Why is this strange IP address in Network connections?

For discussions about security.
Message
Author
User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#196 Post by greengeek »

Despite the good content in this thread I still have a cluster of questions that are stuck in my head and I haven't been able to answer them satisfactorily yet:

- If I have a puppy operating solely on my internal LAN (without doing any internet accesses...) does anyone out there on the interweb thingy (or hackerverse as it should more properly be known) realise that this machine is even turned on?

- As soon as this machine receives it's local IP and communicated with my router has the router already applied for an external IP for this machine? If not, at what point DOES an external IP (specific to THIS machine) get allocated?

- Once an external IP is allocated to my machine who gets to know what that external IP is? Obviously my ISP knows, but does it report this information to a google server? Or does it maybe have to report it to one of those 13 internet hub thingies?

- At what point is this machine exposed to pings from an external source?

If someone could beat some sense into my head on these points I'd be really happy.

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#197 Post by mavrothal »

greengeek wrote: - If I have a puppy operating solely on my internal LAN (without doing any internet accesses...) does anyone out there on the interweb thingy (or hackerverse as it should more properly be known) realise that this machine is even turned on?
If you LAN is connected to the web the machines are connected too. Unless you have some specific configuration on your router.
Regarding "hackerverse", the probability to be struck by lightning is about 1/15000 (in the USA), while to have a car accident, 1 in 4!
Internet does not look that bad really.
greengeek wrote: - As soon as this machine receives it's local IP and communicated with my router has the router already applied for an external IP for this machine? If not, at what point DOES an external IP (specific to THIS machine) get allocated?
The local machines do not get an external IP (that's why you need to find it asking an outside source). Because of the IPv4 address exhaustion ISP providers use network address translation to accommodate many PC with the same external IP (as we said before...).
greengeek wrote: - Once an external IP is allocated to my machine who gets to know what that external IP is? Obviously my ISP knows, but does it report this information to a google server? Or does it maybe have to report it to one of those 13 internet hub thingies?
Check the link above. Should be clear.
Regarding reporting from your ISP, NAT addresses are usually dynamic so there is no point in reporting them. However they are logged and they know at every given moment who has what. So when the court order arrives they can tell.
Google and friends, have other means to track you through your browser and they do not really care if your computer is on or off.
greengeek wrote: - At what point is this machine exposed to pings from an external source?
As soon as you connect to the web and do not have a firewall that blocks ping.
However, ping response can not be exploited for much more than a DoS which is unlikely for any personal machine to be the target of.
Puppy linux is not running any services so ports are closed (check for yourself with SieldsUp) so is a very hard target, unless you are fooled to download some malicious program or visit a malicious site (though these are mostly MS-Windows oriented).
Last edited by mavrothal on Sat 25 Jan 2014, 19:26, edited 1 time in total.
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#198 Post by greengeek »

Thanks mavrothal. Great Heavens, that NAT stuff is pretty heavy. I think that explains why I sometimes get naughty pictures popping up on my screen. Must be someone else was asking for them and my router incorrectly put it's hand up and said "They must be for me..."
:oops:

User avatar
rackerhacker
Posts: 7
Joined: Sat 04 Aug 2012, 20:21
Contact:

Seriously, folks. Seriously.

#199 Post by rackerhacker »

Thanks to a member of the Puppy Linux community for linking me to this thread. Please remove your tin foil hats and review the following:

I operate icanhazip.com (and icanhaztraceroute.com and icanhaztrace.com and icanhazptr.com) using my own money, time and resources. Those sites run on these two IP addresses:

Code: Select all

$ host icanhazip.com
icanhazip.com has address 216.69.252.100
icanhazip.com has address 216.69.252.101
If you use curl to reach the site, you'll notice an important header:

Code: Select all

$ curl -si icanhazip.com | grep RTFM
X-RTFM: Learn about this site at http://bit.ly/14DAh2o and don't abuse the service
That url takes you to my blog where there is information about the icanhazip applications as well as information about me.

I'm not sure how I can be any more transparent than I've already been. If you're upset with your Puppy Linux device talking to my services, please talk to Puppy Linux developers or maintainers.

Please stop sending me hate mail.
Please stop calling my hosting provider to curse at them.
Please stop spreading lies about me on this forum.

Thanks.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#200 Post by mikeb »

Indeed.... what stupid idiot choose to use this guys website ...did anyone think to ask? Would not google or similar who care not be a better choice?

