Uh, hm. Interesting. It’s not something we’ve deliberately built into restic, so I guess that either the connections are done automatically by the Windows environment, or the Go standard library does them in the background, e.g. for looking up the user name for a given user ID.
Almost certainly that is not restic opening those ports, if you are backing up to a local repository. (Especially port 135 – that is a low port, probably some Windows service is using that.)
I check the connections with Sysinternal ProcessExplorer on a system in an active directory environment.
@matt the fully connection looks like: TCP, 192.168.42.1:55928 --> Domain Controller 192.168.1.1:135 and TCP, 192.168.42.1:55929 --> Domain Controller 192.168.1.1:49158
and restic makes this connections exactly during backup is running. So the lower ports used on the domain controller and not on the local machine.
@cdhowie good to know, I found similar information, this makes sense because I use restic in an environment where an active directory is running. But why does the domain controller to know, that I will run an restic backup? If I run restic on many servers does this have any negative side effects?
@fd0 Do you have an idea how stop all remote connection in restic?
BTW: I found many http urls embedded to restic, may this part of the GO standard library or some libs but there many urls which are not related to any restic possible backup destination. Does anyone checked this?
Regarding my motivation of this questions: I entrust my data to restic and I want to make sure that the data does not somehow flow off or disappear due to a faulty operation on my side.
Restic is exact what I’m looking for since years for my Windows Backups. Good job.
Of course there are URLs in the binary, and of course destinations aren’t hard-coded (otherwise, destinations would not be configurable). Why don’t you provide some more information – like what are the URLs you found that you have questions about?
What makes you think that restic is telling the domain controller about anything? More likely, some information is being looked up in the domain, such as metadata about users who own files that are being backed up (though this is speculation on my part).
I do not see a problem, but I’m wondering what is going on. When I use restic in a wider area I wan’t to understand the IO traffic, which is initiated by restic. And I want to avoid an “ticket” from the security team, when restic is connecting the domain controller from every server or pc, when I run it automatically. That’s all.
The only indication of this is that it happens at the same time. You’ve provided no evidence this is actually the case, especially considering that there is some indication the machine and ports involved are used by the Windows operating system.
Hello @Odin, may you are right. I used the Sysinternals Process Explorer and under Properties and the tab “TCP/IP” these connections are listed. I believed in Process Explorer that he assigning connection to process right. But may in some circumstances this is not right, may restic and golang uses an Windows LIB which makes this connections.
Guys, the source is there for you to read – if you are concerned, just look at the source code. If you don’t know how to read it, but are so curious, then learn how. It is well worth your time!
Where is your repository is it on cifs shares that is authenticated by the windows user? Then this traffic that you see may make genuine sense. But still don’t be sure till u have diagnosted.
You can try by using rclone as a backend to your repro with restricted eg restricted - r rclone:myrepro
Try transfering some small dummy files to the repro with rclone and see if you see something similar with rclone.
No, I just trust restic (because I’m familiar with its code by having read some of it, even though I didn’t write it). If you are suspicious about what restic is doing and no one else is able to give you a good answer in the forums, then you can always look yourself and figure it out.
And even if I did say, “I’ve not seen anything in restic to support these claims” (which is true), that won’t be satisfying to the asker. If you want to know, I guess you just have to take the time and look yourself (this is basically asking for a free audit).