Cloudfront Little Snitch
Bizarre download servers. Little Snitch in particular, may report these connections. 1Password is connecting to CloudFront for the software updates (also for rich icons, news, and help files), and although LittleSnitch may report cdn.quilt.janrain.com, it's just a domain that is associated with CloudFront. There have been several. Feb 26, 2016 Little Snitch Settings to Block OSX Player Ads (self.slingbox). Go into 'Temporary Rules' in Little Snitch; Block the doubleclick.net and cloudfront.net domains by double clicking, removing the subdomain and switching the dropdown to 'domain'.
Little Snitch is one of my favorite apps in the world, and it's one of the very first things I install on any new Mac.For those unfamiliar, it monitors and restricts outbound connections that your applications are trying to make. For example, you might be working away and suddenly get a popup saying:
Cloudfront Little Snitch 2
/android-app-like-little-snitch.html. 'Chrome is making an outbound TCP connection to adserver.trackallusers.com, port 9876. Do you want to:
- Allow or Deny the connection..
- To all hosts in the domain trackallusers.com, that specific hostname, or that specific IP address, or all hosts everywhere..
- On this port or any port..
- Protocol TCP..
Cloudfront Little Snitch Lyrics
- Once, or for the next 15 minutes / 1 hour / 2 hours / until I reboot / forever'
..and it will postpone making that connection until you answer. You can set defaults for that popup according to your own preferences, for instance to block by domain name instead of hostname so that 'server432.example.com' and 'server592.example.com' don't have to be managed separately.
When you first run Little Snitch, it's a bit overwhelming. Safari and Chrome want to talk to all kinds of things on TCP/80 and 443, so you pretty quickly say they're allowed to make any 80 or 443 connection they want without further pestering you. Soon you have a good coverage of your apps' normal behaviors, and that's where it really shines. For instance, suppose your text editor commonly talks to 'updateserver.example.com' to check for app updates. But this morning, it's suddenly trying to chat with 'exfiltrator.badhost.ru'. Uhh, maybe you want to block that and see what's going on.
And my earlier Chrome example isn't an exaggeration. It's surprising how many websites want to connect to ad or tracking servers on nonstandard ports. I actually appreciate that a lot because those connections stick out like sore thumbs and I can permanently deny them.
Sorry if this reads like an ad pitch for Little Snitch. Traktor pro 2 timecode vinyl setup. I'm not associated with them, but I'm a very, very happy customer. I'm very happy to see something like it becoming available for my friends using Linux is awesome.