From owner-freebsd-questions@freebsd.org Fri Jul 24 02:00:53 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8DFA836B5DA for ; Fri, 24 Jul 2020 02:00:53 +0000 (UTC) (envelope-from admin@govital.net) Received: from mallard.govital.net (mallard.govital.net [208.90.68.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BCXVD4VDdz4S9b for ; Fri, 24 Jul 2020 02:00:52 +0000 (UTC) (envelope-from admin@govital.net) Received: from dhcp-108-170-135-7.cable.user.start.ca ([108.170.135.7] helo=[192.168.0.122]) by mallard.govital.net with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94) (envelope-from ) id 1jyn0v-0004WH-OE for freebsd-questions@freebsd.org; Thu, 23 Jul 2020 22:00:45 -0400 Subject: Re: ipfw is making contact with 198.61.170.85 port 4021 To: freebsd-questions@freebsd.org References: <5F1A354B.7030508@gmail.com> <20200724022247.59475066@gumby.homeunix.com> <5F1A3DC0.10702@gmail.com> From: Admin Message-ID: <76d60709-70d6-5441-e1a8-d73fb819006b@govital.net> Date: Thu, 23 Jul 2020 22:00:39 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <5F1A3DC0.10702@gmail.com> Content-Language: en-US X-Authenticated-Id: admin@govital.net X-Rspamd-Queue-Id: 4BCXVD4VDdz4S9b X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=govital.net; spf=pass (mx1.freebsd.org: domain of admin@govital.net designates 208.90.68.196 as permitted sender) smtp.mailfrom=admin@govital.net X-Spamd-Result: default: False [-3.05 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-0.96)[-0.962]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_MEDIUM(-1.01)[-1.013]; NEURAL_HAM_SHORT(-0.37)[-0.372]; MIME_BASE64_TEXT(0.10)[]; DMARC_POLICY_ALLOW(-0.50)[govital.net,none]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:393996, ipnet:208.90.68.0/22, country:CA]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2020 02:00:53 -0000 Greetings Ernie, On 23/07/2020 9:47 pm, Ernie Luzar wrote: > RW via freebsd-questions wrote: >> On Thu, 23 Jul 2020 21:11:39 -0400 >> Ernie Luzar wrote: >> >>> A firewall should not be making its own contact with any public ip >>> address. This is a security hole. >>> >>> I have not played with ipfw since before it was rewritten to become >>> ipfw2 so I do not know when this internal "call home"  function was >>> added. pf and ipf are not doing this. I block it to be secure. >>> >>> Can any one provide any info about this? >> >> It might help if you explain what you have actually seen. > > I see log entries in the hosts /var/log/security file for outbound > packets going to the ip address and port number comming from 10.0.10.1 > which is the private ip address of the host. sendmail is turned off > and nothing else is running on the host > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > This seems to be probably from a device in your network. IP address maps to alerts0.envisacor.com Their home page says: > > Solutions For The Security and Home Automation Industry Since 2004 > > > Envisacor is a premiere ODM to the Security and Home Automation > industries. > > > We have designed dozens of products for as many different > companies and have a solid track record for innovation and cost > effectiveness of design. > > > Our expertise extends into all areas of electronics and design > including IP based-products and RF solutions. > Do you have some kind of security or home automation device that's phoning home? -- Chris Demers admin@govital.net https://govital.net