I ping the router to do the same job...its easy and upsets no one.

mike

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#201 Post by 01micko »

mikeb wrote:Indeed.... what stupid idiot choose to use this guys website ...did anyone think to ask?
As far as I know, vovchik was the the one who wrote the original 'ipinfo' script. Also, as far as I know, vovchik has been a UN diplomat.. who dislikes charities. I am absolutely sure he won't mind me sharing that. Jemimah was the first to include 'ipinfo' into any puppy (puppeee iirc). Also, as far as I know, the icanhazip site is available for public use, any os, anytime etc, etc.
mikeb wrote:Would not google or similar who care not be a better choice?
Why?
mikeb wrote:I ping the router to do the same job...its easy and upsets no one.

mike
Yes, but you are the admin at said router else you wouldn't have permission to get the outside IP from said router.

I believe I am said member.
Puppy Linux Blog - contact me for access

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#202 Post by mikeb »

Outside ip? just ping 192.168.1.1 or whatever the subnet is... it keeps the wifi alive...

But thousands of pups all madly pinging the same site...
at least google is used to billions of hits...

mike

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#203 Post by 01micko »

mikeb wrote:Outside ip? just ping 192.168.1.1 or whatever the subnet is... it keeps the wifi alive...
Isn't the point.
mikeb wrote:But thousands of pups all madly pinging the same site...
at least google is used to billions of hits...
That is a case of 'were'. The problematic program was 'firewallstate'. It pinged icanhazip.com at each X restart, that is and was the bug. Current advice is to disable that app. There is a fix for that now, not generally available as a pet but I'll get on to that. Besides, rackerhacker (aka majorhayden) doesn't have a problem with the volume just the attitude. Of course unnecessary volume is a bug and is being addressed.

Besides, anything google puts out is hardly scriptable. This has been debated and refuted a thousand times. Please read a bit more on the bunch of threads about this, sorry, no links.
Puppy Linux Blog - contact me for access

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#204 Post by mikeb »

well really pages of dull rants...just thought i'd join in .

What was the point anyway?

mike

anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#205 Post by anikin »

The only part in your post, that matters:
rackerhacker wrote:If you're upset with your Puppy Linux device talking to my services, please talk to Puppy Linux developers or maintainers.

Puppy Linux developers and maintainers refuse to listen to the user's concerns. They want the user to silently accept the fact, that Puppy Linux will continue using your services. It's ultimately irrelevant who's providing them - you, or anyone else. I do not want those services to be hardcoded into my computer. That's the only concern here and not your personality, no matter how vaulted it might be.
rackerhacker wrote:Please remove your tin foil hats and review the following:
No need to insult the community. No need to fake indignation.
I do not want Puppy to visit places without my knowledge, am I wearing a tin foil hat? How's that for you.

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#206 Post by 01micko »

mikeb wrote:well really pages of dull rants...just thought i'd join in.
:lol: Yep! Thanks for joining :) . All angles need to be covered.
The point was that a user could be empowered by knowledge. But, some don't want to know under guise of 'security', or "para${suffix}".

-
anikin wrote:Puppy Linux developers and maintainers refuse to listen to the user's concerns. They want the user to silently accept the fact, that Puppy Linux will continue using your services. It's ultimately irrelevant who's providing them - you, or anyone else. I do not want those services to be hardcoded into my computer. That's the only concern here and not your personality, no matter how vaulted it might be.
Oh.. so you are the quintessential 'user'. Do you rant on at Mark Shuttleworth, Patrick Volkerding, Anne Nichols and various other distro maintainers that have "hard coded" "services" into your "computer"?
Its a choice, take it or leave it.
Puppy Linux Blog - contact me for access

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#207 Post by mikeb »

no the point of pinging a website in less than 10 words?
Seems like a plot has been lost here
mike

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#208 Post by mavrothal »

anikin wrote: Puppy Linux developers and maintainers refuse to listen to the user's concerns.
"Puppy Linux developers and maintainers" provide a functionality (to find your external IP) that can be turned off by the user.
The fact that 2 or 3 people do not like the service it does not mean that the service should be removed, specially when is optional.
anikin wrote:I do not want Puppy to visit places without my knowledge, am I wearing a tin foil hat?
After 14 pages of exhausting discussions and not a shred of evidence of any wrong doing, what do you think? Are you?
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

gcmartin

#209 Post by gcmartin »

This issue comes back again and again with some unwilling to accept that what is occurring is for user benefit and reduces (repeat "reduces") questions which led to this addition in Puppyland.

Development of Puppy has made it extremely simple for those unfamiliar with syntac or desktop navigation to know if they have presence to the internet.

Those who have short memories miss why and what PUPPY's design criterion was in the first place. A PC that will provide local apps and get you to the internet with simple presence (LAN or WAN).

PINGs DO NOT EXPOSE YOUR LOCATION TO EXPLOITS! It has been demonstrated as far back as 22 years ago that pings do not offer-up exploitation!

