TransWikia.com

Why is my system connected to an Amazon AWS server?

Ask Ubuntu Asked by sd_hito on February 5, 2021

From a fresh reboot I entered netstat -an | more in a terminal shell and located a foreign ip address 99.86.32.24 from netstat’s output connected to my system over port 443. I’ve opted out of sending diagnostic reports to cannonical telemetry servers,
yet I am connected to cannonical and amazon aws, why?

Here’s the output of the whois command with the amazon ip passed as a argument:

NetRange:       99.85.128.0 - 99.87.191.255
CIDR:           99.85.128.0/17, 99.87.128.0/18, 99.86.0.0/16, 99.87.0.0/17
NetName:        AMAZO-4
NetHandle:      NET-99-85-128-0-1
Parent:         NET99 (NET-99-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS16509
Organization:   Amazon.com, Inc. (AMAZO-4)
RegDate:        2018-01-10
Updated:        2018-01-11
Ref:            https://rdap.arin.net/registry/ip/99.85.128.0



OrgName:        Amazon.com, Inc.
OrgId:          AMAZO-4
Address:        Amazon Web Services, Inc.
Address:        P.O. Box 81226
City:           Seattle
StateProv:      WA
PostalCode:     98108-1226
Country:        US
RegDate:        2005-09-29
Updated:        2020-04-07
Comment:        For details of this service please see
Comment:        http://ec2.amazonaws.com
Ref:            https://rdap.arin.net/registry/entity/AMAZO-4


OrgTechHandle: ANO24-ARIN
OrgTechName:   Amazon EC2 Network Operations
OrgTechPhone:  +1-206-266-4064 
OrgTechEmail:  [email protected]
OrgTechRef:    https://rdap.arin.net/registry/entity/ANO24-ARIN

OrgNOCHandle: AANO1-ARIN
OrgNOCName:   Amazon AWS Network Operations
OrgNOCPhone:  +1-206-266-4064 
OrgNOCEmail:  [email protected]
OrgNOCRef:    https://rdap.arin.net/registry/entity/AANO1-ARIN

OrgRoutingHandle: ADR29-ARIN
OrgRoutingName:   AWS Dogfish Routing
OrgRoutingPhone:  +1-206-266-4064 
OrgRoutingEmail:  [email protected]
OrgRoutingRef:    https://rdap.arin.net/registry/entity/ADR29-ARIN

OrgAbuseHandle: AEA8-ARIN
OrgAbuseName:   Amazon EC2 Abuse
OrgAbusePhone:  +1-206-266-4064 
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    https://rdap.arin.net/registry/entity/AEA8-ARIN

OrgRoutingHandle: IPROU3-ARIN
OrgRoutingName:   IP Routing
OrgRoutingPhone:  +1-206-266-4064 
OrgRoutingEmail:  [email protected]
OrgRoutingRef:    https://rdap.arin.net/registry/entity/IPROU3-ARIN

My overall question here is why would ubuntu be connected to any other remote server if I have opted out from sending telemetry data? Is there a reason for this/these connections? Or should I be paranoid?

privacytelemetryuser data

2 Answers

Canonical hosts some content and update mirrors in AWS. That's likely all you're seeing here.

Answered by James on February 5, 2021

Since you asked, personally, I would be paranoid and block it with iptables and keep and eye out for its re-appearance. And of course be aware if it impacts any service necessary to operating your system. If so, please report it back here. These days, if you're not paranoid, you're crazy.

Use the hint in the notes above to determine what apps are involved to get started in your investigation.

In fact, I found this question while searching for "dogfish routing" because I have found questionable traffic coming from another netblock 54.64.0.0/13 AMAZON-2011L that contains the same string.

see also: Why Lubuntu 18.04 calls Amazon servers? (motd.ubuntu.com)

Answered by Hugh Buntu on February 5, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP