On 04.12.2015 23:31, Jonathan Roemer wrote:
* What malware prevention service would connect to the IP of a
!!mobile device??!! - none!
You are assuming that this whois lookup is reliable, which it very
frequently is not. IP space is bought and sold all the time, and whois
data may not be updated to reflect this.
A wrong entry in whois?
According to my knowledge there should not be any 'wrong' entries in
whois as every IP/domain is associated with a timespan and a real world
address which is tested to be valid by the domain registrar; f.i. the
whois data I provide for my own domain elstel.org was checked from time
to time; stating wrong data would lead to the withdrawal of my domain.
Can you show me any current and valid examples of wrong/outdated whois
entries *?
* What has Amazon Technologies Inc. to do with all of that? - nothing!
AWS
Wikipedia: In 2013 it became public knowledge that AWS (Amazon Web
Services) has received a big work order directly from the CIA. I do not
want to be overduely paranoid but this does not appear to be one of the
most trustworthy places in the net.
As mentioned by myself and others, Firefox, and possibly other
applications, may be making these connections as well. All of those
suggested tiles, favicons, OCSP responder servers, and other resources
have to be loaded from somewhere, and these are opt-out within Firefox,
not opt-in.
be it as it is; I can not examine every incident in detail; nonetheless
I know that from previous incidents that unnatural high and long CPU
load can point to intrusions.
* I will have to confess that it would be possible to state a wrong
address for the whois records without anyone obtaining knowledge about
that soon. Nonetheless such an incident would even more point to some
abnormal/ illegeal activity. Likely registrars do not have sufficient
rights or access to citizen data in order to verify each entry.
more important: IP and domains are regularely reassigned and
transferred but then so immediately is the whois data on completion of
such transfers; otherwise your resources are still 'in transfer' which
means that there is no way to access / get hold of them.
