Re: [Condor-users] Urgent, any security breach?

[Kwan Wing Keung <hcxckwk@xxxxxxxxxxxx>]

Dear all,

We recently reported some of our observation upon installing Condor onto a 
new pool of PCs.  We observed the establishment of a connection using 
IP address of 64.4.xx.xx via HTTPS from SVCHOST.  After obtaining more
technical suggestions from the Condor Development Team, we have 
conducted another thorough testing on several PCs, with and without CONDOR 
installed.  We found that the 64.4.xx.xx connected is always established, 
and thus this is not a problem of Condor.

We are indeed very sorry for this false alarm.  For your information, we 
have already been very successful in porting many of our HPC users' 
programs to work in our pilot Condor setup.  Because of the success,
we have requested to our management in installing Condor onto most of
the other PCs in our student labs.  This is why we are so conscious on the
security concern.

Thanks again for the excellent Condor software and the valuable helps
that have been given.

W.K. Kwan
Computer Centre
University of Hongkong

======


On Mon, 24 Jul 2006, Todd Tannenbaum wrote:

> At 10:19 AM 7/24/2006, Woo Chat Ming wrote:
> > Dear Erik,
> >
> >    I am in the same team as Mr Kwan.  This is the answer for your short
> > questions :
> >
> > > 1. The full IP that's being contacted
> > Sorry. I need to check this at the lab tomorrowing morning.
> > > 2. The name of the process that has the connection open
> > SVCHOST
> > > 3. If you disable Condor, does this connection go away?
> > Yes.
>
>
> IP address of 64.4.xx.xx via HTTPS from SVCHOST is a well known
> connection used by Microsoft Update.
>
> If you block this connection, Condor will not care, but Microsoft
> Update will likely cease to work for you.
>
> What I do not fully understand is why this connection is active when
> Condor is enabled, and not when Condor is disabled.  I guess it could
> be co-incidence, or it could be that Condor is using a Microsoft DLL
> that no other service on your machine is using and thus it is
> checking for an update to this DLL.
>
> We'll do some investigative work here to make certain there is
> nothing worrisome happening here.
>
> Thank you for reporting / noticing,
> regards,
> Todd Tannenbaum
> UW-Madison Condor Project
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Todd Tannenbaum                       University of Wisconsin-Madison
> Condor Project Research               Department of Computer Sciences
> tannenba@xxxxxxxxxxx                  1210 W. Dayton St. Rm #4257
> http://www.cs.wisc.edu/~tannenba      Madison, WI 53706-1685
> Phone: (608) 263-7132  FAX: (608) 262-9777
>
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at either
> https://lists.cs.wisc.edu/archive/condor-users/
> http://www.opencondor.org/spaces/viewmailarchive.action?key=CONDOR