User avatar
paulwratt
Posts: 83
Joined: Fri Jun 12, 2015 12:15 am

raspberrypi.fritz

Thu Apr 20, 2017 1:26 am

why do I have a TCP connection with HTTPS over "local host" to raspberrypi.fritz (IP address is foreign)

(top 3 lines of "netstat" output)

Paul

User avatar
paulwratt
Posts: 83
Joined: Fri Jun 12, 2015 12:15 am

Re: raspberrypi.fritz

Thu Apr 20, 2017 9:37 am

is this one of those BotNet hacks people have been talking about lately?

I check for "fritz" as a package and get nothing

The IP addresses were foreign and connected, before I blocked the host name in /etc/hosts

over SSH, is it a VPN?

the only thing on google is references to:
raspberrypi.fritz.box

anyone have any ideas?

Paul

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: raspberrypi.fritz

Thu Apr 20, 2017 7:54 pm

Code: Select all

sudo netstat -ntp
will show the process owning a particular connection (this is one of the times when you do need sudo)

If the name from netstat isn't that useful then ps -ef or looking at /proc/PID might help. e.g looking at one of my Pis. You can also use dpkg -S to see what package owns a file.

Code: Select all

[email protected]:~ $ sudo netstat -nutp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0     88 192.168.1.76:22        192.168.1.254:50883    ESTABLISHED 843/sshd: pi [priv]

[email protected]:~ $ sudo ls -l /proc/843/exe
lrwxrwxrwx 1 root root 0 Apr 19 23:29 /proc/843/exe -> /usr/sbin/sshd

[email protected]:~ $ dpkg -S /usr/sbin/sshd
openssh-server: /usr/sbin/sshd

User avatar
paulwratt
Posts: 83
Joined: Fri Jun 12, 2015 12:15 am

Re: raspberrypi.fritz

Tue Apr 25, 2017 10:19 am

thankyou for that

if I un-hosts the url I might be able to see which process it is attached to, but I have already disabled "sshd"

if there is more interest in tracking the IP address associated with the (vpn style) local url, I would be happy to investigate it further

seems no one is interested tho..

Cheers

Paul

User avatar
RaTTuS
Posts: 10329
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: raspberrypi.fritz

Tue Apr 25, 2017 10:27 am

have you opened up your RPI to the internet via your router ?
if so what instructions did you follow ?
have you changed your pi password from raspberry ?

remove the sdcard burn a new image on afresh one - update it
copy any data you have on the old one - not programs

learn to security
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

ghans
Posts: 7863
Joined: Mon Dec 12, 2011 8:30 pm
Location: Germany

Re: raspberrypi.fritz

Tue Apr 25, 2017 10:35 am

Do you actually own a FritzBox (or a rebadge from your ISP) ? They automatically make any connected device reachable under hostname.fritz.box.
It is a convenience function , i don't think it's malicious.

ghans
• Don't like the board ? Missing features ? Change to the prosilver theme ! You can find it in your settings.
• Don't like to search the forum BEFORE posting 'cos it's useless ? Try googling : yoursearchtermshere site:raspberrypi.org

Return to “Troubleshooting”