Hidden communication to IP

Hello,
can anybody explain me why Jami is trying to estabilish hidden communication with IP 103.77.37.137 registered in India?
Basic data from security program:

Category: Trojan
Domena:
IP Address: 103.77.37.137
Port: 6831
Typ: Outgoing
File: C:\Program Files\Savoir-Faire Linux\Jami\Jami.exe

Such activity seems to be strange.

Brgds
Strategos

Hello,

If you check the “What ports does Jami use?” entry in the FAQ, you’ll notice that the above port (6831) falls in the 4000-8888 range used for the DHT (the OpenDHT network), used in Jami for distributed, peer-to-peer communication.

I think what’s likely happened is: someone is running a DHT node on a server at that IP address, which would explain why Jami tried to connect to it. Perhaps at some point in the past, someone else had (ab)used that IP address for malware, etc., which may be why that IP address has a bad reputation in your ‘security program’. IP reputation can be fragile/tricky, and once an IP goes on these ‘blacklists’ it may have a bad reputation for a long / indefinite amount of time even if it’s used for abuse again by future users of that IP.

Hope this helps.

Hello,
thx for ypur kind letter and explanations.
Well maybe you are right but … the problem is that this hidden communication had been registerded when Jami’s idle ( just started) - no active connection to anybody.No earlier calls to anybody in India. As for me such behavior of soft is strange/unwanted.
At the moment this IP number is blocked on the firewall. I’m going to check Jami’s activity ( when idle) with Wireshark or EtherApe in my spare time.

Brgds
Strategos

Hello,

You’re very welcome. :slight_smile:

I see your point, but again, that’s considered normal behaviour as far as Jami goes. Similar to how other messaging applications, that are most often centralized, make requests to their central servers when the user launches the application and/or leaves it running idle, when Jami starts it joins the OpenDHT distributed network of peers for establishing presence on the network, so that your account could receive messages, notifications, etc.

If you so wish, you should be able to block that particular IP address for yourself and Jami should still continue to work just fine, so long as it can reach other nodes in the OpenDHT network.

To learn more about the architecture of Jami and how it works, you can read the various blog posts on jami.net and/or wiki pages, such as the following: