Opened 15 years ago

Closed 14 years ago

#965 closed bug (Fixed)

Weird connections to 127.61.247.219:80

Reported by: jankratochvil Owned by: andar
Priority: critical Milestone:
Component: Core Version: other (please specify)
Keywords: Cc:

Description

Started getting these weird local httpd requests:

127.61.247.219 - - [20/Jun/2009:16:22:11 +0200] "E\xfb?\x7f{\xea\x11\x9b:\xde\x1e\xe1\xd7-\xb0\xb7\x9a>,\x1c\xee\xe0\x8f\xdeF\xa2\xef\t" 403 - "-" "-"
127.61.247.219 - - [20/Jun/2009:16:24:27 +0200] "l\xb2,\xdf\xe0\xc0\v\x1f\xf0\x0e\xe3" 400 356 "-" "-"
127.61.247.219 - - [20/Jun/2009:16:26:58 +0200] "\xbe" 403 - "-" "-"
127.61.247.219 - - [20/Jun/2009:16:29:17 +0200] "a2\xb7\x9d/_+\xd1_\x9b\x9e\b\x7f\x15#B)V\x05\xc2\xc1w\xfdVJ\x99\xf7p07\xa9\xb7" 403 - "-" "-"
127.61.247.219 - - [20/Jun/2009:16:31:38 +0200] "w\x95jA\x1ay\x14\x95\xc79#\xbe\xe8\xcf\xd6b\x13\xa5\xa9\x9a\xd8\xe6\x8a\x96\xa1\x1c\xbb\xfd\x8c\x9b\xe3\xf9\xef\xea\xbe\xe1B\xdfw\xeb\x14u/|\xc2\xf3\xf7`\x953\xd7\x80+\xcf\x15S*U\tT\xe9\xf4\xec\x16\x16m$\x0f\xb3\x1b\xf6>\x83\b\xdf[\xb5\x0e\x8b\x94\xbd)k\xa5\x95w\xd5\x19)\xe3\xda\xb1Ol\xc3*R(\x18NV\x17\x9fM@\x03*." 400 356 "-" "-"
127.61.247.219 - - [20/Jun/2009:16:34:05 +0200] "\x93\xc7\xd54~x" 403 - "-" "-"
127.61.247.219 - - [20/Jun/2009:16:49:52 +0200] "\xd9\x8c6\xfd\xcc\xea!X/\xe5\xc0F\x7f5\x11U\xb0\x15\xe5\xab\xbd\xc84\xfc\x12\xcb\xfe\xad\xb06\xd3\xf4{\xd6$N\xeb\xf9\xb1\xdd\xe0\xb0c\x96\xf0\xb4\xf0\x96\xd0[j\x1b" 403 - "-" "-"
127.61.247.219 - - [20/Jun/2009:17:05:34 +0200] "J" 403 - "-" "-"
127.61.247.219 - - [20/Jun/2009:17:19:42 +0200] "V\x12K)\xe1\x19\x7f\xa2\xf5HE\x9d\xce\xd6\xb7\xad\x0c@Y3~\x8a\xd4\x10s+\xd8<H\vI\x92" 400 451 "-" "-"

It came from deluge:

tcp        0      0 127.61.247.219:80           127.61.247.219:47918        SYN_RECV    -
tcp        0      0 127.61.247.219:47918        127.61.247.219:80           ESTABLISHED 3529/python
tcp        0      0 127.61.247.219:80           127.61.247.219:47918        SYN_RECV    -
tcp        0      0 127.61.247.219:47918        127.61.247.219:80           ESTABLISHED 3529/python
tcp        0      0 ::ffff:127.61.247.219:80    ::ffff:127.61.247.219:47918 ESTABLISHED -          
tcp        0      0 127.61.247.219:47918        127.61.247.219:80           ESTABLISHED 3529/python
tcp        0      0 127.61.247.219:47918        127.61.247.219:80           TIME_WAIT   -          
tcp        0      0 ::ffff:127.61.247.219:80    ::ffff:127.61.247.219:59375 ESTABLISHED -          
tcp        0      0 127.61.247.219:59375        127.61.247.219:80           ESTABLISHED 3529/python
tcp        0      0 127.61.247.219:59375        127.61.247.219:80           TIME_WAIT   -          

(PID 3529 was the deluge client, not deluged.)

deluge-1.1.9-1.fc11.noarch rb_libtorrent-0.14.3-2.fc11.x86_64 python-2.6-9.fc11.x86_64

Cannot it be some security exploit attempt? Machines are not protected from attacks from a localhost IP.

I was serving just these torrents from http://fedoraproject.org/:

Fedora-11-i386-DVD.torrent
Fedora-11-i686-Live.torrent
Fedora-11-x86_64-DVD.torrent
Fedora-11-x86_64-Live.torrent

Change History (1)

comment:1 Changed 14 years ago by andar

  • Resolution set to fixed
  • Status changed from new to closed

Cannot reproduce this.. Does it still happen with the latest 1.2 RC? Please re-open if still applicable.

Note: See TracTickets for help on using tickets.