Re: [Condor-users] Urgent, any security breach?

[Todd Tannenbaum <tannenba@xxxxxxxxxxx>]

At 10:19 AM 7/24/2006, Woo Chat Ming wrote:
> Dear Erik,
>
>    I am in the same team as Mr Kwan.  This is the answer for your short
> questions :
>
> > 1. The full IP that's being contacted
> Sorry. I need to check this at the lab tomorrowing morning.
> > 2. The name of the process that has the connection open
> SVCHOST
> > 3. If you disable Condor, does this connection go away?
> Yes.


IP address of 64.4.xx.xx via HTTPS from SVCHOST is a well known 
connection used by Microsoft Update.

If you block this connection, Condor will not care, but Microsoft 
Update will likely cease to work for you.

What I do not fully understand is why this connection is active when 
Condor is enabled, and not when Condor is disabled.  I guess it could 
be co-incidence, or it could be that Condor is using a Microsoft DLL 
that no other service on your machine is using and thus it is 
checking for an update to this DLL.

We'll do some investigative work here to make certain there is 
nothing worrisome happening here.

Thank you for reporting / noticing,
regards,
Todd Tannenbaum
UW-Madison Condor Project



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Todd Tannenbaum                       University of Wisconsin-Madison
Condor Project Research               Department of Computer Sciences
tannenba@xxxxxxxxxxx                  1210 W. Dayton St. Rm #4257
http://www.cs.wisc.edu/~tannenba      Madison, WI 53706-1685
Phone: (608) 263-7132  FAX: (608) 262-9777