1. Forum
  2. Usenet
  3. COMP.OS.LINUX.SECURITY

  • xpdf 4.03 connecting to unknown hosts??

    From Dario Niedermann@21:1/5 to All on Thu Mar 10 15:59:40 2022
    XPost: comp.security.unix

    I just randomly found out that running xpdf instances are connecting via
    https to unknown internet hosts:

    -----
    $ lsof -i:https
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    xpdf 4548 ndr 60u IPv4 3240798 0t0 TCP myhost:60178->151.101.1.140:https (CLOSE_WAIT)
    xpdf 4548 ndr 62u IPv4 3241136 0t0 TCP myhost:54798->151.101.193.140:https (CLOSE_WAIT)
    xpdf 4548 ndr 64u IPv4 3241163 0t0 TCP myhost:59904->151.101.65.140:https (CLOSE_WAIT)
    xpdf 4548 ndr 66u IPv4 3241168 0t0 TCP myhost:58196->151.101.114.49:https (CLOSE_WAIT)
    xpdf 4548 ndr 67u IPv4 3242068 0t0 TCP myhost:37120->151.101.0.95:https (CLOSE_WAIT)
    xpdf 4548 ndr 68u IPv4 3241177 0t0 TCP myhost:44826->151.101.66.49:https (CLOSE_WAIT)
    xpdf 4548 ndr 69u IPv4 3242069 0t0 TCP myhost:60520->104.16.149.64:https (CLOSE_WAIT)
    xpdf 4548 ndr 78u IPv4 3241196 0t0 TCP myhost:58432->104.16.19.94:https (CLOSE_WAIT)
    xpdf 4548 ndr 80u IPv4 3241189 0t0 TCP myhost:60516->104.16.149.64:https (CLOSE_WAIT)
    [...]
    -----

    I can't think of a good, non-malicious explanation to this...
    What does everyone think?

    --
    Dario Niedermann -:- finger my email address for PGP key, etc.

    Also on the Internet at: <gopher://darioniedermann.it/>
    <https://www.darioniedermann.it/>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)