[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Urgent, any security breach?

At 10:19 AM 7/24/2006, Woo Chat Ming wrote:
Dear Erik,

   I am in the same team as Mr Kwan.  This is the answer for your short
questions :

> 1. The full IP that's being contacted
Sorry. I need to check this at the lab tomorrowing morning.
> 2. The name of the process that has the connection open
> 3. If you disable Condor, does this connection go away?

IP address of 64.4.xx.xx via HTTPS from SVCHOST is a well known connection used by Microsoft Update.

If you block this connection, Condor will not care, but Microsoft Update will likely cease to work for you.

What I do not fully understand is why this connection is active when Condor is enabled, and not when Condor is disabled. I guess it could be co-incidence, or it could be that Condor is using a Microsoft DLL that no other service on your machine is using and thus it is checking for an update to this DLL.

We'll do some investigative work here to make certain there is nothing worrisome happening here.

Thank you for reporting / noticing,
Todd Tannenbaum
UW-Madison Condor Project

Todd Tannenbaum                       University of Wisconsin-Madison
Condor Project Research               Department of Computer Sciences
tannenba@xxxxxxxxxxx                  1210 W. Dayton St. Rm #4257
http://www.cs.wisc.edu/~tannenba      Madison, WI 53706-1685
Phone: (608) 263-7132  FAX: (608) 262-9777