Mint Dials Home Even While Networking Disabled?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

I left my Mint 14 system on, but fairly certain I did a right clk and turned off Networking as I always do when leaving the computer. At that time no updates were shown as needed. I come back to the computer later and before I turn the Networking icon back to Enabled, I see the Updates button has changed to indicate more updates available. So, question now is; Does Mint dial home like Windows does for updates when it's supposed to be off network? Is it supposed to be that way? I know the disable switch works to block Firefox and Thunderbird from network access.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
WharfRat
Level 21
Level 21
Posts: 13900
Joined: Thu Apr 07, 2011 8:15 pm

Re: Mint Dials Home Even While Networking Disabled?

Post by WharfRat »

Spearmint2,

It does appear to behave that way :shock:

I disconnected via the network applet then right-clicked refresh on the network applet and watched the packet traffic updating in iptraf.

There must be a side/back door :?
ImageImage

User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

Yeah, I was surprised, and a bit dismayed. I'd rather not the update process sidestep what I thought was system wide network control.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

for anyone interested in not having that backdoor open, especially when you disabled networking and expect it to make your computer secure while away from it, you can turn it off after booting up (choice on right clk), or you can uncheck it in Startup Applications Preferences, then just manually start & stop it, checking weekly for updates.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

WharfRat wrote:Spearmint2,

It does appear to behave that way :shock:

I disconnected via the network applet then right-clicked refresh on the network applet and watched the packet traffic updating in iptraf.

There must be a side/back door :?
You really want to do a test? leave iptraf on and logging one night when you've clicked the networking to disabled, see if anything else is "calling home".
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
eanfrid
Level 7
Level 7
Posts: 1857
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: Mint Dials Home Even While Networking Disabled?

Post by eanfrid »

Calling this a backdoor is quite exagerated. Your computer is using your idle time in order to do its own stuff: check and gather updates, security and bug fixes. This cannot turn your system open to any unknown remote hacking since it is up to you to install these updates later. If you do not want automated update checking, disable it (put zeroes in update interval preferences).
Main desktop: Debian GNU/Linux Jessie 64bit - MATE
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
Safer than Dropbox

User avatar
WharfRat
Level 21
Level 21
Posts: 13900
Joined: Thu Apr 07, 2011 8:15 pm

Re: Mint Dials Home Even While Networking Disabled?

Post by WharfRat »

Spearmint2,

I'll have to give this a closer look. I just don't see how it can happen. From a cursory look mintupdate is using /usr/sbin/synaptic for updating.

The only strange behavior with the panel applet is that it doesn't produce an error when it's manually refreshed when the network is disabled via the network applet so it 'appears' to be doing the update. Also I forgot that I set the update interval to 8 hours so I don't think there was an auto-update attempt during the time I was disconnected.

The traffic with iptraf might have been from other background applications I have running that were attempting to establish a connection, but couldn't.

The side/back door suspicion might be a little premature.

I'm going to keep my eye on this though.
ImageImage

User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

eanfrid wrote:Calling this a backdoor is quite exagerated. Your computer is using your idle time in order to do its own stuff: check and gather updates, security and bug fixes. This cannot turn your system open to any unknown remote hacking since it is up to you to install these updates later. If you do not want automated update checking, disable it (put zeroes in update interval preferences).
If I know I'm online at the time and not away from the computer with the networking turned off, then I don't mind it doing it then, but my worry is it's ability to check for updates (if it does) while I have networking supposedly disabled, might provide an entry point for someone testing ports on random basis IP by IP across the particular IP spectrum I'm on at the time. I don't even know if it uses a particular assigned port regularly or takes what is randomly assigned when requesting info on updates available.

For me, for the interim, it's a mute point since I have turned updating off, will just turn it on weekly, check to see if any new ones, then disable it again. There's no need for it to be on all the time anyway.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
doktarZues
Level 1
Level 1
Posts: 4
Joined: Mon Jan 20, 2014 12:54 am

Re: Mint Dials Home Even While Networking Disabled?

Post by doktarZues »

eanfrid wrote:Calling this a backdoor is quite exagerated. Your computer is using your idle time in order to do its own stuff: check and gather updates, security and bug fixes. This cannot turn your system open to any unknown remote hacking since it is up to you to install these updates later. If you do not want automated update checking, disable it (put zeroes in update interval preferences).
I don't think "backdoor" is the right description either because that's playing thought police. A better way to characterize what's happening is the obvious one- a rogue process deliberately circumnavigated manual actions implemented by the user meant to prevent network communication in order to initiate communication (and download unapproved software? heh).

