Who's spying?

For discussions about security.
Message
Author
musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

Who's spying?

#1 Post by musher0 »

Hi,

I don't know what to think of the info lsof -i came up with. As you can see from the picture, I was not visiting any web site at that moment, but lsof told me I was connected to a number of sites.

Since I'm not all that familiar with security topics on Puppy, I'll be grateful for any light you can shed. Thanks in advance.

Regards.

musher0

~~~~~~~~~~~
Here's the lsof -i report in straight text format.
mer jun 26 02:06:16 EDT 2013
. ("~~~~~~~~" used to hide my address.)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 3917 root 6u IPv4 5137 0t0 UDP *:631
opera 18647 root 25u IPv4 268876 0t0 TCP ~~~~~~~~->wikipedia-lb.eqiad.wikimedia.org:443 (ESTABLISHED)
opera 18647 root 42u IPv4 274898 0t0 TCP ~~~~~~~~->ec2-107-21-1-80.compute-1.amazonaws.com:443 (ESTABLISHED)
opera 18647 root 46u IPv4 275587 0t0 TCP ~~~~~~~~->ds-usa-bln-2.itftd.com:www (ESTABLISHED)
opera 18647 root 49u IPv4 275153 0t0 TCP ~~~~~~~~>ds-usa-bln-1.itftd.com:www (ESTABLISHED)
opera 18647 root 50u IPv4 275470 0t0 TCP ~~~~~~~~>ds-usa-bln-2.itftd.com:www (ESTABLISHED)
opera 18647 root 54u IPv4 275523 0t0 TCP ~~~~~~~~->ie-in-f95.1e100.net:www (ESTABLISHED)
opera 18647 root 55u IPv4 275588 0t0 TCP ~~~~~~~~->ds-usa-bln-2.itftd.com:www (ESTABLISHED)
opera 18647 root 56u IPv4 275594 0t0 TCP ~~~~~~~~->ds-usa-bln-1.itftd.com:www (ESTABLISHED)
opera 18647 root 57u IPv4 275590 0t0 TCP ~~~~~~~~->ds-usa-bln-2.itftd.com:www (ESTABLISHED)
opera:lib 27671 root 54u IPv4 247468 0t0 UDP ~~~~~~~~->~~~~~~~~:domain
.
Attachments
25am-b&w.jpg
(b&w on purpose to save space on the forum)
(56.08 KiB) Downloaded 991 times
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#2 Post by Semme »

Hello Musher- Do you retain cookies? Are you an online (Nintendo) gamer? Do you run a blog?

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#3 Post by musher0 »

Semme wrote:Hello Musher- Do you retain cookies? Are you an online (Nintendo) gamer? Do you run a blog?
Hi, Semme.

Thanks for your reply.
Yes to the first question, no to the other two.

musher0
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#4 Post by Barkin »

musher0 wrote:... I was not visiting any web site at that moment, but lsof told me I was connected to a number of sites.
Established connections can persist for a minute or so after you have closed a browser window.

"ec2-107-21-1-80.compute-1.amazonaws.com:443" looks like the search-engine "DuckDuckgo"

"ie-in-f95.1e100.net" is Google

Some internet browsers communicate with Google even though you are not using Google-search, to check the site you're going to is legit, (not blacklisted).

see ...http://en.wikipedia.org/wiki/Google_Safe_Browsing

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#5 Post by 8-bit »

Another thing to think of is that you may have been part of the many that the NSA is spying/monitoring.
And if it was not for Edward Snowden bringing it to light, we may have not known.
The NSA also seems to be in a hurry to silence him as they are unsure of additional information he may have.

And you are not necessarily being spied on by the NSA.
They may have contracted others to do the spying.
Also, it is not just phone conversations, it could be looking at what you do on the net as to where you go and what you do.

But any spying on correspondence in whatever country without any form of warrant, is just plain wrong.

As a for instance, lets say that I was interested in the technology of the new printers that can make human body parts or firearms and investigate how to do it as well as download some free plans for making something with a printer.
Will this flag me as a possible "Enemy of the State" to be monitored as to where I go and what I do as well as tapping my phone calls and web activity?

In all of this, I am not singling out any country or nation.
Just imagine if I was considered a risk and was targeted for removal with a drone?

At what point do we say enough is enough?

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#6 Post by Semme »

As Barkin referenced.. lsof -i list anyone after your browser's been closed a minute or two?

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#7 Post by musher0 »

Hi, 8-bit.

Good to hear from you.

Yeah, I'm concerned too. And the way you bring the elements together (IT
and phone tapping, wrong interpretation of data, drone). They'll probably
say: "Oh, it was only an 8-bit!". (Sorry for the dark humor/pun.) :twisted:

But the point is, police generally are not known for the acceptance of
originals (including inventors and artists): anyone not fitting the
mold is suspect. Such tools in the hands of such people are extremely
dangerous for the freedom of thought.

It may be just a sling-shot to fight a machine-gun, but that's why I dusted
off lsof and put it back in service. About Mr. Snowden, in my book, the
man's a hero of the people. I wish we had his "cousin" here in Canada.

We have the "Communications Security Establishment", a dedicated IT-
spying government agency which was recently detached from our CSIS.
