So I'm analyzing connections to my computer (I'm reading a book about networking and forensics) and I'm learning how to analyze connections and capture packets.
I've noticed a bunch of lines like the following one:Firefox 44642 lett 55u IPv4 0x06670138 0t0 TCP 192.168.0.101:61365->yyz07s10-in-f9.1e100.net:https (ESTABLISHED)
Firefox 44642 lett 61u IPv4 0x06613884 0t0 TCP 192.168.0.101:62049->yyz07s10-in-f20.1e100.net:https (ESTABLISHED)
Hmm... wtf is 1e100.net? Let's see:Registry Registrant ID:
Registrant Name: DNS Admin
Registrant Organization: Google Inc.
Registrant Street: 1600 Amphitheatre Parkway
Registrant City: Mountain View
Registrant State/Province: CA
Registrant Postal Code: 94043
Registrant Country: US
Registrant Phone: +1.6502530000
Registrant Phone Ext:
Registrant Fax: +1.6506188571
I'm not connected to any google site. I don't use Google search. I don't use Gmail. I don't have Android phone... yet every fucking time I start Firefox, my computer is connecting to Google and is sending them something every time I browse (can't figure out what it is sending them since it's encrypted).
It's impossible to get rid of Google botnet.
PROVE ME WRONG!
yes, I know it's google's. all I'm saying is that it's fucking impossible to kill this shit and disconnect yourself from Botnet.
This is the thing that I was about to say too.
Firefox basically downloads google's list of known shit for 'offline' checking of urls. Please report back after disabling that, I'm curious.
I have that stuff disabled. I even use DisconectMe and uBlock.
I start an empty Firefox (no tabs open whatsoever) and malicious stuff disabled in prefs yet it still connects to this Google domain no matter what I do.
Chrome does the exact same shit.
I've also noticed that if you have Chrome installed, there's a background update process that connects to this google domain every hour or so.
Nope. I use my ISP's DNS because all the CDNs that use geolocation work better and stuff arrives a lot faster. I've used Google's DNS for few weeks some time ago but everything was slower (even though DNS request was fast).
I'm starting to think that some firefox addons are connecting to this google domain.
this book. there's probably better books... you should do some research. I happened to have a used/printed book so I'm flipping through it.
What's interesting is that there's around 5KB worth of info being sent to Google every time it connects to it. Not much is sent back. That's a lot of data. You could pack someone'd daily browsing history in that much space.
Yet I can't decrypt it with Wireshark... I'm not even sure how to do it at this point. Maybe there's a chapter on that.
>implying it's being misused
google shill plz