Does Blinky show real transfer? (Solved)

Message

nooby · #1 Post by **nooby** » Fri 10 Sep 2010, 10:52

If I have no browser going and Blinky still show that some program do transfer of bytes and despite me trying to look what goes on using the
Menu - System - Pprocess or similar??? but I see nothing obvious going on.

What else can explain that Blinky trust some program doing that transfer of bytes?

Is it false positive a graphic novelty or am my machine attacked by hidden clever to hide programs from outside?

Where are such attempts logged?

thelaptopkiller · #2 Post by **thelaptopkiller** » Fri 10 Sep 2010, 12:03

well I think blinky gets it's information from ifconfig no?

Then those bytes must be from the dhcp system when it's getting your address.

And if there are anymore after you first set up wifi then its some external program.

My two cents on the matter

zygo · #3 Post by **zygo** » Fri 10 Sep 2010, 12:49

nooby,

What applications do you have on the taskbar? Popular browsers "phone home" or phone their sponsors on a regular basis.

Run netstat in an rxvt window. That will show you the applications that are sending and recieving bytes. You can make it auto repeat. Look at the help: netstat -h

You may find Jnettop http://www.murga-linux.com/puppy/viewtopic.php?t=59010 useful too.

Newcrest · #4 Post by **Newcrest** » Fri 10 Sep 2010, 12:51

Blinky does show actual traffic.

For what's making the traffic try:

Code: Select all

netstat -anptu

nooby · #5 Post by **nooby** » Fri 10 Sep 2010, 13:38

Now that I am at puppy I guess the Netstat should show Murga server
IP : 173.194.15.84 Neighborhood
Host : ?
Country : United States
and maybe this 74..... below is the SeaMonkey update server?

IP : 74.125.77.102
Host : ew-in-f102.1e100.net in USA

Maybe Murga is hosted in USA? Or the DNS lookup is hosted by such server. These are listen to traffic on port 80.

I have to log out and shut down to find out what is going on when no browser is active.

Edit after shutting down SeaMonkey.

Nope there where even more such ip addresses at 74.125. xx maybe 5 more going on. Waiting it says.

Which ip look up is best to use for such purposes?

Newcrest · #6 Post by **Newcrest** » Fri 10 Sep 2010, 16:02

nooby wrote: IP : 74.125.77.102
Host : ew-in-f102.1e100.net in USA

Google. android.clients.google.com?

nooby · #7 Post by **nooby** » Fri 10 Sep 2010, 18:28

Thanks for looking up google ip for me.

I tried the other using google too and ...
And this one seems to be google too.

NetRange: 173.194.0.0 - 173.194.255.255
CIDR: 173.194.0.0/16
OriginAS: AS15169
NetName: GOOGLE
NetHandle: NET-173-194-0-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
NameServer: NS2.GOOGLE.COM

So my seaMonkey seems to trigger such things from google. then
what am I supposed to do to stop them spying on me?

Hahah using Ms Bing or Yahoo instead.

Newcrest · #8 Post by **Newcrest** » Fri 10 Sep 2010, 19:24

nooby wrote: Hahah using Ms Bing or Yahoo instead.

Anything would be less invasive than Google who are systematically taking over the internet.

If you are not using AdblockPlus in your browser then are you familiar with the hosts file? Try adding the following to /etc/hosts

