The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Weird stunnel connections

Discussion in 'General Discussion' started by AlexSmithMCP, Jun 23, 2005.

  1. AlexSmithMCP

    AlexSmithMCP Well-Known Member

    Joined:
    May 26, 2004
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi all, im seeing this in my /var/log/messages (have it on tail -n 30 -f lol) heres what it is

    Code:
    Jun 23 15:10:40 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53073
    Jun 23 15:10:40 trinity stunnel[11002]: Connection closed: 4500 bytes sent to SSL, 330 bytes sent to socket
    Jun 23 15:10:41 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53093
    Jun 23 15:10:41 trinity stunnel[11002]: Connection closed: 4559 bytes sent to SSL, 357 bytes sent to socket
    Jun 23 15:10:44 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53165
    Jun 23 15:10:44 trinity stunnel[11002]: Connection closed: 4519 bytes sent to SSL, 336 bytes sent to socket
    Jun 23 15:10:44 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53177
    Jun 23 15:10:44 trinity stunnel[11002]: Connection closed: 4500 bytes sent to SSL, 200 bytes sent to socket
    Jun 23 15:10:45 trinity stunnel[11002]: cpanelhttps connected from 164.214.4.52:53196
    Jun 23 15:10:45 trinity stunnel[11002]: Connection closed: 4559 bytes sent to SSL, 227 bytes sent to socket
    Now, I checked the owner of that IP one whois.sc

    Code:
    Record Type: 	IP Address
    IP Location: 	United States United States - Maryland - Frederick - Defense Mapping Agency
    Reverse IP: 	No websites hosted using this IP address
    Reverse DNS: 	relay2.nga.mil
    
    OrgName:    Defense Mapping Agency
    OrgID:      DMA-1
    Address:    Defense Mapping Agency
    Address:    Acquisition and Technology Group
    Address:    Mail Stop D-79
    Address:    4600 Sangamore Road
    City:       Bethesda
    StateProv:  MD
    PostalCode: 20816-5003
    Country:    US
    Now does anyone have anyidea why cpanelhttps would be stunneling to that IP?

    Any suggestions apprecated.

    Warm Regards,

    Alex
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    They're presumably connecting from that IP address to one of the stunnel'd ports:

    netstat -lpn | grep stunnel

    As to why? Data Mining, stick the IP address in your firewall.
     
Loading...

Share This Page