Why is this strange IP address in Network connections?

[mavrothal]

Mavrothal, for some reason wants you to see only established connections, let's ignore his command and use our own.

Once more you spread FUD.
The command was to see is your PC was connected to something as discussed at the time

Not a single program is running on this machine, I didn't click the network icon, and yet the connection is there. Mavrothal will say it is harmless, it is closing. Yes, it is harmless in that sense. All that's happened is you have been tracked.

More FUD.
I run 8-10 puppies in virtual machines. Monitoring constantly the out going connection from the host, not puppy, I can see all the connections even before puppy boots. The only time that they connect is when ipinfo runs.

BTW, use "ps" to show us what is running on your machine when you see the connection in netstat.

Code: Select all

ps > connect.log;netstat -a >> connect.log

Finally, provide a shred of evidence that the user initiated connection to icanhazip.com consist tracking or stop spreading FUD about it.

[jamesbond]

This thread is very educational
But to get to the point: just delete /usr/local/firewallstate/ipwget and you won't get that pesky connection on every boot anymore. Deal?

[anikin]

Finally, provide a shred of evidence that the user initiated connection to icanhazip.com consist tracking or stop spreading FUD about it.

I don't have even a shred of evidence that icanhazip is into tracking, the same as you have as much evidence, that it isn't. Potentially, it's logs can be used for tracking, as they have time and addresses, you know it better than me. Let me repeat once again, it can be any address that you impose on the user. Remove icanhazip.com, put in anikin.com instead - and I will oppose to that. This is not a feature, that Puppy users are desperately craving for. There's a reason why Slackware, Debian and even Windows XP do not have it. Because it is fishy. Here's a scenario where it can be even worse than useless. An unsuspecting Puppy user, who thinks, that Tor will anonymize his address, which perhaps it will for the browser, goes and checks his IP through your newly offered script. Now he will have revealed his true address to anikin.com. Anikin will sell that address first to Google, then will make a business offer to a more serious organization ... or, maybe not - that organization can't keep it's own secrets. Get it out - completely and let's stop waisting time on it. Regarding FUD - it is a bad thing in my book - I will never do it knowingly. You guys are defending what is indefensible ... and getting needlessly confrontational.

[mavrothal]

Finally, provide a shred of evidence that the user initiated connection to icanhazip.com consist tracking or stop spreading FUD about it.

I don't have even a shred of evidence that icanhazip is into tracking, the same as you have as much evidence, that it isn't.

If I state that "you are from another planet", something that neither I can prove is true nor you that is not, who has the responsibility to prove their thesis? Me that "accused" you or you?...

Accusing (which you clearly do) without a shred of evidence (as you stated) is the exact definition of FUD

[01micko]

This thread is very e|n|d|t|u|e|c|r|a|t|t|a|i|i|o|n|n|i|a|n|l|g

[anikin]

This thread is very educational

I understand your irony on the educational part. What you'd expect from noobs. The pesky connection is built to the highest standards of reliability - the files are spread across the system in at least 3 different folders. If one fails, there are 2 more to keep the connection alive and the customers happy.

Accusing (which you clearly do) without a shred of evidence (as you stated) is the exact definition of FUD

I can't see how being opposed to a "feature" can qualify as accusation. I even offered anikin.com as a gesture of good will ...
Can we already start discussing practical steps? How long will it take to completely clean up Woof CE and straighten out Puppy's startup?

[mavrothal]

How long will it take to ... Woof CE

woof-CE is public. Provide a patch.

[anikin]

I can only offer a concept:
The most important one - get rid of xorgwizard, together with all of it's scripts. I'm not a coder, but I can see a huge difference between init scripts/routines in Puppy and other distros. Just reading the comments in the scripts, some of which go back to 2004 will make one cringe. Please, have a look at how other distros start! Iguleder mentioned, he built a super fast init the other day - can it be moddded to work in Puppy? If a Puppy detractor (I don't want to mention his name here), using Barry's own scripts built a startup routine for his OS, which is far superior to the original - why you guys can't pool your collective effort and do the same? The real problem isn't the pesky connection - the problem is Puppy loosing ground to the competition and the community is loosing interest in it.

