Why is this strange IP address in Network connections?

For discussions about security.
Message
Author
raffy
Posts: 4798
Joined: Wed 25 May 2005, 12:20
Location: Manila

host the code

#41 Post by raffy »

Gee, I was about to host the code suggested above, but I suddenly recalled that hits at puppylinux.org are always at the overload end, so that got me frozen.

I see no problem with icanhazip.com, although I used to visit who.is for my ip address.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].

gcmartin

#42 Post by gcmartin »

One of the problems that this discussion highlights is that the community does NOT have a document (oh pray tell, a standard) that we understand to contain what ports a distro uses. Since there is none, the community will continue to see these kinds of alarms crop up, then a fire-fight surface where it becomes a distraction.

For those who dislike this protocol for system behavior, there have been altenative(s) presented.

We have, in this thread, identified that there is not a corruption as the behavior provides a service to the system. IS THIS SERVICE BAD? we have NOT seen any evidence that there is misuse or corruption.

Why is this getting the attention it is garnering??? IS THERE SOMETHING WRONG THAT THIS OPERATION IS DOING.

Again I share that your system on your LAN is doing things that most users are unaware. It has been doing it, by standard architecture, for almost 30 years. Most of you are unaware. Because it does "good" things for you should we have cause for alarm and call for the LAN to be trashed because you didn't know it was doing good things for you? This kind of reasoning is escaping me and maybe others.

HOW HAVE YOU BEEN HARMED?

And maybe a better question is:
How will any change improve things such that we see an improvement in the system's performance or its network performance and behavior?

Let's get the emotions behind us and focus on the system improvement for user benefit without putting ANY additional burden on the distro users.

Here to help

anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#43 Post by anikin »

gcmartin,
This discussion has nothing to do with ports, protocols or network architecture.
Please, stop trolling.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#44 Post by greengeek »

gcmartin wrote:Why is this getting the attention it is garnering??? IS THERE SOMETHING WRONG THAT THIS OPERATION IS DOING.

Again I share that your system on your LAN is doing things that most users are unaware. It has been doing it, by standard architecture, for almost 30 years.
Apparently puppy 4.3.1 does not make any of these connections when booted, so I think it is unfair to suggest that it is 'expected' behaviour and that it has been so for 30 years.

One of the reasons I first started using Puppy was that I had discovered the Gibson Research Institute "shields up" site and become concerned about how unreasonably 'open' my Windows system was, according to the tests available there.

By contrast, Puppy seemed better locked down, and I felt happier using Puppy rather than Windows. My attitude was probably poorly informed, but nonetheless I felt that a 'quiet' system must be better than one that opened ports without user consent or knowledge. To learn that recent puppies have several connections open from boot time has awakened me to the fact I know way too little about how to keep my system secure.
After thinking thru the concern being pushed, it occurs that the problem MAY be that its not known the difference between "port" versus "destination". This lack of knowledge could be the root of discomfort.
You may be right. Are you suggesting that each of these connections is just a 'safe destination' rather than an 'unnecessarily open port'?

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#45 Post by greengeek »

Also...I'm probably blind, but I cannot see any response that has provided a justification for a connection with Nugget enterprises - which as far as I can see is nothing at all to do with icanhazip.

Did I miss something? Why is my PC connecting to Nugget enterprises?

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#46 Post by mavrothal »

greengeek wrote:Also...I'm probably blind, but I cannot see any response that has provided a justification for a connection with Nugget enterprises - which as far as I can see is nothing at all to do with icanhazip.

Did I miss something? Why is my PC connecting to Nugget enterprises?
First of all your PC is not connected to Nugget enterprises (or to icanhazip.com or anything else if you do not have initiated a web/ftp/etc connection)
type

Code: Select all

netstat -an | grep -E 'ESTABLISHED|CONNECTED'
in the terminal and look for tcp/udp (not "unix") connections to verify it.
The address that you see, and usually has the FIN/TIME_WAIT1/2 status, is the remote server (wait/)closing the connection that ipinfo initiated to find your external IP.
See image
Image

Now why Nugget enterprises when we ask our IP frm icanhazip.com?
icanhazip.com has IP 216.69.252.100. The site is hosted in charlie.colo.mhtx.net that has a range of 9 IP and charlie.colo.mhtx.net is hosted in Nugget Enterprises, Inc that has all the IPs from 216.69.252.0 to 216.69.252.255.
When a site is hosted in a cluster, although receive requests at a specific IP, can service these requests from any IP of the cluster, depending on the topology of the system.
What you actually see is the IP from the remote cluster that icanhazip.com is hosted on, that is closing the connection.
I hope that's clear enough.

