Page 3 of 11
host the code
Posted: Wed 08 Jan 2014, 14:31
by raffy
Gee, I was about to host the code suggested
above, but I suddenly recalled that hits at puppylinux.org are always at the overload end, so that got me frozen.
I see no problem with icanhazip.com, although I used to visit who.is for my ip address.
Posted: Wed 08 Jan 2014, 17:04
by gcmartin
One of the problems that this discussion highlights is that the community does NOT have a document (oh pray tell, a standard) that we understand to contain what ports a distro uses. Since there is none, the community will continue to see these kinds of alarms crop up, then a fire-fight surface where it becomes a distraction.
For those who dislike this protocol for system behavior, there have been altenative(s) presented.
We have, in this thread, identified that there is not a corruption as the behavior provides a service to the system. IS THIS SERVICE BAD? we have NOT seen any evidence that there is misuse or corruption.
Why is this getting the attention it is garnering??? IS THERE SOMETHING WRONG THAT THIS OPERATION IS DOING.
Again I share that your system on your LAN is doing things that most users are unaware. It has been doing it, by standard architecture, for almost 30 years. Most of you are unaware. Because it does "good" things for you should we have cause for alarm and call for the LAN to be trashed because you didn't know it was doing good things for you? This kind of reasoning is escaping me and maybe others.
HOW HAVE YOU BEEN HARMED?
And maybe a better question is: How will any change improve things such that we see an improvement in the system's performance or its network performance and behavior?
Let's get the emotions behind us and focus on the system improvement for user benefit without putting ANY additional burden on the distro users.
Here to help
Posted: Wed 08 Jan 2014, 17:28
by anikin
gcmartin,
This discussion has nothing to do with ports, protocols or network architecture.
Please, stop trolling.
Posted: Wed 08 Jan 2014, 18:36
by greengeek
gcmartin wrote:Why is this getting the attention it is garnering??? IS THERE SOMETHING WRONG THAT THIS OPERATION IS DOING.
Again I share that your system on your LAN is doing things that most users are unaware. It has been doing it, by standard architecture, for almost 30 years.
Apparently puppy 4.3.1 does not make any of these connections when booted, so I think it is unfair to suggest that it is 'expected' behaviour and that it has been so for 30 years.
One of the reasons I first started using Puppy was that I had discovered the Gibson Research Institute "shields up" site and become concerned about how unreasonably 'open' my Windows system was, according to the tests available there.
By contrast, Puppy seemed better locked down, and I felt happier using Puppy rather than Windows. My attitude was probably poorly informed, but nonetheless I felt that a 'quiet' system must be better than one that opened ports without user consent or knowledge. To learn that recent puppies have several connections open from boot time has awakened me to the fact I know way too little about how to keep my system secure.
After thinking thru the concern being pushed, it occurs that the problem MAY be that its not known the difference between "port" versus "destination". This lack of knowledge could be the root of discomfort.
You may be right. Are you suggesting that each of these connections is just a 'safe destination' rather than an '
unnecessarily open port'?
Posted: Wed 08 Jan 2014, 18:43
by greengeek
Also...I'm probably blind, but I cannot see any response that has provided a justification for a connection with Nugget enterprises - which as far as I can see is nothing at all to do with icanhazip.
Did I miss something? Why is my PC connecting to Nugget enterprises?
Posted: Wed 08 Jan 2014, 20:58
by mavrothal
greengeek wrote:Also...I'm probably blind, but I cannot see any response that has provided a justification for a connection with Nugget enterprises - which as far as I can see is nothing at all to do with icanhazip.
Did I miss something? Why is my PC connecting to Nugget enterprises?
First of all your PC is
not connected to Nugget enterprises (or to icanhazip.com or anything else if you do not have initiated a web/ftp/etc connection)
type
Code: Select all
netstat -an | grep -E 'ESTABLISHED|CONNECTED'
in the terminal and look for tcp/udp (not "unix") connections to verify it.
The address that you see, and usually has the FIN/TIME_WAIT1/2 status, is the remote server (wait/)closing the connection that ipinfo initiated to find your external IP.
