Why is this strange IP address in Network connections?

Message

mavrothal · #61 Post by **mavrothal** » Fri 10 Jan 2014, 06:44

James C wrote:
01micko wrote:@mavrothal, I don't get the hysteria either.. FFS they use Google!
Speaking of.......
http://www.washingtonpost.com/blogs/the ... r-hacking/

In addition, they have hacked the tor network, they have backdoors for the encryption algorithms, they develop quantum computers that can brake encryption in minutes instead of years and we are discussing if you should ping (or the equivalent) a site...

The only things that "saves" us for now is that the current processing capacity can not process more than 5% of the data, but if you are targeted you better use pigeons

greengeek · #62 Post by **greengeek** » Fri 10 Jan 2014, 06:51

James C wrote:How about Networking 101 for those that just don't get it.........?

I think it should be up to the user to decide when and why any internet connections are made. Imagine you have 20 cents credit left on your Android wifi hotspot (which I use regularly) and want to send an email to your kids to tell them how to start the car they are having trouble with so they can get to hospital. Then imagine the email wont go through because you just went over your data quota because of connections you didn't want.

It is amazing how much I can get done via puppy and Android 3G wifi compared to what I can get done with Windows (which would be busily consuming ALL of my credit doing its system updates and antivirus updates). Honestly, with Windows you cannot realistically get ANYTHING done via dialup or android/hotspot 3G wifi.

I'd hate to see puppy lose even a tiny fraction of it's productivity by starting to allow unseen connections (yes I understand that the ipinfo link wasn't costing much, but it is the principle of the thing...).

With the new ipinfo I feel happy that not one single cent of precious bandwidth is being lost till I start my browser. That makes me happy.

Now if I can only stop my browser from making the ridiculous number of unneeded bandwidth_wasting connections it seems to make that will be the next step....

mavrothal · #63 Post by **mavrothal** » Fri 10 Jan 2014, 07:52

greengeek wrote: I think it should be up to the user to decide when and why any internet connections are made. Imagine you have 20 cents credit left on your Android wifi hotspot (which I use regularly) and want to send an email to your kids to tell them how to start the car they are having trouble with so they can get to hospital. Then imagine the email wont go through because you just went over your data quota because of connections you didn't want.

Wouldn't you rather call when hospital is involved

Regarding bandwidth is under 2KB (the equivalent of "turn the key" in your mail)
Regarding user decision is still there. The question is, should this functionality be removed from the defaults?

gcmartin · #64 Post by **gcmartin** » Fri 10 Jan 2014, 09:37

Hi @Greengeek. I had not thought that there was any data enormity to be the case as the practice in only few bytes of hex. In comparison to what we all do in single browser activity, the practice doesn't even measure on the radar screen in comparison to say a browser webpage to your favorite site. (this is true even if you use a text browser with today's websites)

Question
Could you show us how many bytes you are seeing/believe has been consumed by the PUP's deterministic practice of WAN presence?

Anything to help us better understand your findings would be a benefit.

I'm really trying to understand this as is shared.

anikin · #65 Post by **anikin** » Fri 10 Jan 2014, 10:19

gcmartin wrote:
anikin wrote: ... This discussion has nothing to do with ....
In your words, please explain what this thread opened as? Please. Help us understand, in summary, how you see this thread's subject and its opening thread. And should you consider open ports via a LAN card as having nothing to do with any of what is asked, please share it for me. Thanks.

Please articulate clearly as you seem to have a better idea.

gcmartin,
Please, go through this thread once again. By the time you started trolling, the discussion was (and still is) about one and only one important matter - getting rid of the unneeded "feature". That is, taking a responsible and long overdue decision. Call it an ideological/political/moral decision. Try to view it through the slogan attached to your posts :/ But please, do not obfuscate the matter by pointless, illiterate and vague chanting about ports and protocols. They are absolutely irrelevant to the issue. Which, BTW has been dragging on for at least 3 years now, and has been identified, discussed and swept under the carpet in about a half dozen threads. I urge you not to get active, but get patient instead. Let's hold our breath and pray for the big boys to do the right thing. There's a glimmer of hope - they are about to flinch ... I can feel it.

gcmartin · #66 Post by **gcmartin** » Fri 10 Jan 2014, 17:19

We have always known of the concept that "if it ain't broke, dont fix ti". there is good reason for this concept. Sometimes a cahnge only creates other headaches as it ripples other things in a system not to mention user developer impacts..

@Anikin.

Did someone show that PUPPY is broken because of this "WAN" practice?
OR
is someone saying that they just don;t like the practice and are now demanding change?

Maybe you can take a crack at restating the problem in this new climate.

greengeek · #67 Post by **greengeek** » Fri 10 Jan 2014, 18:03

gcmartin wrote:QuestionCould you show us how many bytes you are seeing/believe has been consumed by the PUP's deterministic practice of WAN presence?

I imagine the actual amount of data is very small, and I can understand why this concern would seem petty to others. My concern here has been more about the principle of open ports and unauthorised internet activity than about any understanding of real risk.

But I will offer an example of why I try to scavenge every cent of bandwidth and don't want ANY extraneous wan usage without my knowledge:

I recently added $20 to my android phone which should have enabled me to pay for a Telecom $19 per month data/voice/text pack and still have $1.00 in reserve. However, when I tried to activate the pack it appeared that I only had $18.90 left in my account, and therefore I could not get access to the features of the combo pack.

Therefore I could not use the android phone as a hotspot to access my email or the Puppy forums etc. Without the combo pack my texting charges would be significant (rather than "free/unlimited") and voice calls would have been around 70cents per minute. So if I was to use the phone for texting or voice calling then the available balance would have been quickly consumed.

Unfortunately with this internet service provider you have to go online in order to add the combo pack to your phone (other providers allow this to be done by free text but Telecom does not) so I had inadvertently dropped below the $19 threshold while trying to activate the combo pack. The action of booting Puppy, starting the browser and getting online consumed $1.10 of credit and effectively resulted in a wan lockout (I had to phone the provider and they agreed to do a "one-time" refund of the credit I had used so that I could get online again and activate the data pack. The nice lady in the Malaysian call centre said they would not do this credit again)

Now that I know how to look at the network statistics I can see that the simple act of opening the browser to a "google" homepage allows a lot of data to be exchanged between my browser and all the various google-apis and syndicated trafffic measuring sites and these obviously waste a whole heap more data than anything the ipinfo was using.

I have now set my homepage to DuckDuckGo and do see an improvement (duckduckgo is pretty crippled compared to google but Hey, I'm saving bandwidth on opening the browser...).

Despite my apparently petty practice of caring about wan data cost, I am grateful that mick has made available the "quiet" ipinfo, and that makes me FEEL happier (yes I accept this is subjective rather than rational...). I might try to write a script that lets me view my external IP by clicking a button on the desktop if I should ever need to. (Not sure yet what I am going to do about the firewallstate link to ipinfo...).

greengeek · #68 Post by **greengeek** » Sat 11 Jan 2014, 21:45

O.K, I finally figured out where you guys are seeing the tickbox to activate / deactivate the external IP check I couldn't see it 'cos I was only looking at the statistics tab (yep, I am a bear of very little brain...)

I decided I wanted to alter the wording slightly and have attached a modified ipinfo script with the new wording as shown here:

mavrothal · #69 Post by **mavrothal** » Sun 12 Jan 2014, 08:23

That's what is currently into woof-CE.
Hopefully that's the end of it

greengeek · #70 Post by **greengeek** » Sun 12 Jan 2014, 08:46

Excellent. Thanks to all who made the extra flexibility possible. My tinfoil hat will now last much longer

(and sorry to have been a P.I.T.A to those whose network knowledge exceeds my own)

Atle · #71 Post by **Atle** » Sun 12 Jan 2014, 16:36

Just a naive question related to this issue:

If I boot a Puppy Linux, the default root password is woofwoof.

So could this feature mean that in worst case, "they" can enter my computer as fast as it connects?

Would i ever notice?

Could this icanhazip potentially take over the computer before i can even say "cheese"?

So if best case is that icanzip is a "friend", but if not???

What is worst case scenario?

mavrothal · #72 Post by **mavrothal** » Sun 12 Jan 2014, 17:11

Atle wrote:Just a naive question related to this issue:

If I boot a Puppy Linux, the default root password is woofwoof.

So could this feature mean that in worst case, "they" can enter my computer as fast as it connects?

Would i ever notice?

Could this icanhazip potentially take over the computer before i can even say "cheese"?

So if best case is that icanzip is a "friend", but if not???

What is worst case scenario?

TCP is a very complex and secure process.Some reading may help shed some of the FUD.

Regarding puppy and icanzip. You computer will not connect to it unless you run ipinfo. ipinfo then asks icanhazip.com and actually in the same port as your web bowser. It is identical to pointing your browser to icanhazip.com.
Nothing more and nothing less.
If you think that is a risk, you may not want to use the web.

Regarding root password is always a good practice to change it even if it is irrelevant to this case.

L18L · #73 Post by **L18L** » Sun 12 Jan 2014, 17:15

Atle wrote:...So could this feature mean that in worst case, "they" can enter my computer as fast as it connects?...

An IP adress is just an address.

My house has an address.
.. and a door which is locked.

Hope that helps

greengeek · #74 Post by **greengeek** » Sun 12 Jan 2014, 17:29

mavrothal wrote:Regarding puppy and icanzip. You computer will not connect to it unless you run ipinfo. ipinfo then asks icanhazip.com and actually in the same port as your web bowser. It is identical to pointing your browser to icanhazip.com.

I just want to clarify this. When I first read this thread I did not know anything about icanhazip so in order to see the "strange IP address" people were talking about I right-clicked the network icon (in the task bar at bottom right) then clicked the "Network status information" option.

This brought up the ipinfo screen, and sure enough, there was the "statistics" tab showing the IP connection that people were talking about.

If I understand you correctly you are saying that my computer DID NOT CONNECT TO icanhazip until I myself clicked on the 'network status information' option.

In that case I must apologise because I was under the impression that the external IP check was automatically occurring in the background at boot time. One of my concerns had been that this action would be like puppy putting it's hands up and saying "here I am!!" at a time when I may have preferred to stay below the radar and not be on the web.

So now I have the double protection of understanding that the external check was NOT happening automatically in the first place, and now also knowing that the modified ipinfo gives me the choice of permanently switching off the external check if I want to do so.

(Like I said, I'm a slow learner. Cue sound of palm slapping forehead)

mavrothal · #75 Post by **mavrothal** » Sun 12 Jan 2014, 17:44

greengeek wrote:
mavrothal wrote:Regarding puppy and icanzip. You computer will not connect to it unless you run ipinfo. ipinfo then asks icanhazip.com and actually in the same port as your web bowser. It is identical to pointing your browser to icanhazip.com.
I just want to clarify this.

I thought I was clear before but I'm afraid that FUD can go a long way!
You are still talking about "protection" BTW...

greengeek · #76 Post by **greengeek** » Sun 12 Jan 2014, 22:55

mavrothal wrote:You are still talking about "protection" BTW...

That's true, but my thinking is that a PC which is using an unknown IP address must be (to some extent) more protected than one which makes a calls to a remote party and says "Hi folks, I'm here, can you find out what my address is and send me a message telling me what that address is please"

I thought the first rule of internet security was to keep your address to yourself (at least till you open a browser).

If I was a hacker the first thing I would do is attract users to my website so I could harvest a list of IP addresses currently in use. If I don't visit any websites I don't give away my address. If hackers don't have my address then they have to guess where I am and go fishing for me. That in itself has to be some form of protection I would have thought.

Anyway, like I said, I was wrong in my belief about recent puppies putting their hands up at boot time and contacting a website without my knowledge. I appreciate the time taken to unveil the facts and lift the fog of my ignorance. Thanks!

anikin · #77 Post by **anikin** » Sun 12 Jan 2014, 23:59

greengeek wrote:If I understand you correctly you are saying that my computer DID NOT CONNECT TO icanhazip until I myself clicked on the 'network status information' option.

In that case I must apologise because I was under the impression that the external IP check was automatically occurring in the background at boot time. One of my concerns had been that this action would be like puppy putting it's hands up and saying "here I am!!" at a time when I may have preferred to stay below the radar and not be on the web.

