Posted by davester
on June 12, 2008 at 2:15 AM PDT
Hello Sun Java installer buildmeisters,
I just tried installing Java 1.6.0_10 b25 offline install distro, and ZoneAlarm alerted about some connection attempts that the installer was trying to make. I supposed that this being the offline installer, these connection attempts were perhaps malicious or sneaky, so I blocked them. The installation was able to complete without problems. Perhaps it's someone's debug code that was left on in the distro, but I wanted to call your attention to it.
Before any dialogs came up, the installer was attempting to connect to two different IP addresses that I did not recognize. One was a DNS call, and that might not be a big deal or might be expected. The other was an HTTP call, and that one looked suspicious.
Here are the addresses that Zoney caught your installer trying to hit:
18.104.22.168 : DNS
22.214.171.124 : HTTP
I think those addresses are hard coded into the installer, at least the HTTP one is, because I ran the installer many times and kept seeing it hit that same IP address.
I took the liberty of running some traceroutes on those addresses, neither address resolved to any name, but the traceroutes went far enough for me to raise an eyebrow or three.
Tracing route to 126.96.36.199 over a maximum of 30 hops
4 17 ms 17 ms 15 ms 220.ge-0-1-0.cr2.sea1.speakeasy.net [188.8.131.52]
5 16 ms 15 ms 15 ms six.sea01.google.com [184.108.40.206]
6 16 ms 17 ms 17 ms 220.127.116.11
7 33 ms 22 ms 21 ms 18.104.22.168
8 178 ms 35 ms 88 ms 22.214.171.124
9 52 ms 50 ms 51 ms 126.96.36.199
10 50 ms 51 ms 51 ms 188.8.131.52
11 51 ms 49 ms 51 ms 184.108.40.206
Tracing route to 220.127.116.11 over a maximum of 30 hops
6 27 ms 17 ms 18 ms ae-32-54.ebr2.Seattle1.Level3.net [18.104.22.168]
7 20 ms 18 ms 17 ms ae-1-100.ebr1.Seattle1.Level3.net [22.214.171.124]
8 33 ms 33 ms 33 ms ae-1-5.bar1.SanFrancisco1.Level3.net [126.96.36.199]
9 34 ms 33 ms 33 ms ae-0-11.bar2.SanFrancisco1.Level3.net [188.8.131.52]
10 33 ms 33 ms 33 ms ae-4-4.car2.SanFrancisco1.Level3.net [184.108.40.206]
11 35 ms 35 ms 35 ms INTERNAP-NE.car2.SanFrancisco1.Level3.net [220.127.116.11]
12 35 ms 35 ms 35 ms border2.te8-1-bbnet2.sfo002.pnap.net [18.104.22.168]
13 * * * Request timed out.
14 * * * Request timed out.
Ok, so, hits to someplace in Google and maybe someone's home/office PC in San Francisco? Seems very very fishy. Uncool! I declare possible shenanigans, even for a beta test since this is Java and not Corel Draw or something made by Microsoft! ;)
Sun, please tell us there's nothing to see here and tell us what these connections are for.