Why is this strange IP address in Network connections?

For discussions about security.
Message
Author
User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#46 Post by mavrothal »

greengeek wrote:Also...I'm probably blind, but I cannot see any response that has provided a justification for a connection with Nugget enterprises - which as far as I can see is nothing at all to do with icanhazip.

Did I miss something? Why is my PC connecting to Nugget enterprises?
First of all your PC is not connected to Nugget enterprises (or to icanhazip.com or anything else if you do not have initiated a web/ftp/etc connection)
type

Code: Select all

netstat -an | grep -E 'ESTABLISHED|CONNECTED'
in the terminal and look for tcp/udp (not "unix") connections to verify it.
The address that you see, and usually has the FIN/TIME_WAIT1/2 status, is the remote server (wait/)closing the connection that ipinfo initiated to find your external IP.
See image
Image

Now why Nugget enterprises when we ask our IP frm icanhazip.com?
icanhazip.com has IP 216.69.252.100. The site is hosted in charlie.colo.mhtx.net that has a range of 9 IP and charlie.colo.mhtx.net is hosted in Nugget Enterprises, Inc that has all the IPs from 216.69.252.0 to 216.69.252.255.
When a site is hosted in a cluster, although receive requests at a specific IP, can service these requests from any IP of the cluster, depending on the topology of the system.
What you actually see is the IP from the remote cluster that icanhazip.com is hosted on, that is closing the connection.
I hope that's clear enough.

Edit: Add connection close states image
Last edited by mavrothal on Sun 12 Jan 2014, 17:30, edited 1 time in total.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#47 Post by greengeek »

Thanks mavrothal, the clarification is much appreciated.

gcmartin

#48 Post by gcmartin »

anikin wrote: ... This discussion has nothing to do with ....
In your words, please explain what this thread opened as? Please. Help us understand, in summary, how you see this thread's subject and its opening thread. And should you consider open ports via a LAN card as having nothing to do with any of what is asked, please share it for me. Thanks.

Please articulate clearly as you seem to have a better idea.

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#49 Post by 01micko »

Well raffy can't host the file.. that's ok.

Try this.
Attachments
ipinfo.gz
gunzip, make executable and place in /usr/sbin overriding old version
(1.59 KiB) Downloaded 256 times
Puppy Linux Blog - contact me for access

User avatar
perdido
Posts: 1528
Joined: Mon 09 Dec 2013, 16:29
Location: ¿Altair IV , Just north of Eeyore Junction.?

#50 Post by perdido »

01micko wrote:Well raffy can't host the file.. that's ok.

Try this.

That's perfect. Clears up the question of what icanhazip.com is doing and gives the option of allowing it for ip lookup.

Thanks

gcmartin

Another solution addressing concern to web connect ID issue

#51 Post by gcmartin »

Thank @01Micko. A thought-thru option. Thanks

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#52 Post by mavrothal »

01micko wrote: Try this.
"Check to allow external IP from icanhazip.com" can be misleading if you have not followed this and similar threads.
"Check to find your external IP through icanhazip.com" is more accurate I believe.
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

gcmartin

#53 Post by gcmartin »

@Mavrothal, agreed.

But, I wonder, too, is the mentioning of the site important. What may be more important is the Web IP address report and NOT the site that assist.

Just an idea.

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#54 Post by 01micko »

Any more transparent now and we risk breaking under the strain..
Attachments
ipinfo.gz
second one
(1.72 KiB) Downloaded 259 times
Puppy Linux Blog - contact me for access

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#55 Post by James C »

01micko wrote:Any more transparent now and we risk breaking under the strain..

How about Networking 101 for those that just don't get it.........?

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#56 Post by mavrothal »

01micko wrote:Any more transparent now and we risk breaking under the strain..
True but I do not think that this 3-year+ functionality should be removed in the defaults.
What about
"Check to block finding your external IP from icanhazip.com"
and

Code: Select all

[ -f $HOME/.ipinfo ] && . $HOME/.ipinfo || CB0=true
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#57 Post by 01micko »

@mavrothal, I don't get the hysteria either.. FFS they use Google!
Puppy Linux Blog - contact me for access

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#58 Post by James C »

01micko wrote:@mavrothal, I don't get the hysteria either.. FFS they use Google!
Speaking of.......
http://www.washingtonpost.com/blogs/the ... r-hacking/

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#59 Post by 01micko »

James C wrote:
01micko wrote:@mavrothal, I don't get the hysteria either.. FFS they use Google!
Speaking of.......
http://www.washingtonpost.com/blogs/the ... r-hacking/
:lol:

Anyway, I do use google with a touch of contempt! I consider them linux "rapists" :lol: but sometimes it's handy for my own reasons. Self preservation is at the top of my list so I use sparingly.

