Why is this strange IP address in Network connections?

For discussions about security.
Post Reply
Message
Author
Edwardo
Posts: 42
Joined: Wed 26 Jun 2013, 07:17

Why is this strange IP address in Network connections?

#1 Post by Edwardo »

Puppy 5.5 sealed Live CD.

After boot up, before loading Firefox, on opening Network Connections for 2 months there appeared the IP address 162.209.15.246 (Rackspace Cloud Servers)

It then changed to 216.69.252.101 (Kelly Internet), been there for the last 4 months and never goes away.

What is it doing there? I did not extend an invitation.

Any ideas?

User avatar
ally
Posts: 1957
Joined: Sat 19 May 2012, 19:29
Location: lincoln, uk
Contact:

#2 Post by ally »

the kelly internet returns your IP address, no idea on the rest.....

:)

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#3 Post by mikeb »

Might be the one pinged to keep the wifi network alive.

I just ping th erouter... works ok too

mike

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

Re: Why is this strange IP address in Network connections?

#4 Post by Barkin »

Edwardo wrote:It then changed to 216.69.252.101
dawhois.com wrote:216.69.252.101 - Geo Information
IP Address 216.69.252.101
Host delta.colo.mhtx.net
Location US US, United States
City San Antonio, TX 78218
Organization Nugget Enterprises
http://dawhois.com/

=> http://www.nuggetinc.com [ creates systems to remotely control ones home, remotely view surveillance cameras , etc ]

If you're not using nuggetinc.com services , it's more likely a bollox-up by them rather than an attempt to spy on you.

Edwardo
Posts: 42
Joined: Wed 26 Jun 2013, 07:17

#5 Post by Edwardo »

No, not using Kelly Internet. My location is Bangkok, theirs is San Antonio. Would that make a difference?

User avatar
perdido
Posts: 1528
Joined: Mon 09 Dec 2013, 16:29
Location: ¿Altair IV , Just north of Eeyore Junction.?

Re: Why is this strange IP address in Network connections?

#6 Post by perdido »

Edwardo wrote:Puppy 5.5 sealed Live CD.

After boot up, before loading Firefox, on opening Network Connections for 2 months there appeared the IP address 162.209.15.246 (Rackspace Cloud Servers)

It then changed to 216.69.252.101 (Kelly Internet), been there for the last 4 months and never goes away.

What is it doing there? I did not extend an invitation.

Any ideas?
I am running Puppy Precise 5.7.1 and was curious about 216.69.252.101 when I saw it in the Network Configuration info listed under Statistics.

It is one of your programs in puppy finding out what your ip is.
That ip resolves to http://icanhazip.com/ That website only tells you or a program what the ip of your computer is.

For example, I did a text search for icanhazip in my system files and found it in 3 system files.

/usr/local/firewallstate/ipwget (this is my firewall tray icon) http://www.murga-linux.com/puppy/viewtopic.php?t=57725
/usr/local/Pup-Sysinfo/func (this is Pup-Sysinfo) http://www.murga-linux.com/puppy/viewtopic.php?t=73101
/usr/sbin/ipinfo (this is IP info - when you look at networks by clicking the Network Configuration icon in the tray [right-bottom] it checks your ip at icanhazip.com so you see it under the statistics page)

So the connection to 216.69.252.101 does go away but when you check Network Configuration is goes to that website to check your ip - so it just appears to always be connected.

Hope this helps :)
Last edited by perdido on Thu 02 Jan 2014, 04:25, edited 1 time in total.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

Re: Why is this strange IP address in Network connections?

#7 Post by greengeek »

Edwardo wrote:After boot up, before loading Firefox, on opening Network Connections for 2 months there appeared the IP address 162.209.15.246 (Rackspace Cloud Servers)
It then changed to 216.69.252.101 (Kelly Internet), been there for the last 4 months and never goes away.
Can you explain where you find these addresses please? I would like to see what is shown on my system too. thx

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#8 Post by L18L »


gcmartin

#9 Post by gcmartin »

To assist those for the evidence of what covered in the thread. do:
  1. Right-click on the Network Taskbar entry
  2. Click "Network Information" (some have Network Diagnostics)
  3. Click far tight tab "Statistics"
  4. About half-way down you will see it. It is unusually in a "TIME_WAIT" and changes periodically to "FIN_WAITI"
Unless otherwise explained why that port is open, I would consider this a tracker that is there for some reason. And/Or some REQUIRED (???) application uses it.

