Why is this strange IP address in Network connections?

For discussions about security.
Message
Author
anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#166 Post by anikin »

01micko wrote:Major Hayden got a bit peeved
:lol:
It's a bit old but really. shows the bloke is human. I have recently contacted him on twitter and indeed Nugget is his host in San Antonio, TX.
Here is the exchange. (Excuse my stupidity saying "ISP" instead of "host").
... Deep sigh ...

Here we come again.
Let's not discuss the issue at hand.
Let's talk about what's peripheral to it.
Here's a fat, red herring for you - major hayden.

How creative of you ...

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#167 Post by mavrothal »

anikin wrote: Let's not discuss the issue at hand.
After 11 pages there is little left to discuss I would think.
Let's wait for Atle's expert review and provide him/her with any info that (s)he may find relevant either way.
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

Atle
Posts: 596
Joined: Wed 19 Nov 2008, 12:38
Location: Oslo, Norway
Contact:

#168 Post by Atle »

This expert view can only be there if I can get a grip on the actual facts and its hard to get them as I am confused on this issue as for now...

this is why i ask for a clarification on what is what...

I feel the entire thing is a bit confusing and unclear.

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#169 Post by jamesbond »

01micko wrote:jamesbond, mavrothal.. (+ others knowledgeable in networking). What are your thoughts on this from a technical and moral perspective (moral as in from the user and the host, [eg a.root-servers.net] perspective) for use as a basic connectivity check ??
There are a lot of things we can check when it comes to basic connectivity. We can check whether a network interface has an IP address. We can check whether the machine has a default gateway. We can check whether the machine knows of a good nameserver assigned to it. All these can be checked, and all these checks are local - no connection to the outside world is needed.

But if you want to know whether you have connectivity to the Internet, all these are *not enough*. You need to "connect" ("ping" or "wget") to a known end-point (=server) in the Internet; there is *no avoiding it*. It is *not* enough to ping the default gateway; it is *not* enough to ping the available nameserver. Both of these are unreliable tests because these endpoints are still within your machine/network or ISP's network - thus what you're testing is your connectivity to your own or at best ISP's network.

The only sure way to test for connection to "the cloud" is by contacting something which is absolutely known to live in "the cloud".

It is similar on how you test Skype installation/connection. Sure, you can test whether you microphone, speaker, or webcam works; this can be done locally without contacting anyone. But all these don't guarantee that you can make or receive calls. The *ultimate* test is to call the "Echo" Skype number - you connect to a well-known Skype server that will pick-your call, and records your voice and replays it back for you.

From privacy point of view - there is not much difference between using "ping" or "wget" to test connectivity - they both leak about the same amount of information. "ping" is probably a better to use because many endpoints have it enabled automatically; while for "wget" to be successful the endpoint must knowingly runs HTTP service; plus its overhead is smaller than wget (layer 3 operation vs layer 7 operation).

A ping or two to test connectivity when you're running network-setup wizard won't load an endpoint at all - so it's of no consequence.

The choice of the endpoint to use for testing is arbitrary (although some endpoints are more unpopular than others - as this thread obviously exhibits :lol:); the main criteria being reliability (same IP address all the time; always on); so your choice of the root nameserver is wise. Of course, one can still debate that root nameservers are controlled by ICANN and ICANN is an American company and thus is beholden to the NSA ... but if we follow this kind of thinking till the very end then perhaps we all should disconnect the wire :roll: (or roll out our own Internet).
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#170 Post by anikin »

@Atle,
Just give them download links to any recent, pre-woof ce pups. Slacko, Precise, Upups, Dpups. Send them links to this and other threads. The experts don't need to have your opinion - they will make their own, based on test runs and reading this and other threads.

@Jamesbond,
I understand the technical side of what your're saying. However, I need to grasp the following: as my ISP's customer, I take it for granted, that I have fully paid for my internet connectivity. I don't need to worry about technical nuances. I can connect to anything - Skype, cloud, icanhazip and Google - no issues whatsoever. The connection is flawless, be it Windows, Mac or Linux. I pay them - they do the pinging. I will cautiously presume, that your explanation is about "professional" connectivity - ISPs, businesses, corporations. More importantly, your opinion will not be used to justify any questionable decisions.

