Possible virus in Puppy iso? (sorted)

For discussions about security.
Post Reply
Message
Author
Stripe
Posts: 658
Joined: Wed 23 Jun 2010, 05:18
Location: In a field. England

Possible virus in Puppy iso? (sorted)

#1 Post by Stripe »

Hi all

I may have discovered a virus

Have just booted from an unaltered 053 spup iso (totally in ram) checked ip info and my computer was connected to an unknown ip address 174.143.142.58

ran it through domain dossier and it came back as lvs-vip.mhtx.net
which it traced to godaddy.com

Has anyone else seen this? and how would I find the program which instigated the connection?

cheers

stripe

tried it with a 511 lucid cd (again in ram) and got the same results
Last edited by Stripe on Thu 06 Jan 2011, 23:09, edited 1 time in total.
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#2 Post by nooby »

We have many threads about this phenomena.

Try this in a regular google search box.

puppy 174.143.

the reason I don't search the whole number is due to him changing it a bit now and then. You get more threads if you are more general in the search keywords.

I don't know what it is either but those who do know seems not concerned about it and some even tease us who where concerned.

My wild guess is that some script use it to check that the internet really are working and one way of doing it is to ping a known server that one trust are 100% up.

His server maybe is one of several such used for that purpose.

Some maybe use a google server or his is a google server. I only guess.

Read those threads and tell me if I should be concerned or relaxed about it.

I have given up on it.
I use Google Search on Puppy Forum
not an ideal solution though
User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#3 Post by 01micko »

Stripe

This thread may be of interest.

Cheers
Puppy Linux Blog - contact me for access
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#4 Post by nooby »

Thanks Micko, even I had a fearful outburst on that thread.

But I still fail to get it. Hopefully our OP get what it is about.
I use Google Search on Puppy Forum
not an ideal solution though
Stripe
Posts: 658
Joined: Wed 23 Jun 2010, 05:18
Location: In a field. England

#5 Post by Stripe »

Thanks nooby and mick

I tend to border on the paranoid as well :lol: :lol:

cheers

stripe
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#6 Post by nooby »

As the saying goes: "Better Safe than Sorrow!"

So we should be cautious. I just wonder what my Bank says about me being Root when logging into them? Okay I use a little Gadget they sent me that is for security but still the Ubuntu fans tells us all the time that one need to be a restricted user.

Yes but I fail to be one- Have tried many times but Ubuntu fails to see the HDD it only see what the User are allowed to see.

And when I tell the Ubuntu or Mint folks that I want to use it in frugal install they tell me to go to Puppy Forum and ask here instead, they don't do frugal installs.
I use Google Search on Puppy Forum
not an ideal solution though
MagicZaurus
Posts: 107
Joined: Mon 05 Jan 2009, 17:35

It's not a virus it's a feature

#7 Post by MagicZaurus »

Hi Stripe,

take a look at /usr/sbin/ipinfo. Inside the script is the following line.

Code: Select all

var0="`wget -O - -q icanhazip.com`"
This makes the connection to the IP 174.143.142.58. This URL is supposed to reply with your external IP which is shown in the IP-INFO dialog on the 1st tab.

If you delete this line then the connection is gone when you open IP-INFO.

Hope that helps to get you in a more relaxed state.

MZ
Stripe
Posts: 658
Joined: Wed 23 Jun 2010, 05:18
Location: In a field. England

#8 Post by Stripe »

Thanks MZ

you have saved me a lot of time and worry, (thats if I ever would have found it :lol:)

now I know what it is and what it does I am not worried :lol:

Thanks again

Stripe
User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#9 Post by nubc »

Typically, the problem lies in the browser, which virus writers know is the weakest point in the system. You can probably prevent infection by using the add-on AdBlockPlus on your (mozilla) browser.
User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#10 Post by nubc »

Error: SQL requests not achieved

please delete
Last edited by nubc on Thu 06 Jan 2011, 18:49, edited 4 times in total.
User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#11 Post by nubc »

please delete
Last edited by nubc on Thu 06 Jan 2011, 18:29, edited 2 times in total.
User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#12 Post by nubc »

please delete
Last edited by nubc on Thu 06 Jan 2011, 18:29, edited 1 time in total.
User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#13 Post by nubc »

please delete
Last edited by nubc on Thu 06 Jan 2011, 18:29, edited 1 time in total.
User avatar
drongo
Posts: 374
Joined: Sat 10 Dec 2005, 23:35
Location: UK

WiFi utility

#14 Post by drongo »

One of the WiFi utilities in Puppy pings Google to test for connection to the Internet.

Barry's original and Dougal's utility did not do this. Is this the source of the problem?

The point about icanhazip is that it reports your external address to the internet, not the address of your PC. So if you are going through a router/NAT box etc you may not know what your external address is.
User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#15 Post by Aitch »

stripe/everyone

I've seen this before

icanhazip is an IP utility

simply check it yourself, it gives your outfacing IP address

http://icanhazip.com/

created by rackerhacker

http://rackerhacker.com/2009/07/31/get- ... hazip-com/

now widely used

Aitch :)
Stripe
Posts: 658
Joined: Wed 23 Jun 2010, 05:18
Location: In a field. England

#16 Post by Stripe »

Thanks everybody

I am not worried at all since MZ explained it, I would rather icanhazip was pinged rather than google lol

Cheers

Stripe
User avatar
rackerhacker
Posts: 7
Joined: Sat 04 Aug 2012, 20:21
Contact:

#17 Post by rackerhacker »

If you have questions about icanhazip.com, just let me know. I'm the one who maintains it and foots the bill. ;)
User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#18 Post by L18L »

rackerhacker,
nice to see you 8)

icanhazip_in_puppy
Post Reply