[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Urgent, any security breach?
- Date: Mon, 24 Jul 2006 11:22:38 -0500
- From: Todd Tannenbaum <tannenba@xxxxxxxxxxx>
- Subject: Re: [Condor-users] Urgent, any security breach?
At 10:19 AM 7/24/2006, Woo Chat Ming wrote:
I am in the same team as Mr Kwan. This is the answer for your short
> 1. The full IP that's being contacted
Sorry. I need to check this at the lab tomorrowing morning.
> 2. The name of the process that has the connection open
> 3. If you disable Condor, does this connection go away?
IP address of 64.4.xx.xx via HTTPS from SVCHOST is a well known
connection used by Microsoft Update.
If you block this connection, Condor will not care, but Microsoft
Update will likely cease to work for you.
What I do not fully understand is why this connection is active when
Condor is enabled, and not when Condor is disabled. I guess it could
be co-incidence, or it could be that Condor is using a Microsoft DLL
that no other service on your machine is using and thus it is
checking for an update to this DLL.
We'll do some investigative work here to make certain there is
nothing worrisome happening here.
Thank you for reporting / noticing,
UW-Madison Condor Project
Todd Tannenbaum University of Wisconsin-Madison
Condor Project Research Department of Computer Sciences
tannenba@xxxxxxxxxxx 1210 W. Dayton St. Rm #4257
http://www.cs.wisc.edu/~tannenba Madison, WI 53706-1685
Phone: (608) 263-7132 FAX: (608) 262-9777