[jamesbond]

I understand your irony on the educational part. What you'd expect from noobs.

Please, conveying irony is very far from my intention. I do learn a lot from this thread, I do learn a lot from noobs, and lastly we were all noobs once.

The pesky connection is built to the highest standards of reliability.

The files are spread across the system in at least 3 different folders. If one fails, there are 2 more to keep the connection alive and the customers happy.

Jokes aside, I would say that malice was never the intention. Security (and to a degree privacy) is always a trade-off (with functionality, with convenience, etc); and everyone has different ideas on where the dividing line should be. See for example: http://murga-linux.com/puppy/viewtopic. ... 815#534815 - would you want to keep track of your external IP address movement, *at the price of contacting icanhazip several times a day*? I don't think so, but others think differently (=ie no big deal for them).

That being said - the 3 different ways of connection comes from 3 different packages. ipinfo is from Woof (Barry); ipwget is from firewallstate (tasmod); and ifactive comes from Pup-Info (radky). Some puppies have all these three, and some gets two, some only has one (ipinfo). So no, they don't come from the same source or collude to hide their tracks in 3 different programs.

The one that concerns the most ("calling-icanhazip-at-boot") comes from firewallstate. While I don't know how firewallstate is designed (doesn't have the source with me), I would bet that it is more of an oversight rather than on purpose: tasmod explicitly mentioned the exact script that gets the external IP address for use by firewallstate in his response here: http://murga-linux.com/puppy/viewtopic. ... 460#535460; something that he wouldn't have done if he has less than honourable intention.

I believe Mick has addressed all of these 3; and this matter should be put to rest. As I said earlier, you can eliminate the "calling-icanhazip-at-boot" by deleting /usr/local/firewallstate/ipwget until a more permanent fix is released.

One last note for the technically curious: it is nearly impossible to reliably determine what is your external IP address to the world, other than actually *contacting* a site of some sort (as Mick has explained earlier).

[greengeek]

I believe Mick has addressed all of these 3; and this matter should be put to rest. As I said earlier, you can eliminate the "calling-icanhazip-at-boot" by deleting /usr/local/firewallstate/ipwget until a more permanent fix is released. .

Thanks for the information in this post jamesbond. I am certainly finding this thread informative and helpful. I can't say what should or should not be in woof-CE but I am certainly appreciative of the opportunity to make these changes to my own systems to stop puppy lifting it's head 'above the parapets' till I am ready for it to do so.

Your computer, if part of a LAN, never gets assigned an external IP. It only gets a LAN IP from the router. The router actually gets the external IP.

So does this mean that the router requests an external IP when it is first turned on and comes ready? Or is that request occurring only when a LAN device makes the first DHCP request?

[mavrothal]

The one that concerns the most ("calling-icanhazip-at-boot") comes from firewallstate.

I never run firewallstate, but removing the call from the source (found here) is pretty simple and from what I can see it is only used in the "information" window.
Firewallstate appears to work OK like that but Is there any other use that I missed (ISip and isip are the relevant points)

Code: Select all

--- firewallstate-2.0.c.orig	2011-09-27 18:46:07.000000000 +0300
+++ firewallstate-2.0.c	2014-01-13 21:01:07.360113765 +0200
@@ -24,7 +24,6 @@
 void shownet_window(GtkWidget *w, gpointer dummy);
 void show_hide_window(void);
 void timdat_window(GtkWidget *w, gpointer dummy);
-void ISip ();
 void NETip();
 void psync_window(GtkWidget *w, gpointer dummy);
 
@@ -35,7 +34,6 @@
 char pupname1[6]="Puppy";
 char keyvers[6];
 char langvers[6];
-char ipis[16];
 char netis[30];
 char tzis[25];
 
