Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Log file shows Firefox activity: is this normal?

  1. #1
    Join Date
    Mar 2010
    Beans
    8,759
    Distro
    Ubuntu Mate

    Log file shows Firefox activity: is this normal?

    I see these activities logged on a fairly regular basis in /var/log/auth.log and was wondering if this is normal activity?

    firefox: gethostby*.getanswer: asked for "ftp.cs.rose-hulman.edu IN A", got type "DNAME"

    The format is always the same, though sometimes the address is a regular Internet site.

    Any insights?

    Thanks in advance.

  2. #2
    Soul-Sing is offline Chocolate-Covered Ubuntu Beans
    Join Date
    Aug 2006
    Beans
    1,374
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Log file shows Firefox activity: is this normal?

    please install htop, or run top in the terminal and show the results here.
    could be an add-on phoning home for some reason?

  3. #3
    Join Date
    Mar 2010
    Beans
    8,759
    Distro
    Ubuntu Mate

    Re: Log file shows Firefox activity: is this normal?

    Here is the output from htop; not sure if there is anything there.
    Thanks.
    Last edited by Rubi1200; June 1st, 2011 at 02:09 PM.

  4. #4
    Join Date
    Mar 2010
    Beans
    8,759
    Distro
    Ubuntu Mate

    Re: Log file shows Firefox activity: is this normal?

    This kind of activity is also being logged:

    firefox: gethostby*.getanswer: asked for "www.unixtutorials.info.nyud.net IN A", got type "DNAME"

    There doesn't seem to be any pattern to these messages. Sometimes they will appear in /var/log/auth.log a couple of times in one day, sometimes not for a few days, and then, as above, a different address is shown but always with the format shown here.

    Additional information if it helps; no vnc, ssh, or remote desktop. Only cups as a listening service. Default Firefox installation with NoScript.
    That's it; happy to provide more info if needed.
    Thanks.

  5. #5
    Soul-Sing is offline Chocolate-Covered Ubuntu Beans
    Join Date
    Aug 2006
    Beans
    1,374
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Log file shows Firefox activity: is this normal?

    Do you have any connection with/to Rose-Human Institute of Technology? via putty or ftp?

  6. #6
    Join Date
    Mar 2010
    Beans
    8,759
    Distro
    Ubuntu Mate

    Re: Log file shows Firefox activity: is this normal?

    None whatsoever. The only thing I can think of is that it may have been a link for downloading an ISO image. But, the message keeps re-appearing in the log even though I downloaded the image 2 days ago.
    I have cleared the cache in Firefox, so I don't think that could be it.

  7. #7
    Join Date
    Mar 2010
    Beans
    8,759
    Distro
    Ubuntu Mate

    Re: Log file shows Firefox activity: is this normal?

    Update:

    I ran tail -F /var/log/auth.log and then went to a few of my regular sites. The message (firefox: gethostby*.getanswer: asked for "ftp.cs.rose-hulman.edu IN A", got type "DNAME") appeared in the log when I went to www.distrowatch.com

    This is a bit unusual?

  8. #8
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: Log file shows Firefox activity: is this normal?

    It looks like firefox is attempting to resolve those domains, but receives an incorrect response from your DNS server. Firefox can sometimes resolve domains which you haven't used.
    https://developer.mozilla.org/en/Con...NS_prefetching

    You can try changing DNS servers to see if the problem goes away.

    Google:
    8.8.8.8
    8.8.4.4

    OpenDNS:
    208.67.222.222
    208.67.220.220

  9. #9
    Join Date
    Mar 2010
    Beans
    8,759
    Distro
    Ubuntu Mate

    Re: Log file shows Firefox activity: is this normal?

    Ok, that makes sense.

    Can I assume this is not a serious security concern?

    Thanks!

  10. #10
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: Log file shows Firefox activity: is this normal?

    Quote Originally Posted by Rubi1200 View Post
    Can I assume this is not a serious security concern?
    Well I would be suspicious about any invalid DNS response. It may be the result of DNS spoofing or something. More likely, though, you're just using a poorly run DNS server.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •