Re: [Condor-users] Urgent, any security breach?

[Erik Paulson <epaulson@xxxxxxxxxxx>]

On Mon, Jul 24, 2006 at 05:32:38PM +0800, Kwan Wing Keung wrote:
> 
> Dear All,
> 
> We have just installed a new pool of executing nodes on our WIN-XP PCs in 
> the student laboratory.  Upon completing the installation, we tried to look
> at the processor utilization and also the processes created.  However at 
> this point we noticed two communication processes established (through 
> using "netstat -o -n"), with one process pointing towards an IP address 
> of 64.4.xx.xx via https:
> 
> We and our management are very concerned on this, and we wonder:
> 
> (1) If this connection to 64.4.xx.xx normal?  Our University
>      never uses this IP.
> (2) If this connection is disabled, whether CONDOR can still
>      function properly.
> 

64.4 is registered to Microsoft for hotmail. Are you sure it's a Condor
process making this connection, and are you sure nothing at your university
never connects to Hotmail?

If you could send us a bit more information, we'd much appreciate it.
If you could send to condor-admin@xxxxxxxxxxx the following information:

1. The full IP that's being contacted
2. The name of the process that has the connection open
3. If you disable Condor, does this connection go away?
4. The exact filename of the Condor installer you downloaded.

-Erik
 
> Help!!!
> 
> W.K. Kwan
> Computer Centre
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> 
> The archives can be found at either
> https://lists.cs.wisc.edu/archive/condor-users/
> http://www.opencondor.org/spaces/viewmailarchive.action?key=CONDOR