2

I have looked around but couldn't find anyone else with this issue. On my console (standard asus i7 laptop) running Ubuntu 14.04 LTS - I noticed in tcptrack that there are a lot of connections being made to an ip address belonging to Amazon EC2 services. I don't have any connection to amazon at all, and these connections are all status SYN_SENT. IP examples: 50.17.195.149 and 54.243.128.120.

Is this a security offense of any kind, or is there a rational explanation?

Thanks in advance.

Check out the output from tcptrack immediately after opening chrome. enter image description here

Netstat Output: enter image description here

Improve this question
5
  • Use the netstatcommand that (given the correct arguments; check its manual page) will tell you which process is responsible for making the connection. Commented Mar 3, 2015 at 14:04
  • The target server in your screenshot looks like a shared web server for Dynahost; see for yourself : 50.17.195.149 - in any case this seems suspicious and you should definitely identify which process does this. Commented Mar 3, 2015 at 14:10
  • Netstat shows in this case that the process origin is Chrome itself.. (screen shot att.) I have no extensions active at all. (Apart from Google Docs) Now I am thinking this is an adware bug?? Commented Mar 3, 2015 at 16:33
  • What if you open Chrome but don't open any tabs ? Do the connections still appear ? If yes, it's an extension, if not it's just a website linking to a resource on that server, nothing to be afraid of. Commented Mar 3, 2015 at 16:53
  • Yes, I should have mentioned that in the question, sorry, it happens regardless of tabs, as soon as you open chrome. I have no extensions apart from Google Docs, which would unlikely be the cause. Commented Mar 3, 2015 at 18:30

1 Answer 1

Reset to default
2

I noticed this same phenomenon with my Ubuntu 14.04 machine today (all kinds of connections to EC2 instances such as ec2-52-22-249-100.compute-1.amazonaws.com from Chrome), and on my machine at least, Ghostery and the DuckDuckGo search engine integrated with the omnibar both seemed to call out to EC2. You mention you don't have any extensions installed, what about other search engines?

By disabling Ghostery and closing Chrome completely, waiting a few minutes for the TCP connections all to close, then starting up Chrome, the connections eventually stopped. The instant I checked the box to enable Ghostery, they started back up. For DDG, I noticed it made EC2 connections after performing a search through the omnibar.

Improve this answer
4
  • While it's clear that you meant to provide an answer, it ended up being more a comment than an answer. Such chatty answers are discouraged on stackexchange sites. I hope you won't take it personally if this answer gets downvoted or even deleted Commented Apr 12, 2016 at 4:20
  • I've edited the post to hopefully make it less chatty? I don't know what would be a definitive answer here because it could be due to several things on the asker's machine, but I'm trying to contribute some useful data points to rule out, and I don't have enough reputation to comment. Let me know if there's a better way for me to go about this. Commented Apr 12, 2016 at 4:51
  • Much better. Nice job Commented Apr 12, 2016 at 4:53
  • Somehow I never got notified about this answer being given. I have lost the context by now, but I am pretty sure this is the right answer. :-) Commented Dec 10, 2018 at 11:47

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.