Ah.. right now I have better things to do.. k3.10.26 and k3.12.7 have just been released! :P
Puppy Linux Blog - contact me for access

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#60 Post by greengeek »

mavrothal wrote:"Check to allow external IP from icanhazip.com" can be misleading if you have not followed this and similar threads.
"Check to find your external IP through icanhazip.com" is more accurate I believe.
I don't understand the responses here. It looks like you guys are seeing some sort of xdialog that is not coming up on my system. I installed mick's updated ipinfo script and now have a clean "staistics" tab in ipinfo (which is excellent - thanks mick), but not any of the interactive stuff that others appear to be reporting. Could someone post a screenshot of what I seem to be missing please? Ta.

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#61 Post by mavrothal »

James C wrote:
01micko wrote:@mavrothal, I don't get the hysteria either.. FFS they use Google!
Speaking of.......
http://www.washingtonpost.com/blogs/the ... r-hacking/
In addition, they have hacked the tor network, they have backdoors for the encryption algorithms, they develop quantum computers that can brake encryption in minutes instead of years and we are discussing if you should ping (or the equivalent) a site... :roll:

The only things that "saves" us for now is that the current processing capacity can not process more than 5% of the data, but if you are targeted you better use pigeons :lol:
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#62 Post by greengeek »

James C wrote:How about Networking 101 for those that just don't get it.........?
I think it should be up to the user to decide when and why any internet connections are made. Imagine you have 20 cents credit left on your Android wifi hotspot (which I use regularly) and want to send an email to your kids to tell them how to start the car they are having trouble with so they can get to hospital. Then imagine the email wont go through because you just went over your data quota because of connections you didn't want.

It is amazing how much I can get done via puppy and Android 3G wifi compared to what I can get done with Windows (which would be busily consuming ALL of my credit doing its system updates and antivirus updates). Honestly, with Windows you cannot realistically get ANYTHING done via dialup or android/hotspot 3G wifi.

I'd hate to see puppy lose even a tiny fraction of it's productivity by starting to allow unseen connections (yes I understand that the ipinfo link wasn't costing much, but it is the principle of the thing...).

With the new ipinfo I feel happy that not one single cent of precious bandwidth is being lost till I start my browser. That makes me happy.

Now if I can only stop my browser from making the ridiculous number of unneeded bandwidth_wasting connections it seems to make that will be the next step....

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#63 Post by mavrothal »

greengeek wrote: I think it should be up to the user to decide when and why any internet connections are made. Imagine you have 20 cents credit left on your Android wifi hotspot (which I use regularly) and want to send an email to your kids to tell them how to start the car they are having trouble with so they can get to hospital. Then imagine the email wont go through because you just went over your data quota because of connections you didn't want.
Wouldn't you rather call when hospital is involved :?
Regarding bandwidth is under 2KB (the equivalent of "turn the key" in your mail)
Regarding user decision is still there. The question is, should this functionality be removed from the defaults?
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

gcmartin

#64 Post by gcmartin »

Hi @Greengeek. I had not thought that there was any data enormity to be the case as the practice in only few bytes of hex. In comparison to what we all do in single browser activity, the practice doesn't even measure on the radar screen in comparison to say a browser webpage to your favorite site. (this is true even if you use a text browser with today's websites)

Question
Could you show us how many bytes you are seeing/believe has been consumed by the PUP's deterministic practice of WAN presence?

Anything to help us better understand your findings would be a benefit.

I'm really trying to understand this as is shared.

anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#65 Post by anikin »

gcmartin wrote:
anikin wrote: ... This discussion has nothing to do with ....
In your words, please explain what this thread opened as? Please. Help us understand, in summary, how you see this thread's subject and its opening thread. And should you consider open ports via a LAN card as having nothing to do with any of what is asked, please share it for me. Thanks.

Please articulate clearly as you seem to have a better idea.
gcmartin,
Please, go through this thread once again. By the time you started trolling, the discussion was (and still is) about one and only one important matter - getting rid of the unneeded "feature". That is, taking a responsible and long overdue decision. Call it an ideological/political/moral decision. Try to view it through the slogan attached to your posts :/ But please, do not obfuscate the matter by pointless, illiterate and vague chanting about ports and protocols. They are absolutely irrelevant to the issue. Which, BTW has been dragging on for at least 3 years now, and has been identified, discussed and swept under the carpet in about a half dozen threads. I urge you not to get active, but get patient instead. Let's hold our breath and pray for the big boys to do the right thing. There's a glimmer of hope - they are about to flinch ... I can feel it.

Post Reply