knoppix networking secure?

**Albretch** · 07-19-2006, 06:46 PM

Hi,
.
after booting up a knoppix CD 5.0.1 I noticed connections being made out of my box, without me even going online.
.
Is that something anyone else has noticed?!?!?
.
Why doesn't knoppix take a little seriously the possibility of "a third party acting as THE man in the middle" corrupting files (even dynamically and for a user with a purpose)?
.
Why not having HTTPS pages to the files signatures ...?
.
Albretch
// __
traceroute to 63.143.104.141 (63.143.104.141), 30 hops max, 40 byte packets
1 r1-n64.acecape.com (66.114.64.1) 16.619 ms 13.882 ms 15.764 ms
2 r2-ge2.acecape.com (66.114.76.226) 14.518 ms 14.106 ms 13.019 ms
3 * * *
.
// __
sh-3.1# whois 63.143.104.141
WINSTAR WINSTAR-BLK8 (NET-63-140-0-0-1) 63.140.0.0 - 63.143.255.255
Traders Advantage TRADERA-WSTR (NET-63-143-104-0-1) 63.143.104.0 - 63.143.104.255
.
// __
sh-3.1# whois 221.208.208.95
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 221.208.0.0 - 221.212.255.255
netname: CNCGROUP-HL
descr: CNCGROUP Heilongjiang Province Network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: BG63-AP
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HL
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20031110
changed: hm-changed@apnic.net 20060124
source: APNIC

route: 221.208.0.0/14
descr: CNC Group CHINA169 Heilongjiang Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060118
source: APNIC

role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC

person: Binghui Gao
nic-hdl: BG63-AP
e-mail: gaobh@mail.hl.cn
address: Communication Corporation Internet Enterprise Division of HLJ
phone: +86-451-2804465
fax-no: +86-451-2804442
country: CN
changed: gaobh@mail.hl.cn 20030221
mnt-by: MAINT-CNCGROUP-HL
source: APNIC
.
// __
Wed Jul 12 07:45:14 EDT 2006
sh-3.1# traceroute 221.208.208.95
traceroute to 221.208.208.95 (221.208.208.95), 30 hops max, 40 byte packets
1 r1-n64.acecape.com (66.114.64.1) 41.245 ms 16.583 ms 13.065 ms
2 r5-ge2.acecape.com (66.114.76.22

45.245 ms 14.223 ms 15.520 ms
3 64.124.176.main1.above.net (64.124.176.202) 38.549 ms 14.483 ms 185.301 ms
4 so-3-0-0.cr2.lga1.us.above.net (64.125.27.149) 35.428 ms 15.844 ms 47.303 ms
5 so-1-0-0.pr2.lga1.us.above.net (64.125.27.137) 46.770 ms 16.532 ms 47.788 ms
6 0.so-0-0-3.BR1.NYC4.ALTER.NET (204.255.168.45) 44.970 ms 17.105 ms 47.305 ms
7 0.ge-5-0-0.XL3.NYC4.ALTER.NET (152.63.3.109) 44.392 ms 16.924 ms 14.759 ms
8 0.so-5-0-0.XL1.LAX7.ALTER.NET (152.63.116.249) 88.677 ms 91.425 ms 89.658 ms
9 POS6-0.IG1.LAX7.ALTER.NET (152.63.117.209) 90.319 ms 88.379 ms 88.071 ms
10 china_network-gw.customer.alter.net (208.222.0.9

276.253 ms 279.185 ms 277.961 ms
11 219.158.3.201 (219.158.3.201) 279.828 ms 278.142 ms 278.832 ms
12 219.158.4.73 (219.158.4.73) 305.849 ms 310.153 ms 307.047 ms
13 219.158.7.66 (219.158.7.66) 420.564 ms 418.676 ms 414.734 ms
14 61.138.38.118 (61.138.38.11

465.992 ms 462.662 ms 463.229 ms
15 61.138.38.38 (61.138.38.3

435.709 ms 432.883 ms 435.944 ms
16 218.10.95.58 (218.10.95.5

478.144 ms 477.958 ms 484.692 ms
17 221.209.63.62 (221.209.63.62) 476.977 ms 477.146 ms 479.778 ms
18 221.208.208.95 (221.208.208.95) 423.419 ms 425.046 ms 432.200 ms
.
// __
sh-3.1# whois 63.143.104.141
WINSTAR WINSTAR-BLK8 (NET-63-140-0-0-1)
63.140.0.0 - 63.143.255.255
Traders Advantage TRADERA-WSTR (NET-63-143-104-0-1)
63.143.104.0 - 63.143.104.255

