Hey all, I turned on google maps (and the location service) on my stock Galaxy S9+ and noticed that the android system was suddenly making some outside calls on the HTTPS port (443). I've blocked them for now, but I was wondering if any of you know if they are ok to let through? The IP addresses are usually 13.249.134.*, going out to an amazon cloudfront server. Is this just how Samsung does some of its updates, or should I be worried about my privacy?
It could be any number of apps or services on your phone doing that. Without knowing which app did it or what it was doing (get, post, etc) was it's not possible to tell you if it's normal or not.
For example on my phone I see an https tunnel connection to 13.56.148.213:443 by Samsung neural keyboard.
I would try to use something to help narrow down what app is connecting to that IP address, and what it is doing in a bit more detail.
I cleared my adguard filter log recently but I will keep an eye on it. Will check on it tomorrow and see if I have any requests going to that IP address range.
**Edit - I don't see anything calling to that specific ip address range, but that doesn't mean anything necessarily. I would strongly suggest you find a way to identify what application is trying to connect to the IP address and what kind of event is taking place (POST, GET, HTTP TUNNEL, etc). Amazon cloudfront server(s) could very well be some form of content delivery service (images and etc), a server for use in backing up configurations/data, or as a way to send data to an app using the closest server to your location (like some sort of content delivery network).
Alright, thanks for your help! Would you happen to know of any good packet sniffers that wouldn't require root access?
StultusNemo said:
Alright, thanks for your help! Would you happen to know of any good packet sniffers that wouldn't require root access?
Click to expand...
Click to collapse
Unfortunately no., and I looked for such an app for a while (over past few months) now.
Related
I have never got any app that hosts web page to work when I'm using mobile connection.
Wlan connection always works and another users seem to get it working using mobile connection.
Same problem with all ROMs that I have used. How to fix?
Mehumummo said:
I have never got any app that hosts web page to work when I'm using mobile connection.
Wlan connection always works and another users seem to get it working using mobile connection.
Same problem with all ROMs that I have used. How to fix?
Click to expand...
Click to collapse
Ummm. What network are you on? Remember most networks use NAT so save IP addresses. So your web server might only work for other users on the same subnet of your provider.
A phone isn't an ideal server. Can't you spend $1 or so per month on shared hosting on a server somewhere?
This is why it works on WiFI, as you have a dedicated IP address.
How can an incoming connection to 155.55.55.55 (for example, which covers all your network's users) know to direct an incoming port 80 (web) request to your phone? As opposed to the many other people that would try this?
I think Vodafone UK gives individual Ips though, so you could switch provider if it matters
anon2122 said:
Ummm. What network are you on? Remember most networks use NAT so save IP addresses. So your web server might only work for other users on the same subnet of your provider.
A phone isn't an ideal server. Can't you spend $1 or so per month on shared hosting on a server somewhere?
This is why it works on WiFI, as you have a dedicated IP address.
How can an incoming connection to 155.55.55.55 (for example, which covers all your network's users) know to direct an incoming port 80 (web) request to your phone? As opposed to the many other people that would try this?
I think Vodafone UK gives individual Ips though, so you could switch provider if it matters
Click to expand...
Click to collapse
I do know what NAT is (as it always ruins everything). I was not aware that mobile connection uses NAT as I imagined that operators doesn't put their users under same ip.
I'm not hosting something that any server could, mostly access to my phone:
files, sms, remote usage etc.
So there is no way but change operator?
Mehumummo said:
I do know what NAT is (as it always ruins everything). I was not aware that mobile connection uses NAT as I imagined that operators doesn't put their users under same ip.
I'm not hosting something that any server could, mostly access to my phone:
files, sms, remote usage etc.
So there is no way but change operator?
Click to expand...
Click to collapse
T-mobile definitely uses nat, as I have tried to ssh into my phone etc. I needed to make a listen server and dial into it from the phone.
So what you are doing needs a unique ip or upnp support (which I doubt android can do). But also it needs an isp that don't block ports or anything.
We use vodafone sims for remotely connecting to remote wind farms, as it allows incoming radmin connections.
anon2122 said:
So what you are doing needs a unique ip or upnp support (which I doubt android can do).
Click to expand...
Click to collapse
I guess that no operator supports UPnP/IGD to poke holes in their NAT.