Here to help

P.S. This thread may be a good time-place to identify the ports on that page and what their function is especially for all/most new PUPs that we install. If its not done here, the forum should have a Firewall thread which shares the ports in the firewall which are there for desktop application use. This would go a long way in assisting the determination whether a port is a safe one or not.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

Re: Why is this strange IP address in Network connections?

#10 Post by greengeek »

Barkin wrote:If you're not using nuggetinc.com services , it's more likely a bollox-up by them rather than an attempt to spy on you.
Nugget enterprises shows up in my connections too (on Upup3992). I can't see how it can be a 'bollux-up' by them. They surely can't be making accidental connections to puppies of various flavours. Must be something that is either deliberate action (by whom I do not know) or else built in to a variety of puppies for some reason (deliberate or otherwise).

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#11 Post by Smithy »

Is it a leftover from tests or a new thing?
Deleted the user/sbin/ ipinfo and ipmove, but it still shows up.
I think gamers need it don't they, to keep their connection alive? But Linux heads?
Anyways, a nice clear explanation would be helpful. :wink:

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#12 Post by 8-bit »

When loggged on to this forum, try checking the network status information more than once.
I did and had connections disappear and reappear each time I did another check.
Also, most all of the connections had an extension of ":80".
That information is interesting, but how does one find out what each connection means?
As a for instance, two of them show up as ESTABLISHED now and as an example two show as 173.94.33.129:80 and 173.94.33.130:80.

Another shows as 216.69.252.100:80 FIN_WAIT1.

This is all interesting. But as to using it to try to determine if one's connection is being hacked, I doubt it.
And trying to find who those IP addresses trace to is beyond my means currently.

Of course, it does not help that SeaMonkey still seems to be crashing on me to the extent of a computer lockup sometimes and others with a popup saying SeaMonkey has crashed.
And this seems to extend to use of Firefox and Opera too.
Has something changed with the internet that is effecting all browsers?
Do you keep any personal information/data on your PC that you would be concerned about? I do not. So those hackers can hack away as long as they do not mess with my ability to use the net!

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#13 Post by mikeb »

Hmm crashing browsers... only bad javascript might induce that but usually symptomatic of something else...Ii would say gtk problems but that does not apply to opera. Ram space?.... flash is isolated so another to disregard.

Any clues from running from command line?

Recent browsers use video acceleration ...a definate possibility for instability (I mean we need web browsers to be more intensive than Video players now??!!)...usually some config buried to disable...one test would be to run using Xvesa.

I ping the router as otherwise it drops wifi after 10 minutes...not really a gaming thing

mike

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#14 Post by Smithy »

Well I am far too thick to work out what's what with this stuff, took me a Greengeek post to realise that the ipinfo is a txt file thing, not the other ipinfo thing. So the option is there if required.

And the icanzip dude is happy to provide the ping if people need it.

Tell you what would be nice, that pulse sound from a submarine sonar that passes through your soundcard when pings are on the go.

Maybe in a deluxe tin foil hat puppy.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#15 Post by mikeb »

Pinging the router does prevent outbreaks of network paranoia...one line does the trick...

mike

gcmartin

#16 Post by gcmartin »

From what I can tell, after observation, this port-address is of no harm to PUPs. It appears to be used to determine internet connection validity.

AT this time, I am considering that port "safe".

As mentioned earlier, it would be nice to have a thread/firewall discussion so that we know what ports are standard and why.

This would avert future alarms going off where published knowledge would help.

Anyone else agree

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#17 Post by Smithy »

I agree gc martin.

Many websites containing the now obsolete java and even cookies and excessive javascript are being taken down and replaced with simpler coding, because evidence is showing that people just move on and the sites lose custom (ers).
The skewed privacy notices and terms are also having to be rewritten pronto, to save on millions of dollars of potential litigation. I always found it funny that it says if you don't accept our terms, click here and it just tells you to ***k off :)

Loyalty is engendered by offering snappy, safe sites, not a combine harvester at the gates.

Nothing like Zone Alarm and others flashing away all the time to elicit FUD.
Fear, Uncertainty, Doubt (I think that's the right term)?

