What's new

What is sso.anbtr.com?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ColH

Occasional Visitor
Hi, Anybody know what the implication is of this:

Code:
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 -sso.anbtr.com:5473     -sso.anbtr.com:*        LISTEN      705/u2ec
tcp        0      0 -sso.anbtr.com:18017    -sso.anbtr.com:*        LISTEN      301/wanduck
tcp        0      0 -sso.anbtr.com:3394     -sso.anbtr.com:*        LISTEN      705/u2ec

Showing up when doing a Netstat on an AC88U
 
Use the following command instead. Or if you're doing it through a GUI choose the option to not resolve domain names.
Code:
netstat -lnp

I think you'll find that sso.anbtr.com is actually 0.0.0.0. As sso.anbtr.com is a known malware domain my guess is that your router's ad-blocking is doing this because it hasn't created a ptr-record for 0.0.0.0.
 
Morning,
Thank you both. It must be as 'EmeraldDeer' suggests, it's the first entry in the list, so it's the one that shows up in a NetStat command.
 
@thelonelycoder Just curious. I remember the discussion around 0.0.0.0 in the early versions of your ad-blocking script, for example here. From the OP here it sounds like you're not using a ptr-record for 0.0.0.0 any more. Can I ask why?
 
@thelonelycoder Just curious. I remember the discussion around 0.0.0.0 in the early versions of your ad-blocking script, for example here. From the OP here it sounds like you're not using a ptr-record for 0.0.0.0 any more. Can I ask why?
I still do, that is if pixelserv-tls is deactivated or not installed:
Code:
if [ "$psState" = "on" ] && [ "$(nvram get ipv6_service)" != "disabled" ]; then
    pc_append "address=/::/::" $CONFIG
    pc_append "ptr-record=0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa,::" $CONFIG

elif [ -z "$psState" ] || [ "$psState" = "off" ]; then

    if [ "$(nvram get ipv6_service)" = "disabled" ]; then
        pc_append "address=/0.0.0.0/0.0.0.0" $CONFIG
        pc_append "ptr-record=0.0.0.0.in-addr.arpa,0.0.0.0" $CONFIG
    else
        pc_append "address=/0.0.0.0/0.0.0.0" $CONFIG
        pc_append "ptr-record=0.0.0.0.in-addr.arpa,0.0.0.0" $CONFIG
        pc_append "address=/::/::" $CONFIG
        pc_append "ptr-record=0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa,::" $CONFIG
    fi
fi
 
Thanks for the info @thelonelycoder. I'm still using my own ad-blocking script based on the original discussions so I'm not using pixelserv-tls.

Showing my ignorance :D ..... why does pixelserv-tls require the IPv4 ptr-record to be removed?
 
Thanks for the info @thelonelycoder. I'm still using my own ad-blocking script based on the original discussions so I'm not using pixelserv-tls.

Showing my ignorance :D ..... why does pixelserv-tls require the IPv4 ptr-record to be removed?

What!?! I'm shocked! Not you, ColinTaylor? Come on in, the Diversion 'waters' are excellent! :D
 
I'm still using my own ad-blocking script based on the original discussions so I'm not using pixelserv-tls.
Would love a link to the original discussions to appreciate the genesis of this script. I assume it pre-dates the AB-Solution thread?
 
0.0.0.0 is replaced in the blocking files with the (default) pixelserv IP 192.168.1.2.
That's strange. Presumably the entries in the OP represent 0.0.0.0 (all interfaces) and not the pixelserv IP. So there must still be some entries in the hosts file that is using 0.0.0.0.

Would love a link to the original discussions to appreciate the genesis of this script. I assume it pre-dates the AB-Solution thread?
The earliest one I can remember is this one from 2014. I'm still using my own variant of the "Advanced method" shown there.

What!?! I'm shocked! Not you, ColinTaylor? Come on in, the Diversion 'waters' are excellent! :D
You can't beat the "original" and "classic" version. :D
 
That's strange. Presumably the entries in the OP represent 0.0.0.0 (all interfaces) and not the pixelserv IP. So there must still be some entries in the hosts file that is using 0.0.0.0.
You’re right, of course. Either @ColH is running Diversion Lite without Pixelserv-tls but the ptr records got buggered, or has another hosts-based solution in place.

I gave up router tinkering “for Lent” so I haven’t been running any scripts at all lately, just vanilla John’s Fork.
 
I gave up router tinkering “for Lent” so I haven’t been running any scripts at all lately, just vanilla John’s Fork.
:D That's very similar to my philosophy. I don't want to run or install anything on my router unless I really need it.

@L&LD asked why I wasn't running Diversion and I jokingly replied that I preferred the "classic" version. But in all seriousness I do prefer my simple ad-block script. It's only 22 lines and has no dependencies on anything like Entware. Obviously it's not as sophisticated as Diversion but for my purposes it's good enough. I see no reason to make things more complicated than necessary.
 
Last edited:
What!?! I'm shocked! Not you, ColinTaylor? Come on in, the Diversion 'waters' are excellent! :D
I would still use AdBlocking with combined hosts file on my router. But the user base started to grow and with it the support requests for PEBKAC and other setup errors.
The idea of an automated install script started to form in my head. AB-Solution and now Diversion was my answer to make ad-blocking better manageable and accessible to less experienced SSH terminal users.
 
Thanks for the info @thelonelycoder. I'm still using my own ad-blocking script based on the original discussions so I'm not using pixelserv-tls.

Showing my ignorance :D ..... why does pixelserv-tls require the IPv4 ptr-record to be removed?
Good question. I never added the pointer record for the pixelserv-tls IP. Might be a good addition for the next Diversion update.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top