Title: Client port 443 outgoing connection
Post by: gnar1ta$ on November 04, 2011, 04:49:35 PM
Got this today from my firewall when I started client 0.4.0 on OS X:
"Bitcoin wants to connect to �store.esellerate.net� on TCP port 443 (https) IP 209.87.181.216"
Is this normal? I haven't seen it before.
Title: Re: Client port 443 outgoing connection
Post by: Stephen Gornick on November 13, 2011, 06:04:54 PM
I don't think there is any reason the Bitcoin client would attempt to make an outgoing connection on port 443 unless you are specifically telling it to do so through settings (rpcconnect, rpcssl) in your Bitcoin.conf
Are you using a stock Bitcoin.conf?
Where did you get that binary build from?
Title: Re: Client port 443 outgoing connection
Post by: Raoul Duke on November 13, 2011, 06:38:23 PM
That domain belongs to Digital River, a company who, among other things, does third party software activations. Really strange.
Title: Re: Client port 443 outgoing connection
Post by: bulanula on November 13, 2011, 06:41:58 PM
That domain belongs to Digital River, a company who, among other things, does third party software activations. Really strange.
Maybe Gavin used that to prevent piracy with the Oracle license :P ?
Title: Re: Client port 443 outgoing connection
Post by: Raoul Duke on November 13, 2011, 06:55:09 PM
That domain belongs to Digital River, a company who, among other things, does third party software activations. Really strange.
Maybe Gavin used that to prevent piracy with the Oracle license :P ? Well, I would freak out if my Bitcoin client was connecting to that domain, no matter the reason. The real question here is: Where da f*** did the OP got the binary from?
Title: Re: Client port 443 outgoing connection
Post by: gnar1ta$ on November 13, 2011, 07:05:44 PM
It's the stock client from the Bitcoin.org website. Just downloaded and installed, no compiling or third party sources. If it's something malicious it may be happening to others without them noticing. It isn't detected by the system firewall. I use a network monitor/outgoing connection firewall that catches it.
Title: Re: Client port 443 outgoing connection
Post by: Raoul Duke on November 13, 2011, 07:25:11 PM
Well, that makes things even more strange. That's an HTTP SSL connection, no reason whatsoever for the Bitcoin client to open it, even if that IP was a node, which would make the port and type of connection different.
Title: Re: Client port 443 outgoing connection
Post by: bulanula on November 13, 2011, 07:27:46 PM
It's the stock client from the Bitcoin.org website. Just downloaded and installed, no compiling or third party sources. If it's something malicious it may be happening to others without them noticing. It isn't detected by the system firewall. I use a network monitor/outgoing connection firewall that catches it.
We are in deep trouble then. From official website ? Maybe it has backdoor !?
Title: Re: Client port 443 outgoing connection
Post by: Raoul Duke on November 13, 2011, 07:34:43 PM
It's the stock client from the Bitcoin.org website. Just downloaded and installed, no compiling or third party sources. If it's something malicious it may be happening to others without them noticing. It isn't detected by the system firewall. I use a network monitor/outgoing connection firewall that catches it.
We are in deep trouble then. From official website ? Maybe it has backdoor !? Too bad I don't have even a Mac VM or I would try it. Will wireshark my 0.3.24 on linux and see if it does the same. Maybe I can use wireshark to monitor the 0.4.0 that I have installed on my windows machine.
Title: Re: Client port 443 outgoing connection
Post by: odysseus654 on November 13, 2011, 11:51:57 PM
If you have ProcessExplorer, maybe grab a stack trace and see where the request originated from? Run Fiddler2 in MITM-attack mode and see what it's sending?
It's possible that it's not the official client technically making this connection anyhow, perhaps there is a DLL inside the process that is initiating this action. Your anti-virus/anti-adware up to date?
Title: Re: Client port 443 outgoing connection
Post by: gnar1ta$ on November 14, 2011, 12:24:44 AM
If you have ProcessExplorer, maybe grab a stack trace and see where the request originated from? Run Fiddler2 in MITM-attack mode and see what it's sending?
It's possible that it's not the official client technically making this connection anyhow, perhaps there is a DLL inside the process that is initiating this action. Your anti-virus/anti-adware up to date?
It's a mac...don't have ati-virus/anti-adware. Haven't needed it before, but after this and reviewing my sshd logs (didn't have deny hosts set up properly) I think I'll install Eset.
Title: Re: Client port 443 outgoing connection
Post by: paraipan on November 14, 2011, 12:24:54 AM
could be the "dnsseed" ? stackexchange (http://bitcoin.stackexchange.com/questions/1292/bitcoin-client-irc-a-potential-network-weak-link)
|