[systemd-devel] Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt

Anthony_Fuller at trendmicro.com Anthony_Fuller at trendmicro.com
Fri Feb 23 19:36:43 UTC 2024 

I tried this on a fresh installation of Fedora Workstation 39. I installed wireshark and set the filter to `tcp.port == 5355` then ran the python script again with an ip of `123.123.123.123` and I see an outbound connection attempt to IP 123.123.123.123 on port 5355.

Hope that helps,
Anthony

From: Anthony Fuller (TR-NA) <Anthony_Fuller at trendmicro.com>
Date: Friday, February 23, 2024 at 10:22 AM
To: Cristian Rodríguez <crrodriguez at opensuse.org>
Cc: systemd-devel at lists.freedesktop.org <systemd-devel at lists.freedesktop.org>
Subject: Re: [systemd-devel] Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
Hi Cristian,

Below is my complete /etc/nsswitch.conf file.

Have you tried any other IP addresses by chance? I noticed that some IPs do not exhibit this behavior such as 1.1.1.1 and 8.8.8.8.

I’m also willing to see if this behavior exists outside Debian, maybe it’s a default Debian configuration causing this.

Thanks,
Anthony

```
user at debian12:~$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd
group:          files systemd
shadow:         files systemd
gshadow:        files systemd

hosts:          files mdns4_minimal [NOTFOUND=return] dns myhostname
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
```

From: Cristian Rodríguez <crrodriguez at opensuse.org>
Date: Friday, February 23, 2024 at 10:07 AM
To: Anthony Fuller (TR-NA) <Anthony_Fuller at trendmicro.com>
Cc: systemd-devel at lists.freedesktop.org <systemd-devel at lists.freedesktop.org>
Subject: Re: [systemd-devel] Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt

This message was sent from outside of Trend Micro. Please do not click links or open attachments unless you recognise the source of this email and know the content is safe.


On Thu, Feb 22, 2024 at 8:13 PM Anthony_Fuller at trendmicro.com
<Anthony_Fuller at trendmicro.com> wrote:


I tried again now with packet capture software and no such behaviour
was found. ..what you have in the hosts line of nsswitch.conf ?

TREND MICRO EMAIL NOTICE

The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.

For details about what personal information we collect and why, please see our Privacy Notice on our website at: Read privacy policy<http://www.trendmicro.com/privacy>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20240223/af2e083f/attachment.htm>

More information about the systemd-devel mailing list