Code: Select all

# [Google Inc]
127.0.0.1  pagead.googlesyndication.com
127.0.0.1  pagead2.googlesyndication.com #[Google AdWords]
127.0.0.1  adservices.google.com
127.0.0.1  video-stats.video.google.com
127.0.0.1  www.google-analytics.com #[Google Analytics]
127.0.0.1  4.afs.googleadservices.com
127.0.0.1  imageads.googleadservices.com #[Ewido.TrackingCookie.Googleadservices]
127.0.0.1  partner.googleadservices.com
127.0.0.1  www.googleadservices.com
127.0.0.1  apps5.oingo.com #[Microsoft.Typo-Patrol]
127.0.0.1  www.appliedsemantics.com
127.0.0.1  service.urchin.com #[Urchin Tracking Module]
# [Google via DoubleClick][Tracking Service]
127.0.0.1  eqchmdnvip1.2mdn.net #[SiteAdvisor.zapspot]
127.0.0.1  m.2mdn.net
127.0.0.1  m1.au.2mdn.net
127.0.0.1  m.de.2mdn.net
127.0.0.1  m1.2mdn.net #[a509.cd.akamai.net]
127.0.0.1  m2.2mdn.net
127.0.0.1  m.fr.2mdn.net
127.0.0.1  m.uk.2mdn.net
127.0.0.1  rmcdn.2mdn.net
127.0.0.1  rmcdn.f.2mdn.net
127.0.0.1  n339.asp-cc.com
127.0.0.1  cc-dt.com
127.0.0.1  ads.cc-dt.com
127.0.0.1  clickserve.cc-dt.com
127.0.0.1  creative.cc-dt.com
127.0.0.1  clickserve.dartsearch.net
127.0.0.1  clickserve.eu.dartsearch.net
127.0.0.1  clickserve.uk.dartsearch.net
127.0.0.1  doubleclick.net #[McAfee.Cookie-Doubleclick]
127.0.0.1  ad.doubleclick.net #[MVPS.Criteria]
127.0.0.1  ad2.doubleclick.net #[Panda.Spyware:Cookie/Doubleclick]
127.0.0.1  ad.3ad.doubleclick.net
127.0.0.1  ad.3au.doubleclick.net
127.0.0.1  ad.adx.doubleclick.net
127.0.0.1  ad.ae.doubleclick.net
127.0.0.1  ad.ar.doubleclick.net
127.0.0.1  ad.au.doubleclick.net
127.0.0.1  ad.be.doubleclick.net
127.0.0.1  ad.br.doubleclick.net #[SunBelt.DoubleClick]
127.0.0.1  ad.ca.doubleclick.net
127.0.0.1  ad.ch.doubleclick.net
127.0.0.1  ad.cl.doubleclick.net
127.0.0.1  ad.cn.doubleclick.net
127.0.0.1  ad.de.doubleclick.net #[Tenebril.Tracking.Cookie]
127.0.0.1  ad.dk.doubleclick.net
127.0.0.1  ad.es.doubleclick.net
127.0.0.1  ad.fi.doubleclick.net
127.0.0.1  ad.fr.doubleclick.net
127.0.0.1  ad.gr.doubleclick.net
127.0.0.1  ad.hk.doubleclick.net
127.0.0.1  ad.hu.doubleclick.net
127.0.0.1  ad.ie.doubleclick.net
127.0.0.1  ad.in.doubleclick.net
127.0.0.1  ad.jp.doubleclick.net
127.0.0.1  ad.kr.doubleclick.net
127.0.0.1  ad.it.doubleclick.net
127.0.0.1  ad.nl.doubleclick.net
127.0.0.1  ad.no.doubleclick.net
127.0.0.1  ad.nz.doubleclick.net
127.0.0.1  ad.pl.doubleclick.net
127.0.0.1  ad.pt.doubleclick.net
127.0.0.1  ad.ro.doubleclick.net
127.0.0.1  ad.ru.doubleclick.net
127.0.0.1  ad.se.doubleclick.net
127.0.0.1  ad.sg.doubleclick.net
127.0.0.1  ad.terra.doubleclick.net
127.0.0.1  ad.th.doubleclick.net
127.0.0.1  ad.tw.doubleclick.net
127.0.0.1  ad.uk.doubleclick.net
127.0.0.1  ad.us.doubleclick.net
127.0.0.1  ad.za.doubleclick.net
127.0.0.1  ad.n2434.doubleclick.net
127.0.0.1  creatives.doubleclick.net
127.0.0.1  dfp.doubleclick.net
127.0.0.1  fls.doubleclick.net
127.0.0.1  ir.doubleclick.net
127.0.0.1  iv.doubleclick.net
127.0.0.1  ln.doubleclick.net #[Lycos]
127.0.0.1  m.doubleclick.net
127.0.0.1  m2.doubleclick.net
127.0.0.1  m3.doubleclick.net
127.0.0.1  m.us.doubleclick.net
127.0.0.1  motifcdn.doubleclick.net
127.0.0.1  motifcdn2.doubleclick.net
127.0.0.1  n3285ad.doubleclick.net
