Why is this strange IP address in Network connections?

[James C]

Nope....Ubuntu knows about it too.....

http://askubuntu.com/questions/145012/h ... e-terminal

icanhazip.com is my favorite.

curl icanhazip.com

[01micko]

A default full install of Slackware calls out to akamai - read more.
This is only when KDE is set to the default DE.

This does not affect any slacko puppy as KDE and it's libs are not used in the default install.

[gcmartin]

Again I'll directly ask those in objection. HOW is this exposing Puppy users to exploit? Is there any evidence that the many thousands of users of PUPs that this exposes exploitation to any of them?

I am truly curious whether there is real exposure??? If there is no known real exploitation, is there a creditable hypothesis that the presence method used in PUPs which can be turned into exposure???

I am really curious.

BTW, has anyone other than I noticed that the OP has abandoned this thread?

[greengeek]

Again I'll directly ask those in objection. HOW is this exposing Puppy users to exploit? Is there any evidence that the many thousands of users of PUPs that this exposes exploitation to any of them?

Ironically I think 01micko, mavrothal and others in favour of allowing the external IP check provided the best answer to this question by saying that making the connection (or 'request' - whatever you want to call it) to icanhazip was no more risky than using a browser.

So, please consider the situation of someone who does NOT WANT to use a browser (either for the current session only, or forever - doesn't matter...) - if they boot a recent puppy, believing they are only accessing only their local LAN, in fact they are incorrect. The puppy is guaranteed to try to go external and become active on the WAN.

I understand that different people evaluate this action as offering varied risk for exploit - some say zero risk, others say some potential risk.

So - in answer to your question about HOW it is exposing the user to exploit - it still seems to me that a puppy that stays on the LAN only is at less risk than a puppy that becomes active on the WAN. (I realise others may feel that they have already provided justification as to why my fear is ungrounded, and they can feel free to condemn my ignorance..)

I guess my question in return is this: If I boot my puppy with no intention of opening my browser am I at less risk, more risk, or equal risk to someone who boots puppy and DOES open a browser?

EDIT : What if I have 4 puppies on my LAN - 3 for the wife and kids to use for word processing and offline stuff, and my one that is used for internet access. Previously I thought the 'offline' PCs were 'offline' and only the 'internet' puppy went beyond the router. Today, I know differently and feel that those 'offline' PCs are at risk of exploit that I didn't previously expect.

But then - if it is the router that is requesting an external IP on behalf of EVERY PC on the LAN - maybe I was already exposed before ipinfo came on the scene...

[mavrothal]

But then - if it is the router that is requesting an external IP on behalf of EVERY PC on the LAN - maybe I was already exposed before ipinfo came on the scene...

As Mick said, if you do not want toleave footprints, do not walk.
Is funny that we discussing this when only 3 days ago a security firmed published that everything from routers to refrigerators! has been compromised in a thing-bot scheme.
What someone has to consider though is that this is not because they ask for an IP or DNS or something but because of either brute force or some low level exploit.
Now if your router is compromised you do not really need to connect to anything to get exploited...

So the only way to be safe is to disconnect the ethernet cable, remove the wifi card and do not use any of the USB sticks what have radio frequencies for spying.

BTW it would be nice to see some report that just issuing a wget request (the one ipinfo etc use) can be used for exploits from any site - assuming you do not request a trojan, virus etc of course.

[gcmartin]

... So, please consider the situation of someone who does NOT WANT to use a browser (either for the current session only, or forever - doesn't matter...) - if they boot a recent puppy, believing they are only accessing only their local LAN, in fact they are incorrect. The puppy is guaranteed to try to go external and become active on the WAN. ...

Hi @Greengeek, you are correct!

But, remember, the original idea (basis) for Barry's implementation was NOT as a LAN system, rather, as a PC capable of using the modem or the LAN for Internet use with some local apps. This was done to both make it attractive to users and to provide pathway for the local PC's expansion via its PPM and other Linux offerings available. Thus, its intended purpose was a single, simple, standalone PC with internet capability for our use.

From MY point of view, his builds were never intended for a LAN based audience, otherwise, we, you and I would have seen many more LAN server functionality included in Barry's approaches back then and even today,

For example, Sharing from a local PC with other LAN users is incorporated in almost every Windows and Mac PCs. Further those PCs could interchange information with each other on the LAN as well. But, it wasn't until recent years that several of the PUP distros have included a functioning SAMBA to so such. (As you may know, over 99% of all PCs in the world have SMB sharing operational in the base system with never any need to install anything....Never. It intends to make easy sharing for people who would not understand. )

Further, as I have tried to share in earlier posts, your PC does a simple LAN test that most everyone is NOT aware that these tests go on. The fact that it is done, does NOT make your PC vulnerable to any attack. Nor is it subversive in the benefit it provides to the user PC. It provides benefit to user PCs while not compromising one to exploit.

These things have been done to make it easy for most system users to use their local PCs without have to go thru the trouble to go thru any exhaustive ritual each time we want to test a PUPPY ISO.

Lastly, advance users can turn things off and there is more than enough information in the forum to guide those who wish to.

I don't make any rules and I don't write any code. But, I can see, and understand the many things that distro developers do in their efforts to make a simple and easy package for users to step into.

I may not agree with what they've done, but, I also see benefit in much/most of what they try to do for us. This is just one example of it.

Hope there is some benefit to this info I share.

[OscarTalks]

Someone somewhere mentioned the missing icon on the exit button in the Firewall ON/OFF dialog. It is missing in the older versions of Firewall State too in fact. Anyway, I figured out how to fix it. I just put gtk-no in place of gtk-info for the icon. I'm sure there must be other alternatives but I think it looks OK like this.