Very secret. CSIS and the RCMP are accountable to Parliement, but not
they (the CSE) ... Only to the PMO (Prime Minister's Office). Among other
capabilities, apparently then can drive by in a car in your street and
"capture" whatever you're doing on your computer through the electric
variations. (That's my understanding of it, I'm not a techie.) My
point is that we don't know how they can interpret a behavior that
seems most innocent to average people, that everybody may be doing
in his/her way.

Anyway, let's keep our heads up and use whatever tools democracy can
offer to control these guys.

Thanks also to Barkin for the precise info on the sites.

BFN.

musher0
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#8 Post by 8-bit »

As to the access of data during a drive-by, I seem to recall that Google did such a thing.
Goggle had to backstep to explain that.

And if Edward Snowden had a cousin in Ca., would he be safe from extradition to the US?
I do not know Canada's policy on that subject.

Caneri
Posts: 1513
Joined: Tue 04 Sep 2007, 13:23
Location: Canada

#9 Post by Caneri »

@8-bit,

Yup..our Prime Minister would sell out to the US gov in a heartbeat.....grrr

We have extradition to the US a a default policy...not good, as some Afgan soldiers/protesters/objectors had to be sent back to the US..without enough questions. It took a bit of news/media to put some light on it.

We have a dictator in Canada at the moment, so whatever "ALEC" wants they get.
[color=darkred][i]Be not afraid to grow slowly, only be afraid of standing still.[/i]
Chinese Proverb[/color]

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#10 Post by Barkin »

NSA-type monitoring would siphon-off the data from search-engines and email providers like Google and Yahoo, rather than directly from each home computer ... http://www.guardian.co.uk/world/2013/jun/07/nsa-prism-records-surveillance-questions

As any half-computer-literate villain is going to encrypt their communications, then NSA are wasting their time looking for terrorists in Google traffic: only the densest nutter is going to google "how do I make a bomb" ...
Attachments
Yahoo Answers re ''Alkida'' (Al-Qaeda).gif
(31.69 KiB) Downloaded 780 times

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#11 Post by musher0 »

@caneri:

Who's "ALEC"? A character in Canadian folklore? Should I know "him" or "it"? :) I'm joking, but I'm serious about knowing. Is it a new nickname for our PM?

@Barkin

Very funny picture. :lol: The category gives it away! :lol: (fish -> "fishy" !)
Sort of a "dumb and dumber" story, isn't?

BFN

musher0
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#12 Post by nooby »

musher0 thanks for the thread. You tell us your not a techie
but I am not even on your level of knowledge.

How does one use that Isof thing your talk about.
is that a puppy pet or what? Built in or one have to PPM?

Okay so now we know that some minutes after one have killed the cookies
they still are connected to us. So one need to do what?

Wait another two minutes and then use that magical program
that tells whom that are connected?

My new neighbor some three stories up in the building
stood outside my door one night with a laptop and headphone
and was kind of snooping after my or the other 5 living on first floor
to see if he could break into our Router so I should shut it down
but don't know how to. When I opened my door he ran super fast
up the stairs and did not wanted me to see his face I only saw his back.

They are three Gamers living together like student collective
due to high cost of getting ones own apartment they cost very much
so a lot of youngsters can not afford it so they hire second hand.

Tell me how you do that isof thing
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#13 Post by Semme »

Noobs >> fer YOU!

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#14 Post by nooby »

Thanks Semme so obviously I should open the terminal
and write lsof -i and it list
You can list all the network connections opened by using ‘-i’ option.

Cool thanks for the pet file
I am using Lupu 528-005 so hope it works with that one
will test it later today and report back here thanks
Last edited by nooby on Thu 27 Jun 2013, 12:34, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#15 Post by musher0 »

Thanks for the good reference, Semme.

@nooby and all others who might need a copy:
Here's a pet package of lsop, version 4.87. AFAIK, it's the
latest version. Please download from :
~~~~~~~~~~
EDIT :
New URL for download:
http://www66.zippyshare.com/v/79186025/file.html
(Valid for 30 days starting March 5, 2014.)
END OF EDIT
~~~~~~~~~~~~

Works well on wary 5.5 and WheezyPup 3.5.2.5.
~~~~~~~~~~~~
EDIT, March 04, 2014: and UpupRaring 3.992
~~~~~~~~~~~~
Not tested on other Puppies. Let us know? Thanks.

lsof is indeed quite a useful tool, even if you are not a system
administrator. I find it more flexible, simpler to handle and more
informative than "ps" when I need to know what process is doing
what or is using what resources, etc. And of course, it's a must for
detecting the open ports on your machine.