# ARIN WHOIS database, last updated 2006-07-11 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
sh-3.1# whois 65.106.89.99

OrgName: XO Communications
OrgID: XOXO
Address: Corporate Headquarters
Address: 11111 Sunset Hills Road
City: Reston
StateProv: VA
PostalCode: 20190-5339
Country: US

ReferralServer: rwhois://rwhois.eng.xo.com:4321/

NetRange: 65.104.0.0 - 65.107.255.255
CIDR: 65.104.0.0/14
NetName: XOXO-BLK-15
NetHandle: NET-65-104-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: NAMESERVER1.CONCENTRIC.NET
NameServer: NAMESERVER2.CONCENTRIC.NET
NameServer: NAMESERVER3.CONCENTRIC.NET
NameServer: NAMESERVER.CONCENTRIC.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: Please report spam and viruses to abuse@xo.net.
Comment: For better service, direct customers of XO may use
Comment: the web form at http://www.xo.com/contact/care/
Comment: for reverse DNS requests and other customer-specific
Comment: technical issues. Thank you for your cooperation.
Comment:
RegDate:
Updated: 2005-12-05

OrgAbuseHandle: XCNV-ARIN
OrgAbuseName: XO Communications, Network Violations
OrgAbusePhone: +1-866-285-6208
OrgAbuseEmail: abuse@xo.com

OrgTechHandle: XCIA-ARIN
OrgTechName: XO Communications, IP Administrator
OrgTechPhone: +1-703-547-2000
OrgTechEmail: ipadmin@eng.xo.com

# ARIN WHOIS database, last updated 2006-07-11 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Found a referral to rwhois.eng.xo.com:4321.

%rwhois V-1.5:003fff:00 rwhois.eng.xo.com (by Network Solutions, Inc. V-1.5.9)
network:Class-Name:network
network:ID:NET-XO-NET-416a5960
network:Auth-Area:65.104.0.0/14
network:Network-Name:XO-NET-416a5960
network:Organization;I:Millennium Computer Products (158836-1)
network:IP-Network:65.106.89.96/28
network:Admin-Contact;I:XCIA-ARIN
network:Tech-Contact;I:XCIA-ARIN
network:Created:20010607
network:Updated:20010627
network:Updated-By:ipadmin@eng.xo.com

%ok
sh-3.1#
.
// __
sh-3.1# traceroute 65.106.89.99
traceroute to 65.106.89.99 (65.106.89.99), 30 hops max, 40 byte packets
1 r1-n64.acecape.com (66.114.64.1) 15.279 ms 14.229 ms 23.820 ms
2 r5-ge2.acecape.com (66.114.76.22

13.032 ms 16.529 ms 15.186 ms
3 64.124.176.main1.above.net (64.124.176.202) 40.051 ms 16.096 ms 14.610 ms
4 so-3-0-0.cr2.lga1.us.above.net (64.125.27.149) 41.687 ms 14.236 ms 44.612 ms
5 so-1-0-0.pr2.lga1.us.above.net (64.125.27.137) 44.151 ms 15.283 ms 44.902 ms
6 xo-above-oc3.lga1.above.net (208.184.233.230) 15.738 ms 12.984 ms 44.991 ms
7 p5-0-0.RAR1.NYC-NY.us.xo.net (65.106.3.37) 15.811 ms 16.518 ms 15.471 ms
8 p6-0-0.RAR2.Chicago-IL.us.xo.net (65.106.0.29) 42.658 ms 42.232 ms 50.844 ms
9 p1-0-0.RAR1.Dallas-TX.us.xo.net (65.106.0.34) 59.955 ms 61.978 ms 60.762 ms
10 p6-0-0.RAR2.LA-CA.us.xo.net (65.106.0.14) 92.149 ms 90.143 ms 94.672 ms
11 p4-0-0.MAR2.SanDiego-CA.us.xo.net (65.106.5.42) 97.403 ms 96.176 ms 94.763 ms
12 ge13-0.CLR1.SanDiego-CA.us.xo.net (207.88.81.11

101.468 ms 99.452 ms 98.778 ms
13 65.106.89.18.ptr.us.xo.net (65.106.89.1

101.782 ms 100.385 ms 102.467 ms
14 mcp2001.com (65.106.89.99) 104.075 ms 104.039 ms 104.911 ms
.
// __