Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Firefox is hitting my firewall on port 80. What is trying to access the gateway/firewall?

  • 10 个回答
  • 4 人有此问题
  • 29 次查看
  • 最后回复者为 nutx

more options

Linux firewall. When I start firefox, I get loc2fw reject logs on port 80. Is this normal behavior? Normally this would be associated with a virus attempting to access a standard router. After a clean system install I still get these hits on my firewall. I did use mozbackup to copy some setting over from another machine.

Linux firewall. When I start firefox, I get loc2fw reject logs on port 80. Is this normal behavior? Normally this would be associated with a virus attempting to access a standard router. After a clean system install I still get these hits on my firewall. I did use mozbackup to copy some setting over from another machine.

被采纳的解决方案

Final note: This MozillaZine Post indicates that noscript uses secure.informaction.com to determine the WAN IP address, and that behavior can be disabled.

定位到答案原位置 👍 0

所有回复 (10)

more options

port 80 is just the standrad http port - so i suppose this is to be expected whenever you browse the web

more options

Not unless the browser is attempting to access my IP address on port 80, or attempting to access the router itself. All other http traffic is directed to the internet, and has no affect on the router itself. This only occurs on starting Firefox, or periodically if firefox is running. So it is not expected. There are trojans that attempt to access a routers web page configuration.

more options
more options

Your firewall is dropping a SYN packet or is forbidding an HTTP request? If you refuse to make a connection at all, you might never gather enough information to identify the intent of the communication.

more options

Thanks for the link. I have been trying to disable various things, but the issue does not happen regularly, so it will take some time. I will continue testing. Thanks for the link. I'm now monitoring with wireshark. Clearly the browser is sending a connection request to my internet IP address on port 80 and the firewall is rejecting it. Interesting that it is sending to the external IP and not the Gateway/router IP.

more options

Thanks for the suggestion of dropped SYN requests, which prompted me to setup a wireshark monitoring. It is definitely not a dropped SYN packet, rather the browser is sending a connection request to my external IP address on port 80 and the firewall is rejecting it with RST, ACK.

The first time it occurs is after a connection to secure.informaction.com. At the end of that conversation I receive "Encrypted Alert" sent to my browser (certificate problem?), followed by a disconnect from secure.informaction.com, then Firefox attempts to access my external IP on port 80 several times. Why my external IP? I'm not sure what Firefox is attempting to do.

more options

I have NoScript running. Disabling NoScript eliminates the problem. Seems it is accessing secure.informaction.com and having a problem. Still not exactly sure what is happening.

more options

I think the first packet in a TCP connection request is a SYN packet, so if you're sending RST immediately after getting that packet, you will never get to log the HTTP request that would be sent after the connection is set up, which would be useful to get. Perhaps a browser proxy such as Fiddler would allow you to capture that?

I associate the Informaction name with the author of the NoScript and FlashGot extensions. If you disable those extensions and restart Firefox, do you get the same connection attempt?

Edit: Our posts crossed, so you can ignore the second paragraph.

由jscher2000 - Support Volunteer于修改

more options

选择的解决方案

Final note: This MozillaZine Post indicates that noscript uses secure.informaction.com to determine the WAN IP address, and that behavior can be disabled.

more options

Thanks for your respones, and yes, the SYN packet is a request to connect, and the RST/ACK (reject) is the correct response from my router to a connect request (loc2fw) on port 80.

I initially investigated this problem because there might be some malicious software that attempts to access the config page on the router and redirect traffic. I'm assuming that the ABE feature of NoScript is checking the boundary?