[Atle]

I guess somehow that it takes a few threads to sort out a bug, be it real or not..

[mavrothal]

Atle a week ago you said

There is a someone...

And that someone just needs to get the facts and the code to audit it from a technical and ethical perspective.

What's the story

[Atle]

I did request information to pass over if any, but there is non so far...

[mavrothal]

I did request information to pass over if any, but there is non so far...

What more information other than the one in the previous 12 pages you may want?
Did you consider that may be nothing else to add?

By the way, does the request for "additional info" and the apparent reluctance to proceed for a week now with the already available info, suggests that you find nothing condemning/questionable in the last 12 pages anymore?
If yes, say so!
If no, pass these (according to your opinion) condemning/questionable points (with the rest of the tread) to the trusted expert you suggested.
Otherwise it may look as you would rather has this lingering for ever.

[Atle]

I think its perfectly fair to bring up this issue.

3 years and finally there seems to no questions left to ask?

Or is it?

[mavrothal]

I think its perfectly fair to bring up this issue.

3 years and finally there seems to no questions left to ask?

Or is it?

No problem in bring it up.
Questions has been asked and answered more than once, albeit some do not get the answer that they want.
Thus the "outsider".
But it would appear you just prefer this issue to linger and look "unanswered" so next time, a year from now, someone can claim a "4-year old issue...".

So let's have a straight answer:
are you consulting with your expert with the currently available info or not?

[Atle]

I have not received anything to audit

[mavrothal]

I have not received anything to audit

That would be a no then.
Thank you for confirming that after 2 months of discussions there are no open questions and you have nothing to audit.

[greengeek]

Despite the good content in this thread I still have a cluster of questions that are stuck in my head and I haven't been able to answer them satisfactorily yet:

- If I have a puppy operating solely on my internal LAN (without doing any internet accesses...) does anyone out there on the interweb thingy (or hackerverse as it should more properly be known) realise that this machine is even turned on?

- As soon as this machine receives it's local IP and communicated with my router has the router already applied for an external IP for this machine? If not, at what point DOES an external IP (specific to THIS machine) get allocated?

- Once an external IP is allocated to my machine who gets to know what that external IP is? Obviously my ISP knows, but does it report this information to a google server? Or does it maybe have to report it to one of those 13 internet hub thingies?

- At what point is this machine exposed to pings from an external source?

If someone could beat some sense into my head on these points I'd be really happy.

[mavrothal]

- If I have a puppy operating solely on my internal LAN (without doing any internet accesses...) does anyone out there on the interweb thingy (or hackerverse as it should more properly be known) realise that this machine is even turned on?

If you LAN is connected to the web the machines are connected too. Unless you have some specific configuration on your router.
Regarding "hackerverse", the probability to be struck by lightning is about 1/15000 (in the USA), while to have a car accident, 1 in 4!
Internet does not look that bad really.

- As soon as this machine receives it's local IP and communicated with my router has the router already applied for an external IP for this machine? If not, at what point DOES an external IP (specific to THIS machine) get allocated?

The local machines do not get an external IP (that's why you need to find it asking an outside source). Because of the IPv4 address exhaustion ISP providers use network address translation to accommodate many PC with the same external IP (as we said before...).

- Once an external IP is allocated to my machine who gets to know what that external IP is? Obviously my ISP knows, but does it report this information to a google server? Or does it maybe have to report it to one of those 13 internet hub thingies?

Check the link above. Should be clear.
Regarding reporting from your ISP, NAT addresses are usually dynamic so there is no point in reporting them. However they are logged and they know at every given moment who has what. So when the court order arrives they can tell.
Google and friends, have other means to track you through your browser and they do not really care if your computer is on or off.

- At what point is this machine exposed to pings from an external source?

As soon as you connect to the web and do not have a firewall that blocks ping.
However, ping response can not be exploited for much more than a DoS which is unlikely for any personal machine to be the target of.
Puppy linux is not running any services so ports are closed (check for yourself with SieldsUp) so is a very hard target, unless you are fooled to download some malicious program or visit a malicious site (though these are mostly MS-Windows oriented).

[greengeek]

Thanks mavrothal. Great Heavens, that NAT stuff is pretty heavy. I think that explains why I sometimes get naughty pictures popping up on my screen. Must be someone else was asking for them and my router incorrectly put it's hand up and said "They must be for me..."

[rackerhacker]

Thanks to a member of the Puppy Linux community for linking me to this thread. Please remove your tin foil hats and review the following:

I operate icanhazip.com (and icanhaztraceroute.com and icanhaztrace.com and icanhazptr.com) using my own money, time and resources. Those sites run on these two IP addresses:

Code: Select all

$ host icanhazip.com
icanhazip.com has address 216.69.252.100
icanhazip.com has address 216.69.252.101

If you use curl to reach the site, you'll notice an important header:

Code: Select all

$ curl -si icanhazip.com | grep RTFM
X-RTFM: Learn about this site at http://bit.ly/14DAh2o and don't abuse the service

That url takes you to my blog where there is information about the icanhazip applications as well as information about me.

I'm not sure how I can be any more transparent than I've already been. If you're upset with your Puppy Linux device talking to my services, please talk to Puppy Linux developers or maintainers.

Please stop sending me hate mail.
Please stop calling my hosting provider to curse at them.
Please stop spreading lies about me on this forum.

Thanks.

[mikeb]

Indeed.... what stupid idiot choose to use this guys website ...did anyone think to ask? Would not google or similar who care not be a better choice?

I ping the router to do the same job...its easy and upsets no one.

mike