In case you didn't read the rest of your post back, it sounds like you're suggesting it's unreasonable to expect networking to stay disabled (for all services) when manually disabled by the user. You then suggest we should intelligently identify and disable individual services, and apparently expect those to stay disabled, and apparently without heartburn. You can't be serious.

I'm tongue in cheek through most of this but it definitely isn't cool, and much worse to try and justify it with..whatever that was.

User avatar
eanfrid
Level 7
Level 7
Posts: 1857
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: Mint Dials Home Even While Networking Disabled?

Post by eanfrid »

I was not talking about malware. I was talking about legitimate system admin processes/services which consider arbitrary user disabled networking on a network computer as a malfunction that needs to be "repaired" because it is preventing them to operate. The principle is that if you do not want network services to start, your job as an admin is to disable them at system level and then start them manually when needeed.

Expecting as a user to prevent the admin tasks to be executed is a misconception of security and privileges separation. It is also a common bad habit taken from Windows machines. The problem is that the multiple sudo-like commands that are run to ease the use of the system generate a confusion about "who" you really are in some context. But as long as you do not run sudo-like commands, you are always one of the least privileged users of your machine, for security matters.
Main desktop: Debian GNU/Linux Jessie 64bit - MATE
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
Safer than Dropbox

User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

Since you mention Windows, one of the biggest complaints is Windows "called home" for undisclosed reasons, and for a long time users complained about it, even happening when updates were turned completely off. Microsoft's answer was to not worry about it, nothing personally identifiable. Of course later it turns out the NSA for one had a window into every Windows computer with the blessings of Microsoft. It was, and remains, a complete disregard for the USA Constitution 4th Amendment and I still see no reasonable accounting given by those involved in it, no prosecutions as should have happened, no judge or judges impeached and dismissed over it, it's all been a big gloss like the 4th Amendment doesn't really matter at all anymore. It was also a violation of USSID 18 as it had been written years earlier, don't know if they've changed it since then to allow such activity.

Yeah, so people are a bit sensitive about it, and as it turned out in the recent NSA case, with good cause to be so.

Any program which opens connections to the internet and downloads data, even if only informational, might with the right approach be exploited. When I used Windows update I had it set to never download unless I had first checked the ones offered and saved myself a few times from grief others had who accepted all updates automatically when Microsoft sent out some bad updates that trashed a few computers. That's not my concern though.

My concern is if anyone could circumvent and intercept (man in middle attack?) a request for system updates, or for those who have it set to automatically take all updates, an attacker could even initiate bogus new updates available and then upload corrupt/infected updates to such open systems. Any port that's open and waiting for the right request or answer to it's request for data (updates) is exploitable.

So, since I prefer nothing going out to internet and possibly receiving data back without my approval, realizing the update program doesn't seem limited by the "disable networking" process, I will use it manually instead, leaving it off at all other times. I'm left wondering now if other programs are doing this, such as the Date/Time panel applet/widget.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
eanfrid
Level 7
Level 7
Posts: 1857
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: Mint Dials Home Even While Networking Disabled?

Post by eanfrid »

The clock-applet (on MATE) opens periodically a user http connection at least to the weather forecast servers, in the background too, if you set up a location.
Main desktop: Debian GNU/Linux Jessie 64bit - MATE
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
Safer than Dropbox

H.Remedy
Level 3
Level 3
Posts: 163
Joined: Sat Feb 08, 2014 6:52 pm

Re: Mint Dials Home Even While Networking Disabled?

Post by H.Remedy »

I have to agree with others who are annoyed by this. It may not be a "backdoor" (a term that suggests an intentional security gap for the purposes of spying), but it is still unacceptable and quite surprising.

I learn some really interesting things just by browsing these forums! :lol:

User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

eanfrid wrote:The clock-applet (on MATE) opens periodically a user http connection at least to the weather forecast servers, in the background too, if you set up a location.


Thanks for that information. Previously I've had the update set for once per day, so maybe why it took so long for me to notice it acted independently of user disabling internet connection. On the good side it seems to make a request for information before any comes to it, and of course that request would be directed only at the sites supplying such. Still, someone hitting a compromised DNS which redirects them to a bogus download site spoofing through that DNS as a true update site might be able to take advantage of that. I would hope it uses some sort of PGP key or other verification of the site before doing downloads.

It just seems security would be best if a user could be sure NOTHING goes out or is received when he's disabled the internet connection which the browser and email programs use. Even a popup reminder to manually check for update that day or that week but leaving it off all the other time would be better approach. The icons in panel could even display the red X or something similar which indicated they were not working while internet was disabled.

https://www.grc.com/dns/dns.htm
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
eanfrid
Level 7
Level 7
Posts: 1857
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: Mint Dials Home Even While Networking Disabled?