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#171 Post by mavrothal »

anikin wrote:@Atle,
Just give them download links to any recent, pre-woof ce pups. Slacko, Precise, Upups, Dpups. Send them links to this and other threads. The experts don't need to have your opinion - they will make their own, based on test runs and reading this and other threads.
Well said.
(I thought that this expert is identified, contacted and agreed to review. Isn't it the case? :? ?)
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#172 Post by jamesbond »

@anikin:
My write-up is a public response to Mick's public call for comment.
anikin wrote:I understand the technical side of what your're saying. However, I need to grasp the following: as my ISP's customer, I take it for granted, that I have fully paid for my internet connectivity. I don't need to worry about technical nuances. I can connect to anything - Skype, cloud, icanhazip and Google - no issues whatsoever. The connection is flawless, be it Windows, Mac or Linux. I pay them - they do the pinging.
My write-up is not for arguing the need (or the lack thereof) for "checking internet connectivity". It is a statement of fact of what needs to be done *if you want to perform such checks* (that's what Mick asked).
More importantly, your opinion will not be used to justify any questionable decisions.
Most of the write-up are facts, they are not opinions. The only opinions there are:
jamesbond wrote:A ping or two to test connectivity when you're running network-setup wizard won't load an endpoint at all - so it's of no consequence.
and
jamesbond wrote:but if we follow this kind of thinking till the very end then perhaps we all should disconnect the wire :roll: (or roll out our own Internet).
In any case, please feel free to interpret them as you wish. Just remember that others may have a different interpretation than yours.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#173 Post by anikin »

jamesbond wrote:Most of the write-up are facts, they are not opinions. The only opinions there are:
I should have used a better word. The one I meant - "authority", by which I mean your explanations of various computing/technical aspects, like PAE, etc, etc., which everyone, myself included, take as gospel. A few posts back, I made a comment about having a look at donor distros, can you share your opinion on that one? Is that an acceptable approach?

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#174 Post by jamesbond »

anikin wrote:
jamesbond wrote:Most of the write-up are facts, they are not opinions. The only opinions there are:
I should have used a better word. The one I meant - "authority", by which I mean your explanations of various computing/technical aspects, like PAE, etc, etc., which everyone, myself included, take as gospel.
As Bruce Schneier said it - "trust, but verify".
A few posts back, I made a comment about having a look at donor distros, can you share your opinion on that one? Is that an acceptable approach?
1. CentOS/RedHat - checks for updates at boot time and periodically.
2. Ubuntu - same thing. It was even worse - there was a period of time where every search query you put into their default dashboard (Ubuntu Dash) got sent directly to Amazon. Now that's a real concern!
3. Slackware - no updates checking by default, no contacting external servers by default at boot.
4. For Debian please check with pemasu or saintless; but I remember that some Debian derivatives do have updates checking.
5. Other large notable software pieces - libreoffice does update checking, Virtualbox too.
You can turn off all these but the *default configuration out of the box* is that they are all turned on.
I refer to "update checking" but the end result is the same - to perform update checking, it contacts a remote server (with all the consequences) to check whether updates are available.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

gcmartin

#175 Post by gcmartin »

As pointed out by the prior post, there are various OSes and subsystems that do presence checking for various reason. Most OS start their lives as LAN based and the internet is a necessary items for back-end operations. Because this is done, does NOT mean something malicious is active that is not in the best interest. Those developers intend to provide the best experience possible. In Puppy Linux case, the Prime developer started this approach to assist presence detection so the local PC user can have the best possible experience, recognizing that NOT EVERYONE has equal skills is system manipulation for presence. And, it makes easy to diagnose problems in some cases where the developers know that they are working with a system which operates as it does when evaluating a problem identified by a user. Since the prior detection method is/has been used across the board, I, personally, don't feel nor see, that there is/has been anything done to open PUPPY systems to exploit in today's world. ISPs have tended to operate with each's pool of IP addresses they own where static IP COST($) more to a user than the dynamic arrangement many of them use. Since many of us have a dynamic account with the ISPs, your current IP address on the internet does change from time to time, continuously.

FUD crept into this thread after the source reason was explained. In the request to "prove that others do it" is a continue to press a point.

A applaud the developers who have taken a look at this.

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#176 Post by James C »

jamesbond wrote: 4. For Debian please check with pemasu or saintless; but I remember that some Debian derivatives do have updates checking.
Vanilla Debian installs (KDE and Gnome) by default automatically check for updates at boot.Believe it can be disabled by the user though.

Updating Wheezy KDE as I type this.

Naturally, a link....
http://www.debian.org/doc/manuals/secur ... 10.en.html
Since Debian 4.0 lenny Debian provides and installs in a default installation update-notifier. This is a GNOME application that will startup when you enter your Desktop and can be used to keep track of updates available for your system and install them. It uses update-manager for this.

