Foreign address 50.56.84.181 (Mystery resolved)

Antivirus, forensics, intrusion detection, cryptography, etc.
Message
Author
fucimin
Posts: 4
Joined: Mon 18 Apr 2011, 11:28

Foreign address 50.56.84.181 (Mystery resolved)

#1 Post by fucimin »

Hope this is the right place.
Hi all, I'm a new happy puppy linux user.
Do you know why puppy always connects to 50.56.84.181? All browsers are closed and this happens when puppy finds out the internet link.
I'm using 5.2.5 puppy version.

Thanks in advance!
Carlo
Attachments
screenshot.jpg
(29.42 KiB) Downloaded 4388 times

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#2 Post by Flash »

That translates to http://majorhayden.com/. What gives?

fucimin
Posts: 4
Joined: Mon 18 Apr 2011, 11:28

#3 Post by fucimin »

Flash wrote:That translates to http://majorhayden.com/. What gives?
Yes, I've found out the same thing. But why this connection? There aren't browsers opened and the connection starts when just puppy is on. I never gone to that link before and my puppy is a fresh install.

Thanks again!
Carlo

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#4 Post by Bernie_by_the_Sea »

Curious.

Major Hayden is an expert on Linux and by that I mean he gets paid for advising on Linux and for teaching Linux by such proprietary Linux developers as Red Hat.

This isn't malware or harmful by how in the world did it get in a new install of Puppy? Is someone counting how many people install Puppy?

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#5 Post by rcrsn51 »

Some Puppy versions ping a known Internet site to confirm that a live network has been established. That seems like an odd choice.

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#6 Post by James C »

There was a similar thread to this here
http://www.murga-linux.com/puppy/viewto ... 567#446990

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#7 Post by nooby »

No demands at all but is there not even more such threads. Some time ago fail to remember when I did a search and this is a repeating pattern.

Me, Myself and I also felt alarmed by this behavior. Okay not all Newbies react like me but enough many write to the forum. Think of all the people that never writes to forums.

so my kind and humble advice would be to place an explanation that every user see on the welcome screen when they boot up the first time.

Is that unrealistic to wish :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#8 Post by Flash »

Could it be a way for him to get a lot of hits to his website and therefore rank it higher in a Google search? In any case it begs the question: how did this get in Puppy? Is is an example of a rootkit in action?

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#9 Post by nooby »

As you know I have a bad memory but AFAIK the programmers need a reliable server that they know have 100% uptime and then they use that one and ping it to get if the LAN or WAN are working.

Some of the devs used Google server but that got much criticism too so maybe they switch to him as a Linux guy?

Part vague memory and part wild guess.

The purpose is to fast find out if it works.
I use Google Search on Puppy Forum
not an ideal solution though

scsijon
Posts: 1596
Joined: Thu 24 May 2007, 03:59
Location: the australian mallee
Contact:

#10 Post by scsijon »

it's a google session start address,

but i've been unable to track within puppy from where it is being started, could those with a bit more networking knowledge please help.

and I have only the network up, no browsers or other external use packages, nothing shows in logs either!

Alternately sugest where / how to deny it!

thanks
scsijon

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#11 Post by 01micko »

see /usr/sbin/ipinfo

This has been discussed many times. If you don't like it remove it.
Puppy Linux Blog - contact me for access

scsijon
Posts: 1596
Joined: Thu 24 May 2007, 03:59
Location: the australian mallee
Contact:

#12 Post by scsijon »

mick,

all I wanted to do is be able to find where the link was coming from and if needed set it for somewhere else, ie control the call, especially with google being somewhat on the 'nose'.

thanks for the reply, I wondered why a find didn't find it.

scsijon

fucimin
Posts: 4
Joined: Mon 18 Apr 2011, 11:28

#13 Post by fucimin »

Hi all, to drop that connection to the link 50.56.84.181, I run the command:
iptables -A OUTPUT -d 50.56.84.181 -j DROP

If I check with iptables -L, then I find the destination argon.mhtx.net blocked:

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
DROP all -- anywhere argon.mhtx.net

Unfortunately command iptables-save seems not to save the rule, and when I restart puppy I have to enter the first command again :-(

When that connection drops, I noticed that if do the ipinfo, then in Interfaces tab there is External IP number no more but internet still runs.