If it's only for transferring files, SwiFTP supports a proxy server that is provided by the author. SwiFTP doesn't support SSL, and I don't think that I would want to send the plain text password to my phone over the Internet.
Another possibility is a VPN from the phone to the PC or router. Than you can start a server like kWS, Android Desktop, PAW Server, I-Jetty, WebFileSystem, etc.
VPN sounds good, gonna try when I get to home.
I can get connection using vpn.
However if there are no connection for short time or phone is restarted then vpn connection goes away.
I would like it to reconnect asap but it isn't meant to be that way :/
Couldn't find anything to reconnect vpn.
I didn't try the built-in VPNs (Android 2.1), but it works fine with OpenVPN: even when changing from Wifi to 3G it reconnects after a few seconds. You need root for OpenVPN AFAIK. It works great with VillainROM 12 which comes with OpenVPN. There's a guide at the VillainROM forums.
Thanks got it working
Lol huge decrease to battery life, suppose you don't have any hints for that?
Running Vanilla AOSP Gingerbread 2.3.3, finally managed to get this thing to talk to the local network here at work (it's PEAP authenticated, TnT Lite won't see it).
Now I'm running into the issue of not being able to access local intranet sites with my browser. Instead if just takes me to google search.
Running Dolphin HD right now. Any ideas? I'd really like to use this tablet at work to access the local intranet. If it won't do it, that's going to be a problem.
I would download the program ipconfig from the market and make sure you are getting the correct ip information on your network. Getting the incorrect DNS server can cause this issue. You can also downlond ping from the market and try to ping the internal web address. Just a troubleshooting step that I would starti with.
I was able to ping it using the Terminal Emulator, so that is working at least.
Well...I am getting my Gtab deliverred via fedex tomorrow and will be able to test my local intranet sites with the same setup and hopefully be a little more helpful. I will keep you posted with what I find,
Ok, I was wrong, I can't ping. I was pinging a server that is exposed on the external internet (Oops). The internal-only servers are unreachable. The DNS servers, though, are correct.
This is interesting.
From home I can access my work email through Exchange for Android, no problems. However now that I'm online at work and on the internal network, it doesn't work. I suspect it's because it's on the internal intranet now instead of trying to route to it through the internet.
I suspect that, while Vanilla 2.3.3 AOSP supports PEAP, it doesn't really support PEAP.
A large number of corporate networks use a proxy server; check into that.
pearlyking said:
A large number of corporate networks use a proxy server; check into that.
Click to expand...
Click to collapse
This one doesn't, as far as I can tell.
My iPhone connects to it fine, other people are able to access it with iPads and Android phones.
I'd ask IT for help, but we're technically not supposed to be using it.
pearlyking said:
A large number of corporate networks use a proxy server; check into that.
Click to expand...
Click to collapse
+1
Had the same problem and it turned out to be the Proxy settings.
Got it working.
Now running VEGAn 5.11 and it connects just fine. Not having the issues with the email anymore, either. However some of the intranet sites only pull up if I know the IP directly, apparently the browser has a hard time with port redirection on the URL (it doesn't care for 'evolutionsc:8080' very much at all).
Now I just need to find a browser that can handle JIRA without formatting issues.
ubergeek4l said:
+1
Had the same problem and it turned out to be the Proxy settings.
Click to expand...
Click to collapse
I seem to be having the same problem but I honestly don't know how to update the proxy settings for my work network (which does use a proxy server). I'm using Vegan 511, anyone know how to specify a proxy server for the network connection to use? I can't find anything in the wireless&network settings area.
Hi
I am trying to connect to my office wifi via proxy server.
Scenario 1: I am using Samsung Bada (wave 1), connected to the internet successfully and also any applications that require an internet connection including Samsung's app store.
While, connecting via open networks like home wifi and other friends' wifi also worked without any issue.
Scenario 2: Now I also have an android based Galaxy pocket: even after entering all the required proxy setting as mentioned above, I can access websites via browser but cannot access samsung's app store, google's play store, skype, sipdroid etc.,
I know it is nothing to do with the network administration as I am still accessing via my samsung wave but not via android. Please help me in identifying what I am missing. Is there anything like a network profile I need to assign for these applications?
thanks
S
Figured out the solution
Sometimes it is pathetic to notice that I didn't receive a single suggestion after I posted my question above. This is not how it used to be when we had smartphones that were just running windows long time ago.
