Firewall log: traffic blocked to web.statseb.fr

Message boards : Questions and problems : Firewall log: traffic blocked to web.statseb.fr
Message board moderation

To post messages, you must log in.

AuthorMessage
Jazzop

Send message
Joined: 19 Dec 06
Posts: 90
United States
Message 70316 - Posted: 20 Jun 2016, 5:25:36 UTC
Last modified: 20 Jun 2016, 5:25:48 UTC

My firewall log shows a bunch of blocked TCP:RA traffic from one of my machines outbound to 91.121.40.124:80, which resolves as web.statseb.fr

That URL has something to do with BOINC signature stats, but I can't figure out what it is or why one of my machines wants to talk to it.
ID: 70316 · Report as offensive
SekeRob2

Send message
Joined: 6 Jul 10
Posts: 585
Italy
Message 70320 - Posted: 20 Jun 2016, 10:21:12 UTC - in response to Message 70316.  

Maybe someone has it in a forum post(s).

When testing that address get

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.


The question is, have you identified from where you get this address injected?
Coelum Non Animum Mutant, Qui Trans Mare Currunt
ID: 70320 · Report as offensive
Dr Who Fan
Avatar

Send message
Joined: 10 May 07
Posts: 1373
United States
Message 70335 - Posted: 21 Jun 2016, 17:33:18 UTC - in response to Message 70316.  

My firewall log shows a bunch of blocked TCP:RA traffic from one of my machines outbound to 91.121.40.124:80, which resolves as web.statseb.fr

That URL has something to do with BOINC signature stats, but I can't figure out what it is or why one of my machines wants to talk to it.


Yes can confirm that is the server to the stats signatures. You can see the them here: http://signature.statseb.fr/
It will NOT come from inside the BOINC program/projects, only from "user signatures" in various forum post on ANY of the project boards or possibly from this board where forum signatures ARE allowed.

It should be safe to allow through the firewall.
ID: 70335 · Report as offensive
ProfileAgentb
Avatar

Send message
Joined: 30 May 15
Posts: 265
United Kingdom
Message 70341 - Posted: 21 Jun 2016, 23:02:02 UTC - in response to Message 70335.  

It should be safe to allow through the firewall.


or you can hide signatures here Forum preferences
ID: 70341 · Report as offensive
Jazzop

Send message
Joined: 19 Dec 06
Posts: 90
United States
Message 70569 - Posted: 30 Jun 2016, 7:51:26 UTC - in response to Message 70335.  

Is it the server for signatures on this BOINC forum or that of some project's site? I don't use signatures, so I assume it is trying to pull data for all the other forum participants' own signatures?

Regardless, the real questions are:

1. Why is this traffic originating from a machine that spends its time as a headless domain controller that crunches WUs in its spare time? What application could be triggering this, if not a web browser?

2. Why is this traffic flooding? Example:

Jun 30 02:04:10 LAN Default deny rule IPv4 (1000000103) 192.168.0.50:59589 91.121.40.124:80 TCP:RA
Jun 30 02:03:58
Jun 30 02:03:53
Jun 30 02:03:50
Jun 30 02:03:49
...etc.
ID: 70569 · Report as offensive

Message boards : Questions and problems : Firewall log: traffic blocked to web.statseb.fr

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.