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#177 Post by mavrothal »

Actually a feature to check for puppy updates at boot may be a good idea specially for LTS puppies. If we could insert a script in the ibiblio puppylinux that could return the external IP if called (I do not know if this can be done without server access) could solve both issues at once.
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#178 Post by anikin »

jamesbond wrote: 1. CentOS/RedHat - checks for updates at boot time and periodically.
2. Ubuntu - same thing. It was even worse - there was a period of time where every search query you put into their default dashboard (Ubuntu Dash) got sent directly to Amazon. Now that's a real concern!
3. Slackware - no updates checking by default, no contacting external servers by default at boot.
4. For Debian please check with pemasu or saintless; but I remember that some Debian derivatives do have updates checking.
5. Other large notable software pieces - libreoffice does update checking, Virtualbox too.
You can turn off all these but the *default configuration out of the box* is that they are all turned on.
In other words, not a single one of the above distros, has the "feature" we are discussing. Why should we?
jamesbond wrote:I refer to "update checking" but the end result is the same - to perform update checking, it contacts a remote server (with all the consequences) to check whether updates are available.
You don't mean to say, that Puppy contacts icanhazip to check whether updates are available?

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#179 Post by mavrothal »

anikin wrote: You don't mean to say, that Puppy contacts icanhazip to check whether updates are available?
So at the end of the day the objection is that is
a) contacting some web site automatically for whatever reason
b) contacting icanhazip.com specifically or
c) that is getting the external IP of the machines (from any external site) ?
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#180 Post by James C »

It's a Puppy secret.....

https://scottlinux.com/2013/06/17/how-t ... with-curl/
Major Hayden has created the epic site icanhazip.com which will show your current IP address. There are a few more additions to know about as well. Here is the scoop!

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#181 Post by James C »

Nope....Ubuntu knows about it too.....

http://askubuntu.com/questions/145012/h ... e-terminal
icanhazip.com is my favorite.

curl icanhazip.com

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#182 Post by 01micko »

A default full install of Slackware calls out to akamai - read more.
This is only when KDE is set to the default DE.

This does not affect any slacko puppy as KDE and it's libs are not used in the default install.
Puppy Linux Blog - contact me for access

gcmartin

#183 Post by gcmartin »

Again I'll directly ask those in objection. HOW is this exposing Puppy users to exploit? Is there any evidence that the many thousands of users of PUPs that this exposes exploitation to any of them?

I am truly curious whether there is real exposure??? If there is no known real exploitation, is there a creditable hypothesis that the presence method used in PUPs which can be turned into exposure???

I am really curious.

BTW, has anyone other than I noticed that the OP has abandoned this thread?

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#184 Post by greengeek »

gcmartin wrote:Again I'll directly ask those in objection. HOW is this exposing Puppy users to exploit? Is there any evidence that the many thousands of users of PUPs that this exposes exploitation to any of them?
Ironically I think 01micko, mavrothal and others in favour of allowing the external IP check provided the best answer to this question by saying that making the connection (or 'request' - whatever you want to call it) to icanhazip was no more risky than using a browser.

So, please consider the situation of someone who does NOT WANT to use a browser (either for the current session only, or forever - doesn't matter...) - if they boot a recent puppy, believing they are only accessing only their local LAN, in fact they are incorrect. The puppy is guaranteed to try to go external and become active on the WAN.

I understand that different people evaluate this action as offering varied risk for exploit - some say zero risk, others say some potential risk.

So - in answer to your question about HOW it is exposing the user to exploit - it still seems to me that a puppy that stays on the LAN only is at less risk than a puppy that becomes active on the WAN. (I realise others may feel that they have already provided justification as to why my fear is ungrounded, and they can feel free to condemn my ignorance..)

I guess my question in return is this: If I boot my puppy with no intention of opening my browser am I at less risk, more risk, or equal risk to someone who boots puppy and DOES open a browser?

EDIT : What if I have 4 puppies on my LAN - 3 for the wife and kids to use for word processing and offline stuff, and my one that is used for internet access. Previously I thought the 'offline' PCs were 'offline' and only the 'internet' puppy went beyond the router. Today, I know differently and feel that those 'offline' PCs are at risk of exploit that I didn't previously expect.

But then - if it is the router that is requesting an external IP on behalf of EVERY PC on the LAN - maybe I was already exposed before ipinfo came on the scene...

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#185 Post by mavrothal »

greengeek wrote: But then - if it is the router that is requesting an external IP on behalf of EVERY PC on the LAN - maybe I was already exposed before ipinfo came on the scene...
As Mick said, if you do not want toleave footprints, do not walk.
Is funny that we discussing this when only 3 days ago a security firmed published that everything from routers to refrigerators! has been compromised in a thing-bot scheme.
What someone has to consider though is that this is not because they ask for an IP or DNS or something but because of either brute force or some low level exploit.
Now if your router is compromised you do not really need to connect to anything to get exploited...

So the only way to be safe is to disconnect the ethernet cable, remove the wifi card and do not use any of the USB sticks what have radio frequencies for spying.

BTW it would be nice to see some report that just issuing a wget request (the one ipinfo etc use) can be used for exploits from any site - assuming you do not request a trojan, virus etc of course.
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

Post Reply