@@ -127,13 +125,6 @@
     pclose(fp);
 		}
 
-		{  /* Get your IP address from created tmp file ipis.txt*/
-
-   fp = (FILE *)popen("cat /tmp/ipis.txt |  awk '{print $1}'  " , "r" );
-    fgets(ipis,sizeof ipis,fp);
-    pclose(fp);   
-		}
-  
 		{ /* Get your network from created tmp file ifstuff.txt */
 
    fp = (FILE *)popen("cat /tmp/ifstuff.txt |  grep 'addr:'  | head -n1 | cut -d ':'  -f2  |  awk '{print $1}'  " , "r" );
@@ -155,11 +146,6 @@
     system("/usr/local/firewallgtk/firewallgtk &");
 }
 
- ////////////////////////////////////////////////// Runs External IP script routine
-void   ISip (){
-  system("/usr/local/firewallstate/ipwget");
-}
-
 ////////////////////////////////////////////////// Runs Net IP script
 void NETip()  {
   system("/sbin/ifconfig  > /tmp/ifstuff.txt 2>&1");
@@ -196,7 +182,7 @@
 	
 	GtkWidget *window, *widget, *vbox, *frame, *box ;
 	char temp[50] , istemp1[30], istemp2[30],  istemp3[30], 
-	ipistemp[50], keytemp[25], langtemp[30] , nettemp[50],
+	keytemp[25], langtemp[30] , nettemp[50],
 	tztemp[50];
 
 	    window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
@@ -224,9 +210,6 @@
 	    gtk_box_pack_start(GTK_BOX(box), widget, FALSE, FALSE, 3);	
 	    g_snprintf(istemp1, sizeof(istemp1), "", puppyversion);
 	    widget = gtk_label_new(istemp1);
-			gtk_box_pack_start(GTK_BOX(box), widget, FALSE, FALSE, 3);	
-			g_snprintf(ipistemp, sizeof(ipistemp), "Your external IP is  %s", ipis);
-			widget = gtk_label_new(ipistemp);   	
 	    gtk_box_pack_start(GTK_BOX(box), widget, FALSE, FALSE, 3);	
 	    g_snprintf(nettemp, sizeof(nettemp), "PC network address %s", netis);
 	    widget = gtk_label_new(nettemp);   	
@@ -332,8 +315,6 @@
 
 		gtk_init(&argc, &argv);
 		 
-		ISip(NULL);
-		
 		NETip(NULL);
 		
 		Info(NULL);

[jamesbond]

Your computer, if part of a LAN, never gets assigned an external IP. It only gets a LAN IP from the router. The router actually gets the external IP.

So does this mean that the router requests an external IP when it is first turned on and comes ready? Or is that request occurring only when a LAN device makes the first DHCP request?

It will request an external IP address as soon as it gets connected to your ISP. If your router is configured as "always on" (which is almost always the case), this will happen immediately upon power-up. If it is configured as "on-demand" (rarely these days), it will do so when your computer try to connect to the Internet.

I never run firewallstate,

The problem is firewallstate is auto-started in recent puppies that have it - so it's not a choice.

but removing the call from the source (found here) is pretty simple and from what I can see it is only used in the "information" window.
Firewallstate appears to work OK like that but Is there any other use that I missed (ISip and isip are the relevant points)

Thanks for pointing the source. I haven't tested it myself but it looks like you're doing it right.

[Atle]

So if I understand this right...

When i boot a modern Puppy and uses Ethernet, it will "just say hello" to icanzip? No matter if i like it or not?

And this happens several times everyday i use a modern Puppy?

[01micko]

http://distro.ibiblio.org/puppylinux/so ... .5.tar.bz2

Latest sources for firewallstate, complete with legal bits.

[mavrothal]

I never run firewallstate,

The problem is firewallstate is auto-started in recent puppies that have it - so it's not a choice.

I believe is configurable in recent puppies and in older ones just removed from Startup folder (actually set permission to 000)
Quite frankly linux firewall is more useful psychological than practical (unless you start opening ports).