Edit: Add connection close states image
Last edited by mavrothal on Sun 12 Jan 2014, 17:30, edited 1 time in total.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#47 Post by greengeek »

Thanks mavrothal, the clarification is much appreciated.

gcmartin

#48 Post by gcmartin »

anikin wrote: ... This discussion has nothing to do with ....
In your words, please explain what this thread opened as? Please. Help us understand, in summary, how you see this thread's subject and its opening thread. And should you consider open ports via a LAN card as having nothing to do with any of what is asked, please share it for me. Thanks.

Please articulate clearly as you seem to have a better idea.

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#49 Post by 01micko »

Well raffy can't host the file.. that's ok.

Try this.
Attachments
ipinfo.gz
gunzip, make executable and place in /usr/sbin overriding old version
(1.59 KiB) Downloaded 256 times
Puppy Linux Blog - contact me for access

User avatar
perdido
Posts: 1528
Joined: Mon 09 Dec 2013, 16:29
Location: ¿Altair IV , Just north of Eeyore Junction.?

#50 Post by perdido »

01micko wrote:Well raffy can't host the file.. that's ok.

Try this.

That's perfect. Clears up the question of what icanhazip.com is doing and gives the option of allowing it for ip lookup.

Thanks

gcmartin

Another solution addressing concern to web connect ID issue

#51 Post by gcmartin »

Thank @01Micko. A thought-thru option. Thanks

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#52 Post by mavrothal »

01micko wrote: Try this.
"Check to allow external IP from icanhazip.com" can be misleading if you have not followed this and similar threads.
"Check to find your external IP through icanhazip.com" is more accurate I believe.
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

gcmartin

#53 Post by gcmartin »

@Mavrothal, agreed.

But, I wonder, too, is the mentioning of the site important. What may be more important is the Web IP address report and NOT the site that assist.

Just an idea.

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#54 Post by 01micko »

Any more transparent now and we risk breaking under the strain..
Attachments
ipinfo.gz
second one
(1.72 KiB) Downloaded 259 times
Puppy Linux Blog - contact me for access

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#55 Post by James C »

01micko wrote:Any more transparent now and we risk breaking under the strain..

How about Networking 101 for those that just don't get it.........?

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#56 Post by mavrothal »

01micko wrote:Any more transparent now and we risk breaking under the strain..
True but I do not think that this 3-year+ functionality should be removed in the defaults.
What about
"Check to block finding your external IP from icanhazip.com"
and

Code: Select all

[ -f $HOME/.ipinfo ] && . $HOME/.ipinfo || CB0=true
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#57 Post by 01micko »

@mavrothal, I don't get the hysteria either.. FFS they use Google!
Puppy Linux Blog - contact me for access

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#58 Post by James C »

01micko wrote:@mavrothal, I don't get the hysteria either.. FFS they use Google!
Speaking of.......
http://www.washingtonpost.com/blogs/the ... r-hacking/

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#59 Post by 01micko »

James C wrote:
01micko wrote:@mavrothal, I don't get the hysteria either.. FFS they use Google!
Speaking of.......
http://www.washingtonpost.com/blogs/the ... r-hacking/
:lol:

Anyway, I do use google with a touch of contempt! I consider them linux "rapists" :lol: but sometimes it's handy for my own reasons. Self preservation is at the top of my list so I use sparingly.

Ah.. right now I have better things to do.. k3.10.26 and k3.12.7 have just been released! :P
Puppy Linux Blog - contact me for access

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#60 Post by greengeek »

mavrothal wrote:"Check to allow external IP from icanhazip.com" can be misleading if you have not followed this and similar threads.
"Check to find your external IP through icanhazip.com" is more accurate I believe.
I don't understand the responses here. It looks like you guys are seeing some sort of xdialog that is not coming up on my system. I installed mick's updated ipinfo script and now have a clean "staistics" tab in ipinfo (which is excellent - thanks mick), but not any of the interactive stuff that others appear to be reporting. Could someone post a screenshot of what I seem to be missing please? Ta.

Post Reply