Problem with Port 443 malware or ????
Hi!
I have a software that block unwanted apps or sites to intrude my system.
Why does this show from 1Password ?
The blocker is called Radio Silence.
I am a bit concern. It's on port 443
Thanks
John
2 attemp block on:
20.185.73.23
52.232.216.86
40 attemp block on:
ec2-3-211-176-125.compute-1.amazonaws.com
20.185.73.23
server-13-226-129-81.yto50.r.cloudfront.net
ec2-54-88-81-102.compute-1.amazonaws.com
ec2-3-225-33-102.compute-1.amazonaws.com
server-13-225-198-51.yul62.r.cloudfront.net
52.232.216.86
ec2-54-88-81-102.compute-1.amazonaws.com
vip1.g-anycast1.cachefly.net
server-13-225-198-25.yul62.r.cloudfront.net
server-13-225-198-76.yul62.r.cloudfront.net
server-13-225-198-25.yul62.r.cloudfront.net
server-13-225-198-25.yul62.r.cloudfront.net
server-13-249-46-120.iad89.r.cloudfront.net
server-13-225-198-3.yul62.r.cloudfront.net
server-13-225-198-3.yul62.r.cloudfront.net
server-13-225-198-3.yul62.r.cloudfront.net
vip1.g-anycast1.cachefly.net
server-13-225-198-56.yul62.r.cloudfront.net
server-13-225-198-56.yul62.r.cloudfront.net
server-13-225-198-56.yul62.r.cloudfront.net
server-13-225-198-74.yul62.r.cloudfront.net
server-13-225-198-9.yul62.r.cloudfront.net
server-13-225-198-76.yul62.r.cloudfront.net
server-13-225-198-9.yul62.r.cloudfront.net
server-13-225-198-9.yul62.r.cloudfront.net
vip1.g-anycast1.cachefly.net
server-13-225-198-23.yul62.r.cloudfront.net
server-52-85-80-80.atl56.r.cloudfront.net
server-52-85-80-80.atl56.r.cloudfront.net
server-52-85-80-80.atl56.r.cloudfront.net
vip1.g-anycast1.cachefly.net
vip1.g-anycast1.cachefly.net
vip1.g-anycast1.cachefly.net
vip1.g-anycast1.cachefly.net
vip1.g-anycast1.cachefly.net
server-99-84-191-65.iad89.r.cloudfront.net
server-99-84-191-65.iad89.r.cloudfront.net
server-99-84-191-65.iad89.r.cloudfront.net
server-13-249-46-27.iad89.r.cloudfront.net
1Password Version: 7
Extension Version: 4,3
OS Version: mac os 10.14.6
Sync Type: icloud
Comments
-
Hi @JohnDoe1983
These are the domains we use through port 443, that you would need to white list.
https://support.1password.com/ports-domains/You may also be interested in this blog post where we talk about some of server infrastructure, among other things. It will give a small glimpse behind some of the curtain.
https://blog.1password.com/better-faster-stronger-our-new-blog-and-how-we-made-it/
You may also like this one which is closely related. * Probably closer to the question your asking too. ;)
https://blog.1password.com/terraforming-1password/If Radio Silence, is in active development? You may consider asking them to reach out to our developers.
We have add descriptions for each outgoing connection type to a InternetAccessPolicyFile embedded in the appThis would allow you to get a description of the connection attempt in plain languageedit: typo and add additional link
0 -
To add to what Tommy said above: It appears Radio Silence is looking at the hosts apps are trying to connect to, and then doing a reverse DNS lookup on those hosts. It is then showing you the result of that reverse lookup, which doesn't necessarily match what apps are actually trying to connect to. Other tools that do this sort of outbound connection monitoring show the forward DNS name that apps are trying to connect to, instead of the reverse, which is more likely to make sense to you.
You can see what I mean yourself by running these commands in Terminal:
nslookup my.1password.com3.208.193.188
(this is one of the results)
Then:
nslookup 3.208.193.188ec2-188-193-208-3.compute-1.amazonaws.com
You'll see this with all sorts of DNS records, not just 1Password's. Do the same experiment with
google.com.  I guarantee that whatever IP addressgoogle.comresolves to, when you do a reverse lookup on it, isn't going to returngoogle.com. It is going to return something likelga34s18-in-f14.1e100.net.This is totally normal and not any indication of a problem, though I would suggest that Radio Silence showing the forward lookups would be more useful to you than showing the reverse lookups. I hope that helps!
Ben
P.S. Additional information about the suggested way to do this can be found here:
https://www.obdev.at/iap/index.html0 -
I am waiting for an answer from a tech at 1 Password, will keep the follow up here upon receiving it.
They installed Radio Silence and saw the same thing as I did.
Thanks
John0 -
0
-
Hi Ben.
Thanks for the info. I am more confident now.
Will tell my friends who were asking me about that situation.
Cheers
John0 -
Excellent. Thanks for the update. :+1: If there is anything else we can do, please don't hesitate to contact us.
Ben
0 -
Hi
What I like about your software is that anytime I have a question, I get an answer.
You should teach some company how to deal with customer service.
Thanks again. Very appreciated.John.
0 -
:+1: :)
Ben
0