Latest sources for firewallstate

Looks more quite
Will be fun if puppy users start complaining for the lost functionality

[Atle]

I believe is configurable in recent puppies and in older ones just removed from Startup folder (actually set permission to 000)
Quite frankly linux firewall is more useful psychological than practical (unless you start opening ports).

To me that says that all real function of this piece of software then is to say hello to icanzip?

[jamesbond]

I never run firewallstate,

The problem is firewallstate is auto-started in recent puppies that have it - so it's not a choice.

I believe is configurable in recent puppies and in older ones just removed from Startup folder (actually set permission to 000)

Yes, it is configurable. I should have been more clear - what I meant is that by default it is auto-started when you first boot puppy (for *good reason*). Once you're inside puppy, you can turn it off or disable it the way you explained above (or keep it but remove ipwget).

Quite frankly linux firewall is more useful psychological than practical (unless you start opening ports).

Yes, especially for Puppy which doesn't run network services by default.

Latest sources for firewallstate

Thanks for that, Mick.

To me that says that all real function of this piece of software then is to say hello to icanzip?

To me the answer is a resounding *NO*.

firewallstate is an application to - well - show the state of firewall in your puppy (enabled or disabled). The reason why this software is useful is because there are many instances here in the forum where people asked why they can't connect to something or why Windows can't connect to their puppies --- and it turned out that it was because their puppy firewall was enabled; and they don't even remember turning it on (they did turn it on but didn't remember doing so).

The firewallstate helps to show whether the firewall is currently enabled or not. Along the way, it tries to be helpful and shows the various network-related information, among them the external IP address.

The "bug" (if you want to call it so) is that the external IP address determination right when firewallstate is launched. In hindsight, it should have been done when the "show info" menu is executed instead. But as I said above, I find this to be more of an *oversight* rather than malice. I'm not sure whether tasmod (author of firewallstate) still lurks in the forum; if he does you can ask him yourself. Or even better: you can see the source code as posted by Micko and Mavrothal - it's the beauty of open source that you can audit things you don't trust.

[James C]

Will be fun if puppy users start complaining for the lost functionality

How about removing all networking/firewall/etc. scripts and wizards from future Puppy releases so that all Puppy users can personally configure everything from CLI.

Everyone should feel all comfy and secure at that point.

[Atle]

If this was found in Windows... What would it be named?

Spyware?
Virus?
Malware?

I think this ("calling-icanhazip-at-boot") is highly dubious. And why in heavens name would i need that function anyway?

And why do I need that information about the IP anyway?

If I need that i just google "show my IP" and go to some random site and get that info WHEN I NEED IT.

I read the entire thread and feel there is not given any good answers and most pro ("calling-icanhazip-at-boot") folks seems obsessed to try to give a impression that it is not so dangerous.

I would love to hear what Richard Stallman would say about this...

[perdido]

Will be fun if puppy users start complaining for the lost functionality

How about removing all networking/firewall/etc. scripts and wizards from future Puppy releases so that all Puppy users can personally configure everything from CLI.

Everyone should feel all comfy and secure at that point.

It could then be claimed a "traffic study" <g> Makes perfect sense, especially if you live in New Jersey.
---------------------------
It's uncertainty that makes one feel uneasy about things. If some of the uncertainty can be removed by giving the users a choice then why not support it?

I applaud the efforts to provide additional functionality. It may not make the users more secure but at least it gives them a choice on whether they want their machine to connect to a website they have never heard of.

I replaced ichanzip.com with my website.name in the original script just to see what the logs contained after puppy connected. Here is what is in the raw access log.

Code: Select all

172.56.28.240 - - [13/Jan/2014:17:31:35 -0600] "GET / HTTP/1.1" 403 431 "-" "Wget/1.13.4 (linux-gnu)"

Looks harmless enough to me. It's still nice to have a choice in the matter of whether I desire my machine to connect to whatever website. Give people a choice and it removes all apprehension.

Thanks for taking the time to update the script.