Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

Learn More

话题已存档。 如果需要帮助请提出新问题。

Background connection to the US military on IP 55.65.117.34

  • 4 个回答
  • 1 人有此问题
  • 27 次查看
  • 最后回复者为 zeroknight

mozel3
mozel3
more options

Hi. I found the IP 55.65.117.34 in a 'netstat -a' result last night on my Linux computer while I was doing a port scan. There were 2 instances of the following connection on different ports, which appear whenever Firefox is started and remain active for some considerable time after it is closed: '55.65.117.34.bc.g:https ESTABLISHED'

I ran the IP through a number of IP look-up sites and got the same relevant results from each.

IP Look-up results: IP Address: 55.65.117.34 ASN: 331 City: Fort Huachuca State/Region: Arizona Country: United States of America Postal Code: 85613 ISP: Headquarters USAISC (US Army Information Systems Center - Fort Huachuca, AZ, USA). 'DoD Network Information Center'. (The above domain registration includes a '.mil' (military) E-mail address)

Please can you explain:

  • why a connection to the US military is being established without my knowledge,
  • what the purpose of the connection is and what, if any, data has been gathered,
  • how long this has been going on,
  • how I go about preventing it occurring in the future.

Until these questions are answered to my satisfaction I will be using Brave browser.

Kind regards.

Hi. I found the IP 55.65.117.34 in a 'netstat -a' result last night on my Linux computer while I was doing a port scan. There were 2 instances of the following connection on different ports, which appear whenever Firefox is started and remain active for some considerable time after it is closed: '55.65.117.34.bc.g:https ESTABLISHED' I ran the IP through a number of IP look-up sites and got the same relevant results from each. IP Look-up results: IP Address: 55.65.117.34 ASN: 331 City: Fort Huachuca State/Region: Arizona Country: United States of America Postal Code: 85613 ISP: Headquarters USAISC (US Army Information Systems Center - Fort Huachuca, AZ, USA). 'DoD Network Information Center'. (The above domain registration includes a '.mil' (military) E-mail address) Please can you explain: * why a connection to the US military is being established without my knowledge, * what the purpose of the connection is and what, if any, data has been gathered, * how long this has been going on, * how I go about preventing it occurring in the future. Until these questions are answered to my satisfaction I will be using Brave browser. Kind regards.

所有回复 (4)

zeroknight
zeroknight
more options

If you run netstat -aW you will see that the domain is "googleusercontent". IP lookup can be misleading, the addresses could be owned by DoD but used by Google data centers since there is a lack of IPv4 real estate.

You may want to reduce your dependency on Google services but It is very difficult to avoid their servers entirely, as they are widely used across many websites, apps and devices.

If you are concerned, it would be preferable to reduce remote connections, install arkenfox hardened settings or use a Firefox-based fork like LibreWolf or Mullvad, rather than switching to a Google-derived browser.

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

"netstat -a" returns (truncated) host names, not IP addresses. For the reasons that follow, the military IP address is not the relevant address.

You saw a truncated host name which cut off after 17 characters for some reason:

55.65.117.34.bc.g:https ESTABLISHED

As mentioned by zeroknight, the full host name is

55.65.117.34.bc.googleusercontent.com:https ESTABLISHED

When you nslookup the full host name, the IP address associated with that host is

34.117.65.55

(The order of the octets in the IP address is reversed in the host name.)

To confirm, run "netstat -an" (the n switches from host names to IP addresses).

(Note for Windows users: to list the executable associated with the connection, run cmd.exe as administrator and use "netstat -b" or "netstat -bn")

mozel3
mozel3 提问者
more options

Thanks for that feedback. I think I should have realised something like that from the seven domain IPs ending with 34 that are connected to on start-up. Perhaps you can shed some light onto why 55.65.117.34.bc.googleusercontent.com and the others are established whenever Firefox is started, even when I set my home-page to a blank HTML file from my PC that makes no external calls whatsoever and Firfeox opens in Troubleshooting mode (all extensions disabled). Firefox makes this call every time I run it and it remains established throughout the session. What is the purpose of establishing this connection?

Also, with the same conditions stated above, immediately after Firefox starts, the following connections are established, though all but 55.65.117.34.bc.googleusercontent.com soon disappear.

tcp 0 0 STA1:36392 53.121.117.34.bc.googleusercontent.com:https ESTABLISHED tcp 0 0 STA1:54918 a104-110-191-185.deploy.static.akamaitechnologies.com:http TIME_WAIT tcp 0 0 STA1:54686 191.144.160.34.bc.googleusercontent.com:https ESTABLISHED tcp 0 0 STA1:38654 82.221.107.34.bc.googleusercontent.com:http ESTABLISHED tcp 0 0 STA1:43406 209.100.149.34.bc.googleusercontent.com:https ESTABLISHED tcp 0 0 STA1:38650 82.221.107.34.bc.googleusercontent.com:http ESTABLISHED tcp 0 0 STA1:50206 55.65.117.34.bc.googleusercontent.com:https ESTABLISHED tcp 0 0 STA1:35458 a104-110-191-177.deploy.static.akamaitechnologies.com:http ESTABLISHED tcp 0 0 STA1:50214 55.65.117.34.bc.googleusercontent.com:https ESTABLISHED

Confused!

I believe that Brave browser proxies these and all background Google connections as standard for added security/privacy/protection.

zeroknight
zeroknight
more options

A persistent connection is required for web push notifications. You can see all the different types of connections detailed in the article How to stop Firefox from making automatic connections. The privacy-oriented Firefox forks LibreWolf and Mullvad are pre-configured for minimal connections.