127.0.0.1  n3349ad.doubleclick.net
127.0.0.1  n4061ad.doubleclick.net
127.0.0.1  n4403ad.doubleclick.net
127.0.0.1  n479ad.doubleclick.net
127.0.0.1  n609ad.doubleclick.net
127.0.0.1  optout.doubleclick.net
127.0.0.1  optimize.doubleclick.net
127.0.0.1  optimize.3optimization.doubleclick.net
127.0.0.1  paypalssl.doubleclick.net
127.0.0.1  rd.intl.doubleclick.net
127.0.0.1  se1.doubleclick.net
127.0.0.1  twx.doubleclick.net
127.0.0.1  doubleclick.ne.jp
127.0.0.1  www3.doubleclick.net
127.0.0.1  www.doubleclick.net
127.0.0.1  doubleclick.com
127.0.0.1  ad.doubleclick.com
127.0.0.1  www2.doubleclick.com
127.0.0.1  www3.doubleclick.com
127.0.0.1  www.doubleclick.com
127.0.0.1  www.messagemedia.com
127.0.0.1  www.performics.com
127.0.0.1  doubleclick.shockwave.com
# [Google/DoubleClick via Falk AdSolution][Falk eSolutions AG]
127.0.0.1  a.as-eu.falkag.net
127.0.0.1  a.as-eu1.falkag.net
127.0.0.1  admin.as-eu.falkag.net
127.0.0.1  bw.as-eu.falkag.net
127.0.0.1  c.as-eu.falkag.net
127.0.0.1  data.as-eu.falkag.net
127.0.0.1  e.as-eu.falkag.net #[Ewido.TrackingCookie.Falkag]
127.0.0.1  f.as-eu.falkag.net
127.0.0.1  origin.as-eu.falkag.net
127.0.0.1  red.as-eu.falkag.net #[McAfee.Adware-Zeno]
127.0.0.1  red01.as-eu.falkag.net
127.0.0.1  sel.as-eu.falkag.net
127.0.0.1  a.as-test.falkag.net #[Panda.Spyware:Cookie/Falkag]
127.0.0.1  bw.as-test.falkag.net
127.0.0.1  red.as-test.falkag.net
127.0.0.1  sel.as-test.falkag.net
127.0.0.1  a.as-us.falkag.net #[SunBelt.as-us.falkag]
127.0.0.1  b.as-us.falkag.net
127.0.0.1  bw.as-us.falkag.net #[a1339.g.akamai.net]
127.0.0.1  c.as-us.falkag.net #[Tenebril.Tracking.Cookie]
127.0.0.1  data.as-us.falkag.net
127.0.0.1  e.as-us.falkag.net #[a1339.g.akamai.net]
127.0.0.1  origin.as-us.falkag.net
127.0.0.1  red.as-us.falkag.net
127.0.0.1  red01.as-us.falkag.net
127.0.0.1  s.as-us.falkag.net
127.0.0.1  sel.as-us.falkag.net
127.0.0.1  as1.falkag.de #[Ad-Aware.Tracking.Cookie]
127.0.0.1  www.falkag.de
127.0.0.1  ad1.adsolution.de
127.0.0.1  a.ads.t-online.de #[AdSolution-Website-Tag]
127.0.0.1  admin.ads.t-online.de
127.0.0.1  bw.ads.t-online.de
127.0.0.1  data.ads.t-online.de
127.0.0.1  homepage.t-online.de
127.0.0.1  red.ads.t-online.de
127.0.0.1  s.ads.t-online.de
127.0.0.1  toi.passul.t-online.de
127.0.0.1  count.passul.t-online.de
127.0.0.1  rc.loop.bild.t-online.de
127.0.0.1  tr.loop.bild.t-online.de
# [Green-Acres Services][Tracking Service]
127.0.0.1  123count.com #[SpySweeper.Spy.Cookie]
127.0.0.1  www.123count.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1  www.123stat.com
127.0.0.1  web-stat.com #[SpySweeper.Spy.Cookie]
127.0.0.1  server3.web-stat.com
127.0.0.1  server4.web-stat.com
127.0.0.1  www.web-stat.com
127.0.0.1  count.webtrackingservices.com
127.0.0.1  seomatrix.webtrackingservices.com
127.0.0.1  wt.o.nytimes.com #[WebBug]
127.0.0.1  wt.ticketmaster.com #[ticketmaster.webtrends.akadns.net]
127.0.0.1  m.webtrends.com #[microsoft.webtrends.akadns.net]
127.0.0.1  webtrendslive.com #[SmartSource Data Collector]
127.0.0.1  statse.webtrendslive.com #[SDC Advanced Tracking Code]
127.0.0.1  dcs.wtlive.com #[SpySweeper.Spy.Cookie]
127.0.0.1  dcstest.wtlive.com
127.0.0.1  www.webtrends.net #[SunBelt.WebTrends]
127.0.0.1  www.netiq.com