There were lot of suggestions that comes up within a few minutes of posting, now after the invent of android and so many devices we have so many members but knowledge sharing has decreased considerably as each person is busy with solving their own issues.
Well, let me come back to the point - All that I needed to do was to run an app like 'proxydroid' or 'auto proxy lite' from one of our members from xda-developers to solve this issue. In order, to run these apps the device needed to be rooted. I rooted and installed this app and from that instance I am able to make all my apps including skype, google app market and what not all can access internet from my corporate wifi.
However, I noticed that only one application never succeeded this trick - that app is a Voip/SIP application called 'Pronto dialer' which throws a message 'unknown error occurred'. It works fine in an open wifi like at home etc., I am suspecting the proxy setting in the office network clashes with the proxy setting in the dialer...dont know what it is. Anyway I am glad and relieved that I was able to solve 90% of the issue.
Hope the above will be useful for someone with similar limitation from corporate wifi.
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
typhoonikan said:
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
Click to expand...
Click to collapse
On a public wifi all data you do is unencrypted, the only way to protect it, is doing some encrypting yourself.
On the apps that support it you should enable SSL encrpytion, that way, only your device and the receiving service can parse whats going on.
Not all apps support this, so if you come over an app that doesnt, but is really afraid of someone taking it, you need to do some more advanced stuff, and take use of a VPN.
This applies to both laptops and phones, but ssl support is usually less used on laptops
typhoonikan said:
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
Click to expand...
Click to collapse
Use "SSH Tunnel" app from Play Store to encrypt all of Internet traffic. You'll need just an internet server having root access or SSH access for that. There's no need of complex configuration on server at all.
All VPNs except OpenVPN have limited encryption level, but that's not the case of SSH Tunneling. When it comes to OpenVPN, its configuration is complex. And, little mistake can pose security risk. Plus, most of stock ROMs don't have OpenVPN client. Installing it is also more complex than installing SSH Tunnel.
SachinShekhar said:
Use "SSH Tunnel" app from Play Store to encrypt all of Internet traffic. You'll need just an internet server having root access or SSH access for that. There's no need of complex configuration on server at all.
All VPNs except OpenVPN have limited encryption level, but that's not the case of SSH Tunneling. When it comes to OpenVPN, its configuration is complex. And, little mistake can pose security risk. Plus, most of stock ROMs don't have OpenVPN client. Installing it is also more complex than installing SSH Tunnel.
Click to expand...
Click to collapse
This is great and what I had in mind- an app that secures the connection.
Though, walking into a starbucks or public wifi location where they have this kind of requisite (the server requirements)... isn't it doubtful they will have that set up?
Personally, I use OpenVPN. I would recommend using TUN, and at least 128 AES encryption. You need to have an always on internet connection somewhere. You set up a server there (dedicated computer, or buy a $40 linksys router and flash with dd-wrt or tomato vpn) and use a dynamic dns service to forward to that server's IP (such as DynDNS).
Most of that information is available on google.
You can find the OpenVPN HOWTO here:
openvpn.net/howto.html
Yes, as mentioned it is fairly complex, however worth the payoff in security in my opinion.
Hope that helps.
Tom
I appreciate the responses, but I think you're missing my point.
I'm talking about joining public wifi. Not a wifi spot where I can manage their server settings.
Yes, we are as well. VPN and SSH tunneling are used primarily to encrypt traffic. You want to do that to protect your data from Man in the Middle attacks. These types of encryption do not require any sort of administrative access to the wireless access point. That's the idea. You encrypt your data on your computer and send it over unsecured wifi to a server that is hard-wired to the internet, where the traffic is decrypted and send out to the internet as normal. The return traffic will then also be encrypted until it is decrypted by your computer. I would look into these two options for securing your data on unsecured wifi networks...
Tom
tomg09 said:
Yes, we are as well. VPN and SSH tunneling are used primarily to encrypt traffic. You want to do that to protect your data from Man in the Middle attacks. These types of encryption do not require any sort of administrative access to the wireless access point. That's the idea. You encrypt your data on your computer and send it over unsecured wifi to a server that is hard-wired to the internet, where the traffic is decrypted and send out to the internet as normal. The return traffic will then also be encrypted until it is decrypted by your computer. I would look into these two options for securing your data on unsecured wifi networks...
