Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 01 Oct 2014, 02:28
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Foreign address 50.56.84.181 (Mystery resolved)
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
Author Message
fucimin

Joined: 18 Apr 2011
Posts: 4

PostPosted: Mon 18 Apr 2011, 07:58    Post subject:  Foreign address 50.56.84.181 (Mystery resolved)
Subject description: puppy connects to 50.56.84.181 before browser is opened
 

Hope this is the right place.
Hi all, I'm a new happy puppy linux user.
Do you know why puppy always connects to 50.56.84.181? All browsers are closed and this happens when puppy finds out the internet link.
I'm using 5.2.5 puppy version.

Thanks in advance!
Carlo
screenshot.jpg
 Description   
 Filesize   29.42 KB
 Viewed   3803 Time(s)

screenshot.jpg

Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11081
Location: Arizona USA

PostPosted: Mon 18 Apr 2011, 08:54    Post subject:  

That translates to http://majorhayden.com/. What gives?
Back to top
View user's profile Send private message 
fucimin

Joined: 18 Apr 2011
Posts: 4

PostPosted: Mon 18 Apr 2011, 10:00    Post subject:    

Flash wrote:
That translates to http://majorhayden.com/. What gives?

Yes, I've found out the same thing. But why this connection? There aren't browsers opened and the connection starts when just puppy is on. I never gone to that link before and my puppy is a fresh install.

Thanks again!
Carlo
Back to top
View user's profile Send private message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Mon 18 Apr 2011, 11:34    Post subject:  

Curious.

Major Hayden is an expert on Linux and by that I mean he gets paid for advising on Linux and for teaching Linux by such proprietary Linux developers as Red Hat.

This isn't malware or harmful by how in the world did it get in a new install of Puppy? Is someone counting how many people install Puppy?
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 9149
Location: Stratford, Ontario

PostPosted: Mon 18 Apr 2011, 11:39    Post subject:  

Some Puppy versions ping a known Internet site to confirm that a live network has been established. That seems like an odd choice.
Back to top
View user's profile Send private message 
James C


Joined: 26 Mar 2009
Posts: 5795
Location: Kentucky

PostPosted: Mon 18 Apr 2011, 11:41    Post subject:  

There was a similar thread to this here
http://www.murga-linux.com/puppy/viewtopic.php?p=446990&search_id=543813567#446990
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Mon 18 Apr 2011, 11:53    Post subject:  

No demands at all but is there not even more such threads. Some time ago fail to remember when I did a search and this is a repeating pattern.

Me, Myself and I also felt alarmed by this behavior. Okay not all Newbies react like me but enough many write to the forum. Think of all the people that never writes to forums.

so my kind and humble advice would be to place an explanation that every user see on the welcome screen when they boot up the first time.

Is that unrealistic to wish Smile

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11081
Location: Arizona USA

PostPosted: Mon 18 Apr 2011, 15:36    Post subject:  

Could it be a way for him to get a lot of hits to his website and therefore rank it higher in a Google search? In any case it begs the question: how did this get in Puppy? Is is an example of a rootkit in action?
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Mon 18 Apr 2011, 17:40    Post subject:  

As you know I have a bad memory but AFAIK the programmers need a reliable server that they know have 100% uptime and then they use that one and ping it to get if the LAN or WAN are working.

Some of the devs used Google server but that got much criticism too so maybe they switch to him as a Linux guy?

Part vague memory and part wild guess.

The purpose is to fast find out if it works.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
scsijon

Joined: 23 May 2007
Posts: 1046
Location: the australian mallee

PostPosted: Tue 19 Apr 2011, 02:03    Post subject:  

it's a google session start address,

but i've been unable to track within puppy from where it is being started, could those with a bit more networking knowledge please help.

and I have only the network up, no browsers or other external use packages, nothing shows in logs either!

Alternately sugest where / how to deny it!

thanks
scsijon
Back to top
View user's profile Send private message Visit poster's website 
01micko


Joined: 11 Oct 2008
Posts: 7805
Location: qld

PostPosted: Tue 19 Apr 2011, 02:29    Post subject:  

see /usr/sbin/ipinfo

This has been discussed many times. If you don't like it remove it.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
scsijon

Joined: 23 May 2007
Posts: 1046
Location: the australian mallee

PostPosted: Sat 23 Apr 2011, 19:24    Post subject:  

mick,

all I wanted to do is be able to find where the link was coming from and if needed set it for somewhere else, ie control the call, especially with google being somewhat on the 'nose'.

thanks for the reply, I wondered why a find didn't find it.

scsijon
Back to top
View user's profile Send private message Visit poster's website 
fucimin

Joined: 18 Apr 2011
Posts: 4

PostPosted: Tue 26 Apr 2011, 08:17    Post subject:  

Hi all, to drop that connection to the link 50.56.84.181, I run the command:
iptables -A OUTPUT -d 50.56.84.181 -j DROP

If I check with iptables -L, then I find the destination argon.mhtx.net blocked:

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
DROP all -- anywhere argon.mhtx.net

Unfortunately command iptables-save seems not to save the rule, and when I restart puppy I have to enter the first command again Sad

When that connection drops, I noticed that if do the ipinfo, then in Interfaces tab there is External IP number no more but internet still runs.

I hope this could help some more skilled than me.
Regards
Carlo
Back to top
View user's profile Send private message 
2byte

Joined: 09 Oct 2006
Posts: 357

PostPosted: Wed 27 Apr 2011, 12:53    Post subject:  

The fix for this was reported here last October. http://murga-linux.com/puppy/viewtopic.php?p=455824#455824

A simple fix, never implemented in Puppy.

_________________

Back to top
View user's profile Send private message 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Wed 27 Jul 2011, 19:18    Post subject:  

To answer the question asked in this thread, "Who is Major Hayden? ", here is a recent quote by now General Hayden:

[““As an intelligence professional, I stand back in absolute awe and wonderment at the Chinese espionage effort against the United States of America,” Gen. Michael Hayden, the former CIA director, said at cyber security conference last year. “It is magnificent in its breath, its depth and its efficiency.””]

This indicates the address queried about in this thread, 50.56.84.181, probably a CIA net-connection monitoring site. Connection monitors record times and addresses and MAC IDs. Theoretically if anything should ever flag as a threat in connection to the MAC the monitor system record can be combed to obtain a general previous connection pattern for the MAC, if it was disconnected and reconnected. Used to be the CIA recorded outside the USA, the FBI in, though both fudged, with other agencies, private and of other nations doing the same. Usually no one shared, since sharing would reveal doing or extent of doing.

Today at least four of these auto-triggered "connection-test" sites are ubiquitous, becoming built-in for being included in programs connection program builders use. Some are added after. Not all are public agency maintained. They are potential-spyware, since the data recorded is for use only if a reason to wonder should ever arise...

Today, of course, mobile-phones record more, more gratuitously and more geographically accurately, with your phone conversations also being recorded. Recorded by Big-Brother Government in places like China, and by obedient private enterprises, "As Required By Law", in places like the USA, where the "Democratic Government" façade is maintained.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0845s ][ Queries: 13 (0.0090s) ][ GZIP on ]