The site selection that occurred could have been 01Smokey's site or Murga-Linux's site or your own site and in doing so your network would NOT be exposed to exploitation.

I fail to clearly understand why there continues to be an argument from some. And the rebuttals and explanations recur exactly as when this thread opened.

Again, there is NO BUG. And again, there is NO known exploitation, proven.
We never had a problem. This started as a concern NOT as a problem.

Maybe we should just vacate this thread and leave it to those who want to continue attempts to create and carry this. Maybe they can somehow show how this has exploited the community. Until now, it has NOT BEEN SHOWN TO EXPLOIT OR HARM OR ....

FURTHER, now that everyone knows about (members who have read this thread) it is NOT PUPPY DOING ANYTHING UNKNOWN ... ANYMORE!

Final Notes:
This thread has review this from every conceivable vantage points without exposing a real threat or a real problem. There is concern over the number of pings that occur and that has been addressed.

Has anyone else, other than me, found that the Opening Poster @Edwardo has NOT BEEN SEEN SINCE the arguments started. Maybe this thread should be archieved and closed.

Then anyone who can show exploit, can reopen a new thread sharing such with us for addressing.

Hope this helps

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#210 Post by Smithy »

Yep I wondered if Edwardo might now be busy starring on the film lot for Enemy of The State II.

What would be good though is a little howto in the howto section for those that need or want to do their own pinging. Then in the future people can be pointed to the howto if they are concerned.

I can try and do one but will have to read through 14 pages of this stuff to get to the best one.

It just got heated because some people didn't know what was going on, or understood what was going on but weren't happy with it, or like me don't know what the hell it is really, I can see IP in a puppy wine voip I use anyway if I need to know it.

But I understand that it is a handy thing, and Major Hayden was happy to provide it.

I've started on a HOWTO, not sure if it is correct, (three other bits)? but hopefully if some newcomers to Puppy get startled about their stats in Network Status Information, at least they will know what it is.

Atle
Posts: 596
Joined: Wed 19 Nov 2008, 12:38
Location: Oslo, Norway
Contact:

#211 Post by Atle »

just the arrogant post from this Hayden should be enough to move away from his "innocent site"...

If I was NSA or CIA boss, I would completely infiltrate communities like this.

User avatar
Meshworks
Posts: 38
Joined: Tue 25 Oct 2011, 20:55

So is my puppy COMPROMISED or NOT?

#212 Post by Meshworks »

So is my puppy COMPROMISED or NOT? Is the NSA on my tail?! Will a tinfoil hat protect me?

Just kidding!!!

However, there IS no need for the OS to know its external IP address. Just saying.

gcmartin

#213 Post by gcmartin »

Hello @Meshworks, I hope this helps.

There are so many who come to Puppyland who may have missed its beginnings and why certain events occur as they do.This thread started with a concern that somehow knowing whether one is connected to the internet is provides an attack vector.

Puppy began as a simple, small, single PC that competed with Knoppix for ease of use to uninformed Windows converts. Its beginnings and it followon attempts to address simple needs for users who may NOT have in-depth skills in Linux, package use, LAN setup, Wifi use, filesystem structures, etc for a user community when dialup is/was a prevalent means for connecting to the internet as well as DSL and Cable modem and router configuring. Puppy has taken great strides to make this all too simple for non-literate users. It ranks well with other operating systems and may be one of the simplest, and safe around.

What it does, and I think most admit, it does very well is to take a PC and make steps so that its easy for any user to know his PC can get to the internet to allow access to Puppy forum,Puppy packages, Puppy help files, and other internet searches that just about everyone in the world does who has a PC, today.

In order to make it easy, for a PC to know it is on the internet, it MUST be able to route internet requests.

Here's where this thread has its beginnings and its concern.

Reading through this thread, you will find differing viewpoints, but, you will ALSO see the efforts that senior members in the community have taken to address a concern that a better way to handle that decision process could be accomplished. It has been addressed.

BUT, should you see how that solution has somehow exposed your PC to something dastardly, PLEASE SHARE HOW YOU WERE EXPOSED so that the community can address it...please.

Hope this helps

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#214 Post by Smithy »

Thinking about it, that ICANHAZIP "switch" should be the other way around, i.e
OFF as default, then switch it on as an option.

Don't know about any of these sites that won't function without the ping as rcrn51 mentioned, but any sites that I find that just appear blank without excessive javascript or even made in flash (wtf) just get a pass from me. Can't be bothered with glam rubbish like that, the internet is just a reference library. That's how I see it.
Mind you that links browser is, a bit too minimalistic :)
Tell me why, I don't like Mondays..

Post Reply