AlexSmithMCP

Well-Known Member
May 26, 2004
66
0
156
cPanel Access Level
Root Administrator
Hi all, im seeing this in my /var/log/messages (have it on tail -n 30 -f lol) heres what it is

Code:
Jun 23 15:10:40 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53073
Jun 23 15:10:40 trinity stunnel[11002]: Connection closed: 4500 bytes sent to SSL, 330 bytes sent to socket
Jun 23 15:10:41 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53093
Jun 23 15:10:41 trinity stunnel[11002]: Connection closed: 4559 bytes sent to SSL, 357 bytes sent to socket
Jun 23 15:10:44 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53165
Jun 23 15:10:44 trinity stunnel[11002]: Connection closed: 4519 bytes sent to SSL, 336 bytes sent to socket
Jun 23 15:10:44 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53177
Jun 23 15:10:44 trinity stunnel[11002]: Connection closed: 4500 bytes sent to SSL, 200 bytes sent to socket
Jun 23 15:10:45 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53196
Jun 23 15:10:45 trinity stunnel[11002]: Connection closed: 4559 bytes sent to SSL, 227 bytes sent to socket
Now, I checked the owner of that IP one whois.sc

Code:
Record Type: 	IP Address
IP Location: 	United States United States - Maryland - Frederick - Defense Mapping Agency
Reverse IP: 	No websites hosted using this IP address
Reverse DNS: 	relay2.nga.mil

OrgName:    Defense Mapping Agency
OrgID:      DMA-1
Address:    Defense Mapping Agency
Address:    Acquisition and Technology Group
Address:    Mail Stop D-79
Address:    4600 Sangamore Road
City:       Bethesda
StateProv:  MD
PostalCode: 20816-5003
Country:    US
Now does anyone have anyidea why cpanelhttps would be stunneling to that IP?

Any suggestions apprecated.

Warm Regards,

Alex
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
They're presumably connecting from that IP address to one of the stunnel'd ports:

netstat -lpn | grep stunnel

As to why? Data Mining, stick the IP address in your firewall.