See image
Now why Nugget enterprises when we ask our IP frm icanhazip.com?
icanhazip.com has IP 216.69.252.100. The site is hosted in charlie.colo.mhtx.net that has a range of 9 IP and charlie.colo.mhtx.net is hosted in Nugget Enterprises, Inc that has all the IPs from 216.69.252.0 to 216.69.252.255.
When a site is hosted in a cluster, although receive requests at a specific IP, can service these requests from any IP of the cluster, depending on the topology of the system.
What you actually see is the IP from the remote cluster that icanhazip.com is hosted on, that is closing the connection.
I hope that's clear enough.
Edit: Add connection close states image
Posted: Wed 08 Jan 2014, 21:40
by greengeek
Thanks mavrothal, the clarification is much appreciated.
Posted: Fri 10 Jan 2014, 00:30
by gcmartin
anikin wrote: ... This discussion has nothing to do with ....
In your words, please explain what this thread opened as? Please. Help us understand, in summary, how you see this thread's subject and its opening thread. And should you consider open ports via a LAN card as having nothing to do with any of what is asked, please share it for me. Thanks.
Please articulate clearly as you seem to have a better idea.
Posted: Fri 10 Jan 2014, 01:33
by 01micko
Well raffy can't host the file.. that's ok.
Try this.
Posted: Fri 10 Jan 2014, 02:45
by perdido
01micko wrote:Well raffy can't host the file.. that's ok.
Try this.
That's perfect. Clears up the question of what icanhazip.com is doing and gives the option of allowing it for ip lookup.
Thanks
Another solution addressing concern to web connect ID issue
Posted: Fri 10 Jan 2014, 04:55
by gcmartin
Thank @01Micko. A thought-thru option. Thanks
Posted: Fri 10 Jan 2014, 04:57
by mavrothal
01micko wrote:
Try this.
"Check to allow external IP from icanhazip.com" can be misleading if you have not followed this and similar threads.
"Check to find your external IP through icanhazip.com" is more accurate I believe.
Posted: Fri 10 Jan 2014, 05:07
by gcmartin
@Mavrothal, agreed.
But, I wonder, too, is the mentioning of the site important. What may be more important is the Web IP address report and NOT the site that assist.
Just an idea.
Posted: Fri 10 Jan 2014, 05:33
by 01micko
Any more transparent now and we risk breaking under the strain..
Posted: Fri 10 Jan 2014, 06:01
by James C
01micko wrote:Any more transparent now and we risk breaking under the strain..
How about Networking 101 for those that just don't get it.........?
Posted: Fri 10 Jan 2014, 06:11
by mavrothal
01micko wrote:Any more transparent now and we risk breaking under the strain..
True but I do not think that this 3-year+ functionality should be removed in the defaults.
What about
"Check to block finding your external IP from icanhazip.com"
and
Code: Select all
[ -f $HOME/.ipinfo ] && . $HOME/.ipinfo || CB0=true
Posted: Fri 10 Jan 2014, 06:17
by 01micko
@mavrothal, I don't get the hysteria either.. FFS they use Google!
Posted: Fri 10 Jan 2014, 06:22
by James C
01micko wrote:@mavrothal, I don't get the hysteria either.. FFS they use Google!
Speaking of.......
http://www.washingtonpost.com/blogs/the ... r-hacking/
Posted: Fri 10 Jan 2014, 06:34
by 01micko
Anyway, I do use google with a touch of contempt! I consider them linux "rapists"
but sometimes it's handy for my own reasons. Self preservation is at the top of my list so I use sparingly.
Ah.. right now I have better things to do.. k3.10.26 and k3.12.7 have just been released!
Posted: Fri 10 Jan 2014, 06:40
by greengeek
mavrothal wrote:"Check to allow external IP from icanhazip.com" can be misleading if you have not followed this and similar threads.
"Check to find your external IP through icanhazip.com" is more accurate I believe.
I don't understand the responses here. It looks like you guys are seeing some sort of xdialog that is not coming up on my system. I installed mick's updated ipinfo script and now have a clean "staistics" tab in ipinfo (which is excellent - thanks mick), but not any of the interactive stuff that others appear to be reporting. Could someone post a screenshot of what I seem to be missing please? Ta.