[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Urgent, any security breach?

Dear all,

We recently reported some of our observation upon installing Condor onto a new pool of PCs. We observed the establishment of a connection using IP address of 64.4.xx.xx via HTTPS from SVCHOST. After obtaining more technical suggestions from the Condor Development Team, we have conducted another thorough testing on several PCs, with and without CONDOR installed. We found that the 64.4.xx.xx connected is always established, and thus this is not a problem of Condor.

We are indeed very sorry for this false alarm. For your information, we have already been very successful in porting many of our HPC users' programs to work in our pilot Condor setup. Because of the success,
we have requested to our management in installing Condor onto most of
the other PCs in our student labs.  This is why we are so conscious on the
security concern.

Thanks again for the excellent Condor software and the valuable helps
that have been given.

W.K. Kwan
Computer Centre
University of Hongkong


On Mon, 24 Jul 2006, Todd Tannenbaum wrote:

At 10:19 AM 7/24/2006, Woo Chat Ming wrote:
Dear Erik,

   I am in the same team as Mr Kwan.  This is the answer for your short
questions :

1. The full IP that's being contacted
Sorry. I need to check this at the lab tomorrowing morning.
2. The name of the process that has the connection open
3. If you disable Condor, does this connection go away?

IP address of 64.4.xx.xx via HTTPS from SVCHOST is a well known
connection used by Microsoft Update.

If you block this connection, Condor will not care, but Microsoft
Update will likely cease to work for you.

What I do not fully understand is why this connection is active when
Condor is enabled, and not when Condor is disabled.  I guess it could
be co-incidence, or it could be that Condor is using a Microsoft DLL
that no other service on your machine is using and thus it is
checking for an update to this DLL.

We'll do some investigative work here to make certain there is
nothing worrisome happening here.

Thank you for reporting / noticing,
Todd Tannenbaum
UW-Madison Condor Project

Todd Tannenbaum                       University of Wisconsin-Madison
Condor Project Research               Department of Computer Sciences
tannenba@xxxxxxxxxxx                  1210 W. Dayton St. Rm #4257
http://www.cs.wisc.edu/~tannenba      Madison, WI 53706-1685
Phone: (608) 263-7132  FAX: (608) 262-9777

Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at either