nooby · #9 Post by **nooby** » Fri 10 Sep 2010, 20:59

Wow such a big list. Are that all the "partners" of google? Those that pay them for collecting what Car vehicle ads me look at

In another thread we also talk about netstat and programs that seems to be connected from scratch to a server.

Mine seems to only get triggered if I open a browser first.

If I reboot then no server is listed. So that feels a bit better than if there was an established connection from scratch. But sure such maybe can be hidden too?
Late at night here so I go to bed

Shep · #10 Post by **Shep** » Tue 14 Sep 2010, 02:23

Some applications default to mailing crash reports back to base. Firefox defaults to looking for updates of browser, search engines, and add-ons IIRC.

If someone pings you, does Puppy reply? Would this show up on blinky?

Shep · #11 Post by **Shep** » Tue 14 Sep 2010, 02:27

Newcrest wrote:
nooby wrote:Hahah using Ms Bing or Yahoo instead.
Anything would be less invasive than Google who are systematically taking over the internet.

If you are not using AdblockPlus in your browser then are you familiar with the hosts file?

I'm not.

Newcrest wrote:Try adding the following to /etc/hosts

What will this do?

Newcrest · #12 Post by **Newcrest** » Tue 14 Sep 2010, 12:35

Shep wrote:
Newcrest wrote:Try adding the following to /etc/hosts
What will this do?

It redirects the IP address to never never land.

Originally the hosts file was meant to do what DNS servers do but on your local computer. While browser plugins like AdblockPlus are great for browsers they have no affect on other applications. Applications that phone home can often have an option switch to turn that off but they don't always. So using the hosts file is a more global solution and covers all your browsers and internet enabled applications.
http://www.mvps.org/winhelp2002/hosts.htm

Shep · #13 Post by **Shep** » Wed 15 Sep 2010, 11:56

Newcrest wrote:Originally the hosts file was meant to do what DNS servers do but on your local computer.

So it's a local lookup table. But doesn't that mean that google could easily evade your /etc/hosts stonewalling by having its tattle-tale ware report back to a numeric IP address so no DNS lookup is needed?

Thanks for the info.

EDIT: I put that list into /etc/hosts now FF won't go to any of the "sponsored links" at the top of its search results.

(old)Puppy Linux Discussion Forum

(old)Puppy Linux Discussion Forum

Does Blinky show real transfer? (Solved)

Does Blinky show real transfer? (Solved)