Post by eanfrid »

You can also do an as simple thing as logout :) (or "suspend" the computer).
Main desktop: Debian GNU/Linux Jessie 64bit - MATE
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
Safer than Dropbox

User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

eanfrid wrote:You can also do an as simple thing as logout :) (or "suspend" the computer).
That's how I discovered this. I didn't log out, but I did let it go to suspend, came back and woke it up, and oddly saw the update icon showed update available when there had been none available when I disabled networking and let it go to suspend. It's possible in the 10 minutes it takes to suspend the updates notification came through previous ot suspend, but it was AFTER I'd disabled networking, believing that cut it off completely from internet.

In the days of dialup connections, if my hard drive started acting like it was accessing when it shouldn't, or something from the internet was hitting the computer, (no router protection in between) then I'd quickly drop the phone connection and that ensured the internet connect was completely gone. If it was something from internet causing the problem it would quickly stop too. Of course then a dialup to a different server and sometimes the same server got you a new IP than the previous one.

System software should work the same, so all internet access can be removed, turned off quickly and no valid system program able to connect anyway, without user needing to unplug a LAN cord or install a manual kill switch for the LAN somewhere on the front of computer.

Dropping the LAN connection should work just as well as dropping a dialup connection does.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
mbohets
Level 2
Level 2
Posts: 97
Joined: Sun Apr 28, 2013 8:26 am
Location: Belgium

Re: Mint Dials Home Even While Networking Disabled?

Post by mbohets »

In my network manager, there is a setting called "automatically connect to this network when available"
Perhaps that is the reason why your network goes on when some application wants to communicate with something on the internet.

For example NTP (network time protocol) that gets the time from the internet on regular intervals to keep your PC clock on the correct time
Je suis Charlie, how many more people have to die for religion

User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

In my network manager, there is a setting called "automatically connect to this network when available"
I have "connect automatically" and when it's unchecked the networking won't connect at all.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

turmbau
Level 1
Level 1
Posts: 25
Joined: Mon Feb 24, 2014 1:33 pm

Re: Mint Dials Home Even While Networking Disabled?

Post by turmbau »

I actually was surprised by the discussion here. I also thought ( and that was naiv ) that disabling the network connection using the network manager will really shut down the interface, alike ifdown does. True : I am not asked for any authentication, so it,not so obviously, is a user priviledged action, not a system wide one. Maybe that should be changed, because it is misleading ( ask for passwd and ifdown it ) !
Moreover, I am puzzled about the "the update service can be exploited" talk.
So my question is ( taking up spearmints concerns ) : Is there a signature used for the update packages other than md5, in other words a public-private-key-pair, delivered along with the distros .iso ? I tried a few links on mint signature, and md5 integrety was the only topic found. Other distro, some time ago, delivered such, such and the update path was secure, as long as the installation media and meanwhile the running system wasn't corrupted. I dont remember where the signature lay, sry couldnt find that one out. I thought I was secure from manipulating backbone routers( considered NSA driven, chinese hacked, whatever ). Is that true for mint ? Not talking about the question of prime1*prime2=publicKey as an equation that might be solved with quantum computers, even if only the pubKey is known and the primes are large... Sry for the questions of a simple but concered user.

User avatar
Spearmint2
Level 16
Level 16
Posts: 6891
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: Mint Dials Home Even While Networking Disabled?

Post by Spearmint2 »

I'm a bit loathe to put this in, since by no means do I want to teach someone how to do this, but these pages describe the way services connecting when nobody is at the computer, no logs for internet connection perhaps are running or they get bypassed by the other program. If you are at your computer and suddenly bandwidth goes up and things unrelated to what you are doing seem to be happening, having a kill switch for ALL internet connection is preferable. The alternate is just pull the LAN cord till you figure it out, and instead of leaving it on all the time, turning the computer off and reboot for each use later. Suspend and hibernate can be defeated also on computers where someone has the WOL (wake on LAN) still enabled in the BIOS. That can happen when you are at the computer and be undetected by you, imagine how much easier if your computer is compromised by a program that makes a connection when you aren't there.

https://www.grc.com/dns/dns.htm
this describes what is commonly called a "man in the middle" attack method.

https://www.grc.com/fingerprints.htm
This describes how that "middle man" then exploits even secure communications.

I have my router in complete stealth mode, so nothing comes in now unless a request goes out from the computer, and no pings are answered to indicate it's online. If anyone wants to see what's connected by internet at any time on tcp or udp;

Code: Select all

netstat -tulpn
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

Post Reply

Return to “Newbie Questions”