Tom
Click to expand...
Click to collapse
Thank you !
Sent from my EVO using xda premium
typhoonikan said:
This is great and what I had in mind- an app that secures the connection.
Though, walking into a starbucks or public wifi location where they have this kind of requisite (the server requirements)... isn't it doubtful they will have that set up?
Click to expand...
Click to collapse
Server will be your own outside public wifi. It may reside in your home. Or, you may purchase a VPS from Linode, RackSpace etc.
The concept: Your Android device will create an encrypted SSH tunnel to server at home... all over insecure wifi network. If a black hat guy traps your traffic in the middle, he will not get usable data from that because of encrypted tunnel.
Hi everyone,
I am trying to get my head around on what can be done to bypass the tethering filter on 3UK.
Below are different scenarios I have come up with and would like any volunteers who could try out any of the following for me. Of course I will be doing these myself as and when time permits but its always helpful to have others view on it too.
Please and I say please, do not turn this thread into Right and Wrongs of tethering or Terms and conditions of 3 mobile contracts. Please keep your views to yourself regarding if its lawful or unlawful or ethical or unethical or whatever you seem to come up with. I would like this to be a productive thread, instead of random comments on tethering.
Option 1: Use SSH Tunnel * Should I use SSH tunnel on my phone and use my PC to connect to it to use internet. Is there a reverse option?
Option 2: Use OpenVPN Install OpenVPN on your pc, and connect your phone to your pc using default VPN function on your phone in my case GT-I9100 comes with VPN function. You could also try to reverse this method and install OpenVPN on your phone and use your PC to connect to it. *
Option 3: Use the above two together in combination As the heading says, use SSH tunnel to connect to your OpenVPN.
Option 4: Use a proxy on your pc and connect to your phone or reverse, install proxy app on your phone and point your pc web browser to that proxy address. You could use the SSH tunnel here to connect too.
So, tools at hand are vpn with any encryption available, ssh tunnel, proxy server.
Tools to ignore - TOR (onion), garlic based TOR like, changing User Agent on web browsers or paid VPN.
3 UK has two APN settings, three.co.uk for mobiles (NATd ip address) and 3internet (dongle users) has external IP address and I believe it’s an Open NAT or no NAT.
Please feel free to mix and match any options and also share your views on what is technically possible.
I hope to see something useful and learn a bit more. Even if we fail to achieve the desired results, it will still be enlightening to find the facts on how 3 detects tethering.
I
Code encode decode
Found on giff gaff forum useful info
Well, they have a few ways..TTL: In my opinion, the most likely telltale signal of tethering. For example, *iOS packets originate with a TTL of 64, so if they see anything else they know something is up. This is very easy to check, as the TTL is checked by each router as the packet is handled. (the address on the envelope - doesn't require opening the letter, to use an analog analogy)APN: Another possible sign of tethering is data being routed over the access point set up for the built-in tethering feature. But giffgaff does NOT have a separate APN for Tethering. Again, this is easy to check without deep packet inspection.User-agent: This is where carriers would need to get heavy-duty equipment and a willingness to be invasive to detect tethering. Your browser sends information about itself to remote web servers, and this information could be checked. I do not think giffgaff is doing this (to detect tethering at least,) as it is not proof of tethering since anyone can easily use another browser on your phone that reports a different User Agent.Web Sites Visited: Again, highly invasive, though it doesn't require DPI. If you're using the DNS servers of the carrier, they could look for requests for certain domain names like windowsupdate.com etc. This wouldn't be proof either, though.I would bet that they are using TTL. So tunneling the TCP/IP packets that way probably resets the TTL to the default of the WAN interface on the phone.
Code encode decode
Why do you have to make 2 threads for the same subject?
Well I wasn't sure at the time of writing first one if I had to go down the route of testing which the second one is for. So, the first one is literally to know if its happening to new contracts only and second is for testing different scenarios and finding how.
Hope this helps and if not then jog on.
Code encode decode
Invincible29 said:
Hope this helps and if not then jog on.
Click to expand...
Click to collapse
Less of the attitude please and more of the reading of forum rules. Stick to one thread for the same thing.
Thread closed, use the other one (it was created first).