Bitcoin Forum
December 11, 2016, 10:06:56 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Client port 443 outgoing connection  (Read 2124 times)
gnar1ta$
Donator
Hero Member
*
Offline Offline

Activity: 756


View Profile
November 04, 2011, 04:49:35 PM
 #1

Got this today from my firewall when I started client 0.4.0 on OS X:
"Bitcoin wants to connect to store.esellerate.net on TCP port 443 (https) IP 209.87.181.216"

Is this normal?  I haven't seen it before.

Losing hundreds of Bitcoins with the best scammers in the business - BFL, Avalon, KNC, HashFast.
1481450816
Hero Member
*
Offline Offline

Posts: 1481450816

View Profile Personal Message (Offline)

Ignore
1481450816
Reply with quote  #2

1481450816
Report to moderator
1481450816
Hero Member
*
Offline Offline

Posts: 1481450816

View Profile Personal Message (Offline)

Ignore
1481450816
Reply with quote  #2

1481450816
Report to moderator
1481450816
Hero Member
*
Offline Offline

Posts: 1481450816

View Profile Personal Message (Offline)

Ignore
1481450816
Reply with quote  #2

1481450816
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481450816
Hero Member
*
Offline Offline

Posts: 1481450816

View Profile Personal Message (Offline)

Ignore
1481450816
Reply with quote  #2

1481450816
Report to moderator
1481450816
Hero Member
*
Offline Offline

Posts: 1481450816

View Profile Personal Message (Offline)

Ignore
1481450816
Reply with quote  #2

1481450816
Report to moderator
1481450816
Hero Member
*
Offline Offline

Posts: 1481450816

View Profile Personal Message (Offline)

Ignore
1481450816
Reply with quote  #2

1481450816
Report to moderator
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
November 13, 2011, 06:04:54 PM
 #2

I don't think there is any reason the Bitcoin client would attempt to make an outgoing connection on port 443 unless you are specifically telling it to do so through settings (rpcconnect, rpcssl) in your Bitcoin.conf

Are you using a stock Bitcoin.conf?

Where did you get that binary build from?

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 13, 2011, 06:38:23 PM
 #3

That domain belongs to Digital River, a company who, among other things, does third party software activations. Really strange.

bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
November 13, 2011, 06:41:58 PM
 #4

That domain belongs to Digital River, a company who, among other things, does third party software activations. Really strange.

Maybe Gavin used that to prevent piracy with the Oracle license Tongue ?
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 13, 2011, 06:55:09 PM
 #5

That domain belongs to Digital River, a company who, among other things, does third party software activations. Really strange.

Maybe Gavin used that to prevent piracy with the Oracle license Tongue ?


Well, I would freak out if my Bitcoin client was connecting to that domain, no matter the reason.

The real question here is: Where da f*** did the OP got the binary from?

gnar1ta$
Donator
Hero Member
*
Offline Offline

Activity: 756


View Profile
November 13, 2011, 07:05:44 PM
 #6

It's the stock client from the Bitcoin.org website. Just downloaded and installed, no compiling or third party sources. If it's something malicious it may be happening to others without them noticing.  It isn't detected by the system firewall.  I use a network monitor/outgoing connection firewall that catches it.

Losing hundreds of Bitcoins with the best scammers in the business - BFL, Avalon, KNC, HashFast.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 13, 2011, 07:25:11 PM
 #7

Well, that makes things even more strange. That's an HTTP SSL connection, no reason whatsoever for the Bitcoin client to open it, even if that IP was a node, which would make the port and type of connection different.

bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
November 13, 2011, 07:27:46 PM
 #8

It's the stock client from the Bitcoin.org website. Just downloaded and installed, no compiling or third party sources. If it's something malicious it may be happening to others without them noticing.  It isn't detected by the system firewall.  I use a network monitor/outgoing connection firewall that catches it.

We are in deep trouble then. From official website ? Maybe it has backdoor !?
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 13, 2011, 07:34:43 PM
 #9

It's the stock client from the Bitcoin.org website. Just downloaded and installed, no compiling or third party sources. If it's something malicious it may be happening to others without them noticing.  It isn't detected by the system firewall.  I use a network monitor/outgoing connection firewall that catches it.

We are in deep trouble then. From official website ? Maybe it has backdoor !?

Too bad I don't have even a Mac VM or I would try it.
Will wireshark my 0.3.24 on linux and see if it does the same. Maybe I can use wireshark to monitor the 0.4.0 that I have installed on my windows machine.

odysseus654
Jr. Member
*
Offline Offline

Activity: 44


View Profile
November 13, 2011, 11:51:57 PM
 #10

If you have ProcessExplorer, maybe grab a stack trace and see where the request originated from?  Run Fiddler2 in MITM-attack mode and see what it's sending?

It's possible that it's not the official client technically making this connection anyhow, perhaps there is a DLL inside the process that is initiating this action.  Your anti-virus/anti-adware up to date?
gnar1ta$
Donator
Hero Member
*
Offline Offline

Activity: 756


View Profile
November 14, 2011, 12:24:44 AM
 #11

If you have ProcessExplorer, maybe grab a stack trace and see where the request originated from?  Run Fiddler2 in MITM-attack mode and see what it's sending?

It's possible that it's not the official client technically making this connection anyhow, perhaps there is a DLL inside the process that is initiating this action.  Your anti-virus/anti-adware up to date?

It's a mac...don't have ati-virus/anti-adware.  Haven't needed it before, but after this and reviewing my sshd logs (didn't have deny hosts set up properly) I think I'll install Eset.

Losing hundreds of Bitcoins with the best scammers in the business - BFL, Avalon, KNC, HashFast.
paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
November 14, 2011, 12:24:54 AM
 #12

could be the "dnsseed" ? stackexchange

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!