivation des extensions, etc...
Je suis sûr que ce n'est pas lié à un malware, car ça me le fait sur n'importe quelle installation de Windows ou Linux fraîche.
Je ne suis pas le seul à rencontrer ces bizarreries.
Plus de précisions ici : http://forum.ubuntu-fr.org/viewtopic.ph ... #p20507381
Et là http://forum.ubuntu-fr.org/viewtopic.php?id=1896601&p=1