Notices

Hello,

This is my first thread, so hopefully it's in the right place. My apologies in advance if it doesn't meet criteria for posting.

I'd like to preface this comment with "I'm by no means an expert in the Maemo platform" but while in my N900 tonight, I decided to look at some of the standard sys commands and see the various output, one of which was lsof.

When looking at the output of LSOF, I noticed something that let me perplexed and a little startled. Skyhost was showing some connections to residential IPs from my phone. I originally thought it could be someone I was connected to in my user list, but I don't know anyone in the cities that are listed. Enclosed is some of my output:

skyhost 1512 user 32u IPv4 7582 TCP 172.16.1.39:61639->adsl-99-140-255-188.dsl.chcgil.sbcglobal.net:4146 (ESTABLISHED)
skyhost 1512 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)
skyhost 1512 user 34u IPv4 9602 TCP 172.16.1.39:56348->adsl-99-139-124-85.dsl.emhril.sbcglobal.net:61988 (ESTABLISHED)

skyhost 1470 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)
skyhost 1501 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)
skyhost 1502 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)
skyhost 1504 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)
skyhost 1507 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)
skyhost 1508 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)
skyhost 1510 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)
skyhost 1511 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)
skyhost 1512 user 33u IPv4 9601 TCP 172.16.1.39:54667->adsl-99-141-65-59.dsl.chcgil.sbcglobal.net:64489 (ESTABLISHED)

skyhost 1451 user 32u IPv4 7391 TCP 172.16.1.39:56832->cpe-72-230-248-72.rochester.res.rr.com:17568 (ESTABLISHED)
skyhost 1451 user 33u IPv4 9445 TCP 172.16.1.39:63008->172.16.1.41:5370 (ESTABLISHED)

All of these sessions were from different boot sequences. At first I thought, maybe these are connections to SKYPE but I highly doubt Skype is using residential machines for their infrastructure.

Here are the Maxmind results:

http://www.maxmind.com/app/locate_ip?ips=72.230.148.55
http://www.maxmind.com/app/locate_ip?ips=99.54.68.11
http://www.maxmind.com/app/locate_ip?ips=99.140.255.188

It must be noted that I don't know anyone in Rochester or Des Moines (I do outside of Houston but can't get confirmation on their IP), nor have anyone on my list that I've communicated with who could be there.

I don't know enough about the Maemo 5 platform to do a proper forensics analysis and with all of the updates that happen, it's really hard to look at binaries and see if things are not right.

Anyone have any thoughts? Maybe this is a non-issue and I'm being super paranoid...

P.S. Each IP disappeared after boot and a new random one comes up everytime.

Someone told me they refused to use skype because it used every computer on line as a sort of relay station and in the process chewed up resources and bandwidth. I was not sure if that was true but now you have some evidence that suggests it might be.

Thanks for the info. I'm going to continue to investigate. I can confirm that running lsof and grepping for Skype on my OSX box, only pulls up one line that shows the service listening. Here is the details:

Skype 13357 userxxx 4u REG 14,2 13312 8749712 /Users/userxxx/Library/Caches/com.skype.skype/Cache.db

Can someone please get into their phone using Xterm, run 'lsof | grep skyhost*' and report the results? I don't know anyone else I can ask to do this, because I don't personally know of any other N900 owners.

Before I go through the trouble of reinstalling my phone, I would like to know if my N900 has been 0wn3d or not.

Thanks...

I have a similar set of network connections, but only when Skype is running. Try toggling your "Availability" settings.

One of the more interesting connections was to a Windows PC elsewhere in the house that is running Skype...

Thanks for the update Alan. I can see the reason for an internal Skype service to run (similar to Bonjuour) which would help discover other users within a LAN but for the N900 to communicate out to random residential IPs does not give me a very good feeling.

Maybe I'm just ignorant about the Skype protocol and how it works...I just don't know anyone who uses a residential DSL connection in Des Moines and why my N900 needs to connect to them.