I hope this could help some more skilled than me.
Regards
Carlo

2byte
Posts: 353
Joined: Mon 09 Oct 2006, 18:10

#14 Post by 2byte »

The fix for this was reported here last October. http://murga-linux.com/puppy/viewtopic. ... 824#455824

A simple fix, never implemented in Puppy.


CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#15 Post by CLAM01 »

To answer the question asked in this thread, "Who is Major Hayden? ", here is a recent quote by now General Hayden:

[““As an intelligence professional, I stand back in absolute awe and wonderment at the Chinese espionage effort against the United States of America,

Eldon
Posts: 110
Joined: Thu 09 Sep 2010, 19:29
Contact:

#16 Post by Eldon »

[quote="CLAM01"]To answer the question asked in this thread, "Who is Major Hayden? ", here is a recent quote by now General Hayden:

[““As an intelligence professional, I stand back in absolute awe and wonderment at the Chinese espionage effort against the United States of America,

User avatar
rackerhacker
Posts: 7
Joined: Sat 04 Aug 2012, 20:21
Contact:

#17 Post by rackerhacker »

I'm Major Hayden and I operate icanhazip.com. The purpose of the site is to allow people to find their external IPv4/IPv6 address with zero advertisements, cookies, or tracking of any kind. I work for a pretty large hosting company and I'm able to provide the service to people free of charge.

It sounds like Puppy Linux has been updated to query my site to figure out the external IP address of machines running Puppy Linux. I didn't make that change and I didn't have any input on the change.

With that said, I have absolutely no issues with Puppy Linux using my site and I welcome any other questions or comments you have about icanhazip.com.

As an aside, you should know that:
  • neither of my parents have Hayden as their last name
  • I have zero affiliations with any government agencies (I work for a large hosting provider)
  • I welcome any comments or questions that you have
You can find me on freenode as 'rackerhacker' if you want to get in touch.

Eldon
Posts: 110
Joined: Thu 09 Sep 2010, 19:29
Contact:

#18 Post by Eldon »

Haha!

Seeing as you've only joined today and made 3 posts on the forum, I can't help but wonder how you got here.
Were your ears burning?

Or did your CIA pals tip you off that your cover was blown? :lol: :P

User avatar
rackerhacker
Posts: 7
Joined: Sat 04 Aug 2012, 20:21
Contact:

#19 Post by rackerhacker »

Eldon wrote:Haha!

Seeing as you've only joined today and made 3 posts on the forum, I can't help but wonder how you got here.
Were your ears burning?

Or did your CIA pals tip you off that your cover was blown? :lol: :P
Google Alerts.

If you care about your own personal security and the credibility of your reputation, you really ought to set up Google Alerts for your full name and any forum/IRC/IM handles that you regularly use. It helps you find forum threads like these which exist to drag your name through the mud.

User avatar
Terryphi
Posts: 761
Joined: Wed 02 Jul 2008, 09:32
Location: West Wales, Britain.

#20 Post by Terryphi »

Thanks for dropping in rackerhacker to put the record straight and your more detailed reply at http://rackerhacker.com/2012/08/04/priv ... hazip-com/ . Be assured that the Puppy community is not made up entirely of paranoid conspiracy theorists.

Your link to the Onion should keep them happy for a while :

http://www.theonion.com/video/cias-face ... cos,19753/
[b]Classic Opera 12.16 browser SFS package[/b] for Precise, Slacko, Racy, Wary, Lucid, etc available[url=http://terryphillips.org.uk/operasfs.htm]here[/url] :)

Post Reply