The lsof web site is at http://people.freebsd.org/~abe/. Contains
the manuals, too. If you wish to compile it for your own Puppy,
the source is at ftp://lsof.itap.purdue.edu/pub/tools/un ... of.tar.bz2.

@nooby again:
To use lsof to know what connections you have active, simply
go in a console and type:

Code: Select all

lsof -i
If you are not online, only the cups (or printer) connection should appear.

If you are online, you should have the cups connection AND one line
for each tab (or web site) that you have open in your browser. Also
the e-mail provider, if your e-mailer is open.

If the number of lines is larger than the number of browser tabs, plus
the cups connection, plus the e-mail connection (if your e-mailer is open),
redo the command like so:

Code: Select all

lsof -i > lsof_open_connections.txt 
(You can use another suitable name for the log file.)
You then have a little log with a list of web sites than you can investigate by yourself or with help (here?).

I hope this is clearer now.

Best regards,

musher0
Last edited by musher0 on Wed 05 Mar 2014, 21:40, edited 2 times in total.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#16 Post by nooby »

Seems to work well on lupu 528.005 it tells the name of
my ISP four instances but I have no idea what they tell.

Could mean my ISP wants to have 4 ports open?
Maybe one are to ping me to see if me still have computer running?
But all the others+ No indication that they go outside of ISP
no mention of any IP only teh coded name of my ISP

Even now when I have the browser looking here in thread
two tabs open to Murga forum it still only give this

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 6211 root 6u IPv4 5654 0t0 TCP localhost:631 (LISTEN)
cupsd 6211 root 8u IPv4 5657 0t0 UDP *:631

okay I test the original now and not the final code I get back
nope that gave same result. If I clich the network icon in tray it says

Murga-linux.com
208.109.22.214/‎

when I google so the icon gives more information
about such but I know the other program is for to see
if some program own things still after not being on net ?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
tallboy
Posts: 1760
Joined: Tue 21 Sep 2010, 21:56
Location: Drøbak, Norway

#17 Post by tallboy »

Hi musher0.
I have set up my Firefox to delete all history and all cookies when closing FF, see pic, and I have made it a habit to close the FF after browsing a site - like this one - where I log in, or after having made a lot of queries or browsed a lot of sites about a spesific topic.
I guess your browser activity level will decide if it is suitable for you.

I placed a question in a thread some time ago, whether Google was activated if you only write part of the name of a site you want to browse, and the answer was YES, if Google is set as your default search engine.

tallboy
Attachments
prefs.jpg
(39.82 KiB) Downloaded 348 times
True freedom is a live Puppy on a multisession CD/DVD.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#18 Post by musher0 »

@tallboy:
I use opera, and I do very much the same as you suggest above to keep my connections "clean".

@nooby:
Actually, nooby, that's exactly my initial question.

As you can see from the attached illustration, I have only one tab open in
opera (this thread on the Puppy forum), but I have 8 listings in lsof and as
many in htop.

You may think that I am very advanced, but I'm self-taught in computing,
probably like yourself, so there are many questions I do not have an
answer to. This is one of them.

So... Why 8 connections for 1 web site? What's going on here?

Maybe somebody knowledgeable in Internet connections could shed
some light on this? Thanks in advance.

Best regards.

musher0
Attachments
lsof-htop-opera_2013-06-28_23.jpg
From top to bottom: lsof listing, htop listing, opera showing this forum/this thread.
(84.06 KiB) Downloaded 356 times
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#19 Post by Barkin »

The items below, which are in some browsers, will connect to the internet even though you’ve just opened a browser window …

Live Bookmarks “RSS feed

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#20 Post by nooby »

Thanks Barkin what you write there most likely do explain
why so many connections are active. We need to find out
what one can do to get aware of when something bad is connected?

Take this things named "Key Loggers" that is really bad things.
They lay there on your computer and get activated as soon
as you start up and they record every key press and send these
on demand to the person that wants to be able to log in to your Bank?

Then we have those that intercept and redirect to faked sites.
such looks like the real site they have duplicated real sites
but have their own code on it so work as a in between
and can use your input for to move money from your bank
to their bank while you think you move your money to something
you buy or within your own bank.

Would be cool to have some pet or sfs that can warn about such activity
and stop it instantly obviosly.
I use Google Search on Puppy Forum
not an ideal solution though

Post Reply