Just a bit of loose change to the search engine:
http://www.koaa.com/news/google-fined-m ... cy-breach/

http://www.kianleong.com/index.php/offi ... cking-kids

anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#18 Post by anikin »

In response to this message in another thread:http://murga-linux.com/puppy/viewtopic. ... 675#748675
Smithy wrote:Anikin, I think it is good practise to be fair to the icanhazip pinging facility, he has stated that he is happy to provide a pinging facility to Puppy (and maybe other distros)?
He provided an explanation on his website about what it is and what it does.
I don't know enough about networking, but I don't think it is good to be mud slinging when stuff is done to help provide a benign facility?

That's how I read it. Presumably windows is packed with much more pingy stuff? I dunno. I always thought the isp provided the pinging facility.
We seem to have differing views on the issue. What you describe as pinging and "benign" facility, is called tracking in my book. Obviously, I don't blame or sling mud at icanhazip. It's not, that he's chasing Puppy with a malicious intent. No, Puppy has been instructed to go there and register itself, every time your machine is started. Why on earth, would the unsuspecting and mostly uneducated (linuxwise) end user want this kind of service? Other distros don't push this crap down the throat of their users. Why does Puppy have to be so arrogantly special in this regard? I have followed through every thread (too many of them) dealing with this matter and never expressed my opinion before. So let me do it now - it's features like this, what's dragging down Puppy Linux and is one of the reasons, why this community is shrinking.

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#19 Post by mavrothal »

anikin wrote:In response to this message in another thread:http://murga-linux.com/puppy/viewtopic. ... 675#748675
Smithy wrote:Anikin, I think it is good practise to be fair to the icanhazip pinging facility, he has stated that he is happy to provide a pinging facility to Puppy (and maybe other distros)?
He provided an explanation on his website about what it is and what it does.
I don't know enough about networking, but I don't think it is good to be mud slinging when stuff is done to help provide a benign facility?

That's how I read it. Presumably windows is packed with much more pingy stuff? I dunno. I always thought the isp provided the pinging facility.
We seem to have differing views on the issue. What you describe as pinging and "benign" facility, is called tracking in my book. Obviously, I don't blame or sling mud at icanhazip. It's not, that he's chasing Puppy with a malicious intent. No, Puppy has been instructed to go there and register itself, every time your machine is started. Why on earth, would the unsuspecting and mostly uneducated (linuxwise) end user want this kind of service? Other distros don't push this crap down the throat of their users. Why does Puppy have to be so arrogantly special in this regard? I have followed through every thread (too many of them) dealing with this matter and never expressed my opinion before. So let me do it now - it's features like this, what's dragging down Puppy Linux and is one of the reasons, why this community is shrinking.
I'm afraid you are making some wild assumptions.
ipinfo is using icanhazip.com to report you external IP to you. ie not the IP that your machine has (usually the one provided by the adsl router) but the one the world sees.
Many sites can do that and icanhazip.com is probably the less intrusive.
If you connect with a modem through a provider, this IP is destined to change depending on your provider's IP range. It can even be from another country depending on how your provider is entering the web.
It is certainly not tracking since many users of a given provider go out with the same IPs (think of it as connecting through a proxy).
If you do not want to know your external IP you can comment out these lines in ipinfo.
If you use a static IP (where everybody can track you by your IP) you can also comment out these lines.
But comments about "tracking" "business partners" etc sound at least unfounded (to be nice).
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#20 Post by anikin »

I'm afraid you are making some wild assumptions.
ipinfo is using icanhazip.com to report you external IP to you.
Not at all, I'm just stating the facts. An average user will hardly ever want to know the external IP address in his entire lifetime. However, if curiosity hits him, here's a little piece of code:

Code: Select all

my ip
. Type, or copy/paste it into Google search bar and you will see your IP right on the top of the page. Additionally, the page itself will list a zillion more places, that will show you the same thing. There's absolutely no need to have a murky url permanently glued to the user's computer. It's his computer, not yours. Let him make his own choices, or at least ask him first if he wants to be directed there every time his computer starts.
If you do not want to know your external IP you can comment out these lines in ipinfo.
If you care about the future of Puppy Linux and its users, you will have to remove this "feature" from Woof CE. Just sweeping the issue under the rug, won't make it go away - it will resurface in another thread here, sooner or later.
But comments about "tracking" "business partners" etc sound at least unfounded (to be nice).
Add here setting flags on user's partitions and they will start making presumptions, that's human nature.

Post Reply