cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Google IPs hitting firewall since Firefox 13?

ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Google IPs hitting firewall since Firefox 13?

‎13-06-2012 9:32 AM

Since Friday 8th June (the day after I installed Firefox 13), the logwatch summary email I get has had far more google IP addresses hitting my firewall, e.g.:
[tt]  From 173.194.34.62 - 3 packets to tcp(34912)
  From 173.194.34.64 - 6 packets to tcp(57329,57344)
  From 173.194.34.65 - 6 packets to tcp(34895,35045)
  From 173.194.34.67 - 6 packets to tcp(59206,59751)
  From 173.194.34.68 - 6 packets to tcp(50828,50987)
  From 173.194.34.69 - 3 packets to tcp(39270)
  From 173.194.34.71 - 9 packets to tcp(54351,54365,55228)
  From 173.194.34.72 - 4 packets to tcp(45547,46342)
  From 173.194.34.73 - 7 packets to tcp(34297,35004,36596)
  From 173.194.34.76 - 6 packets to tcp(35300,36332)
  From 173.194.34.78 - 3 packets to tcp(46923)
  From 173.194.34.79 - 21 packets to
tcp(33798,36095,36111,36683,36751,37434,37435)
  From 173.194.34.88 - 3 packets to tcp(35417)[/tt]
The exact message in the system log (Linux, Fedora 17) is like this:
[tt]Jun 13 09:07:03 obsidian kernel: IN=wlan0 OUT= MAC=00:22:fa:14:52:96:00:18:4d:3b:ba:08:08:00 SRC=173.194.66.104 DST=192.168.0.101 LEN=40 TOS=0x00 PREC=0x80 TTL=49 ID=21926 PROTO=TCP SPT=443 DPT=55419 WINDOW=0 RES=0x00 RST URGP=0[/tt]
It's not google attacking me, it's just something regarding Firefox 13 and the gmail website not quite working so nicely together anymore. I'll see it if goes away if I disable SPDY in Firefox - which would be somewhat ironic since SPDY was designed by google.
Message 1 of 5
(2,633 Views)
Reply
0 Thanks
4 REPLIES 4
MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: Google IPs hitting firewall since Firefox 13?

‎13-06-2012 3:29 PM

What is the rule that is being triggered? Unsolicited connections?
Message 2 of 5
(416 Views)
Reply
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Google IPs hitting firewall since Firefox 13?

‎13-06-2012 4:56 PM

There isn't really any specific rule, it just doesn't match any rule for incoming packets, so yes, "unsolicited connections" I suppose. They probably should be matched by the "related or established" rule like the vast majority of inbound requested data is.
I added the logging rule to the default rules. Usually there is a small amount logged from general web browsing, due to connections not being closed properly or servers being slow to respond etc., but not as much as all those google IPs recently.
Message 3 of 5
(416 Views)
Reply
0 Thanks
MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: Google IPs hitting firewall since Firefox 13?

‎13-06-2012 5:34 PM

Gotcha. It's an interesting situation because whilst you might expect the odd orphan packet to arrive the amount you are seeing there is way beyond such expected noise. Perhaps it is indeed SPDY falling over itself trying to speed things up. I've not actually tried it myself - have you observed any discernable difference with it on with those sites that support it?
Mathew
Message 4 of 5
(416 Views)
Reply
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Google IPs hitting firewall since Firefox 13?

‎13-06-2012 7:28 PM

Speedwise I haven't noticed any difference with SPDY on or off. But disabling SPDY has stopped the log messages so far (although I've not been in much today).
Message 5 of 5
(416 Views)
Reply
0 Thanks