So now I have the double protection of understanding that the external check was NOT happening automatically in the first place, and now also knowing that the modified ipinfo gives me the choice of permanently switching off the external check if I want to do so.

Yes, your computer DID CONNECT TO icanhazip or whatever that IP range means, your initial impression was absolutely correct. For the sake of this post, I will boot slacko-5.6 with unmodified network scripts and the first and only thing I'll do type 'netstat -a' in the terminal, to see all the internet connections, that have occurred. They are listed on the top above 'Active UNIX domain sockets (servers and established)'. I will not click on the network connections icon, because we are checking to see if the connections were auotmatic - not user initiated. Mavrothal, for some reason wants you to see only established connections, let's ignore his command and use our own. Here's what you'll see in the terminal:

Code: Select all

# uname -a
Linux puppypc30443 3.10.5 #1 SMP Sun Aug 4 22:29:04 EST 2013 i686 Intel(R) Atom(TM) CPU N270   @ 1.60GHz GenuineIntel GNU/Linux
# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost:631           *:*                     LISTEN     
tcp        0      0 10.229.96.116:42158     delta.colo.mhtx.net:www TIME_WAIT  
udp        0      0 *:631                   *:*         
Active UNIX domain sockets (servers and established)

Not a single program is running on this machine, I didn't click the network icon, and yet the connection is there. Mavrothal will say it is harmless, it is closing. Yes, it is harmless in that sense. All that's happened is you have been tracked.

01micko · #78 Post by **01micko** » Mon 13 Jan 2014, 00:23

Firewallstate isn't fixed in 5.6

The source is now but that isn't released yet.

A simple whois will show that delta.colo.mhtx.net is owned by Nugget Enterprises, the host of icanhazip.com

http://myip.ms/info/whois/216.69.252.10 ... nhazip.com

No more FUD now please.

PS. I'll contact radky about making it optional in Pup-Sysinfo.

Appendix:

Code: Select all

# traceroute icanhazip.com
traceroute to icanhazip.com (216.69.252.100), 30 hops max, 46 byte packets
 1  home.gateway (192.168.1.254)  0.514 ms  0.347 ms  0.328 ms
 2  172.18.213.3 (172.18.213.3)  11.315 ms  11.854 ms  11.249 ms
 3  172.18.70.101 (172.18.70.101)  11.316 ms  11.852 ms  11.013 ms
 4  172.18.241.233 (172.18.241.233)  18.389 ms  20.019 ms  12.239 ms
 5  bundle-ether10.cha47.brisbane.telstra.net (110.142.226.9)  11.029 ms  20.417 ms  14.928 ms
 6  bundle-ether4.cha-core4.brisbane.telstra.net (203.50.11.50)  14.024 ms  12.597 ms  10.770 ms
 7  bundle-ether11.ken-core4.sydney.telstra.net (203.50.11.72)  29.272 ms  31.592 ms  31.945 ms
 8  bundle-ether1.pad-gw2.sydney.telstra.net (203.50.6.29)  29.031 ms  25.258 ms  28.488 ms
 9  203.50.13.118 (203.50.13.118)  27.540 ms  28.856 ms  28.286 ms
10  i-0-4-0-5.paix-core01.bx.telstraglobal.net (202.84.143.157)  174.643 ms  i-0-3-0-6.paix-core01.bx.telstraglobal.net (202.84.140.194)  178.515 ms  i-0-3-0-4.paix-core01.bx.telstraglobal.net (202.84.140.157)  173.279 ms
11  i-0-3-0-7.eqnx-core01.bi.telstraglobal.net (202.40.149.62)  165.214 ms  i-0-2-0-7.eqnx-core01.bi.telstraglobal.net (202.40.149.38)  164.852 ms  i-0-3-0-7.eqnx-core01.bi.telstraglobal.net (202.40.149.62)  168.586 ms
12  i-0-0-0-1.eqnx03.bi.telstraglobal.net (202.84.251.50)  164.727 ms  i-0-4-0-0.eqnx03.bi.telstraglobal.net (202.84.251.66)  163.912 ms  i-0-0-0-0.eqnx03.bi.telstraglobal.net (202.84.251.85)  165.340 ms
13  l3-peer.eqnx03.pr.telstraglobal.net (134.159.62.198)  196.150 ms  163.305 ms  l3-peer.eqnx03.pr.telstraglobal.net (134.159.61.6)  164.072 ms
14  vlan60.csw1.SanJose1.Level3.net (4.69.152.62)  243.079 ms  243.081 ms  vlan90.csw4.SanJose1.Level3.net (4.69.152.254)  244.171 ms
15  ae-82-82.ebr2.SanJose1.Level3.net (4.69.153.25)  243.506 ms  ae-91-91.ebr1.SanJose1.Level3.net (4.69.153.13)  250.714 ms  257.131 ms
16  ae-5-5.ebr1.SanJose5.Level3.net (4.69.148.137)  252.466 ms  258.331 ms  250.944 ms
17  ae-1-100.ebr2.SanJose5.Level3.net (4.69.148.110)  243.208 ms  242.735 ms  241.824 ms
18  ae-6-6.ebr2.LosAngeles1.Level3.net (4.69.148.201)  244.142 ms  245.066 ms  ae-3-3.ebr3.Dallas1.Level3.net (4.69.132.78)  242.637 ms
19  ae-63-63.csw1.Dallas1.Level3.net (4.69.151.133)  252.477 ms  ae-3-3.ebr3.Dallas1.Level3.net (4.69.132.78)  243.761 ms  ae-73-73.csw2.Dallas1.Level3.net (4.69.151.145)  243.398 ms
20  ae-71-71.ebr1.Dallas1.Level3.net (4.69.151.138)  254.422 ms  ae-91-91.ebr1.Dallas1.Level3.net (4.69.151.162)  243.317 ms  ae-93-93.csw4.Dallas1.Level3.net (4.69.151.169)  246.792 ms
21  ae-1-13.bar1.Houston1.Level3.net (4.69.137.137)  250.885 ms  253.349 ms  252.243 ms
22  ae-1-13.bar1.Houston1.Level3.net (4.69.137.137)  251.499 ms  250.313 ms  ae-5-5.car1.Houston1.Level3.net (4.69.132.229)  241.042 ms
23  ae-5-5.car1.Houston1.Level3.net (4.69.132.229)  240.677 ms  240.822 ms  NUGGET-ENTE.car1.Houston1.Level3.net (4.28.35.134)  213.543 ms
24  *  NUGGET-ENTE.car1.Houston1.Level3.net (4.28.35.134)  214.036 ms  *
25  *  *  *
26  *  *  *
27  *  *  *
28  *  *  *
29  *  *  *
30  *  *  *

Times out after 30 hops. See http://en.wikipedia.org/wiki/Traceroute

It's like walking.. every step I take I either leave a tiny bit of my DNA or my shoe behind.. same on the net. I went through no less than 24 servers (yes my router is a "server") to get to icanhazip.com, my IP will be recorded in each one of those server logs. These are facts. Don't want to leave footprints? Don't walk!

greengeek · #79 Post by **greengeek** » Mon 13 Jan 2014, 02:23

In a 'standard' home or small office setting with the commonly available DSL routers - at what point do I actually get allocated an external IP address?

- at the same time as I request a DHCP lease for a local IP address?

or:

- the first time I try to send a data packet across the internet?? (which could be hours, days or even weeks after my initial DHCP request to the local router)

01micko · #80 Post by **01micko** » Mon 13 Jan 2014, 02:45

greengeek

Your computer, if part of a LAN, never gets assigned an external IP. It only gets a LAN IP from the router. The router actually gets the external IP. Your computer uses something called Network Address Translation (NAT) to communicate with the internet through that external IP >> It's a deficiency of IPv4. What happens is that your internal IP, lets say it's 10.10.0.5, gets translated to the external IP. Otherwise the returning packets would not know where to go.. they are never going to find 10.10.0.5 it it's behind a router (gateway). So it finds your external IP and in the header of the packet is info which enables NAT to convert the IP back to your internal IP. I could write an essay about it but no, just look up any decent wiki on networking, computerhope maybe?

HTH

(old)Puppy Linux Discussion Forum

(old)Puppy Linux Discussion Forum

Why is this strange IP address in Network connections?