Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Install updates from the menu icon, LL 5.0
I played in the last few days with suricata ids/ips and today i come across something terrible if this thing happens on any LinuxLite and not only on my end. Updating from the menu icon "install updates" seems to trigger an alert from suricata rule 2013028 emerging threats. At first i thought is a false positive but then i saw each and every time i click that update icon from the menu it triggers that alert and it send some outbound connection toward google domain ip 142.250.178 and 216.x.x.x For example the alert looks like this: "[1:2013028:5] ET POLICY curl User-Agent Outbound [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.x.x:36200 ->" .To check further the problem i blocked with UFW outbound connections toward those ip ranges coresponding to google domains for port 80. The result was that when i clicked again on "install updates" i get the message your pc is not connected to the internet. Tried several times to be sure and same result. Tried to update via terminal and everything seems to work ok via terminal. I disabled firewall and clicked again now it works again of course triggering again that alert. Now the question is, is it ok to let google know when i make or not make updates? For me this is a huge privacy issue and hope that this happens only on my end so the question you guys have the same outcome when blocking google port 80? I use youtube a lot this days so my id can be easily asociated with my update schedule. Thank you in advance and hope i did not bored to death anyone with this one  :Smile
So at this time to solve the problem is to block with your firewall ip ranges for port 80 and make updates via terminal only. Updating from the menu icon or from system tray phones straight to and if it can't reach google than it will return "your computer is not connected to internet" wich is erroneous. Huge flaw for LInuxLite to have that spyware attached to update feature. Hope we will see an update or a switch altogether to other better solution, the current one looks ugly and it's flawaed  8)
PS: i would recommend disabling automatic start of that app, who knows what else can do, recording clipboard or capturing your keystrokes don't know but i would expect the worse from that package. I will remove the package till something better comes in place

Forum Jump:

Users browsing this thread: 1 Guest(s)