For one thing I don't have w3m installed on any of my Linux boxes by default. (solved easily of course) But once I installed and typed in the example command you give, I get this error:
sed: -e expression #1, char 1: unknown command: `'
Note that in the terminal the second to last character there is actually a diamond shaped black blob with a white question mark in it, it's between the ` and the '. Not sure what gives with that. Could it be utf or some other like difference between your distro and mine? You using BSD or something??
Discussion on:
View:
Show:
pgit,,
yes, I have reproduced the exact problem you describe... here, on the same computer on which I tested and usually run this script. The reason is, indeed, some utf-related formatting/character encoding error when going from the ASCII files in my computer to the HTML version here. However, the quick solution is to replace the characters that generate those "diamonds" with single quotes. Sorry for the complication!
yes, I have reproduced the exact problem you describe... here, on the same computer on which I tested and usually run this script. The reason is, indeed, some utf-related formatting/character encoding error when going from the ASCII files in my computer to the HTML version here. However, the quick solution is to replace the characters that generate those "diamonds" with single quotes. Sorry for the complication!
The source IP of the sender is usually in the header of an e-mail somewhere. You don't need to automate it like this unless you really do want them to leave the thing on and remote in hours later. It's not foolproof I admit but on the other hand it isn't hard to explain to them how to open a command prompt and run ipconfig either. Of course if their e-mail is up the snuff it doesn't work but then neither does the method described.
cybershooters,
I know very well that the sender source IP is (almost always) in the headers of each email message. However, this solution is worst than mine, or simply will NOT work, in all cases like mine.
The first reason is the one I clearly mentioned at the beginning of the post: "without ANY effort on their side". With this system they don't have to log in and send an email. They only have to push the button that turns their pc on and forget the whole business, go to sleep, have a walk... Or their nurse, or a friend passing by, can do it for them. If they are at my place, they can phone home and tell whoever answers first to push the button and that's it.
Then there is another reason why what you say simply won't work, also explained: dynamic IP addresses. I came up with this solution exactly because I DID start by asking people over the phone to "just send me an email" and check its headers manually... and then I would have to call TEN minutes later, because the provider had automatically changed their IP address in the meantime
I know very well that the sender source IP is (almost always) in the headers of each email message. However, this solution is worst than mine, or simply will NOT work, in all cases like mine.
The first reason is the one I clearly mentioned at the beginning of the post: "without ANY effort on their side". With this system they don't have to log in and send an email. They only have to push the button that turns their pc on and forget the whole business, go to sleep, have a walk... Or their nurse, or a friend passing by, can do it for them. If they are at my place, they can phone home and tell whoever answers first to push the button and that's it.
Then there is another reason why what you say simply won't work, also explained: dynamic IP addresses. I came up with this solution exactly because I DID start by asking people over the phone to "just send me an email" and check its headers manually... and then I would have to call TEN minutes later, because the provider had automatically changed their IP address in the meantime
I have several accounts, most are used for pushing backups over ssh to remote locations. The one problem with it is a change in IP might not register with the service for some time. I have had backups fail because the ISP changed the IP sometime just before the backup was to run.
That's not a frequent problem, and isn't a show stopper, for sure. I think DynDNS is an excellent solution, better than having cron running scripts on every remote host. Cron can fail, there might be a timeout with whatsmyip, there are variables that can render the whole thing useless.
DynDNS offers one point of failure, if you want to look at it that way, and they are redundant beyond belief. Your only real point of failure is if the remote host or firewall go down, eg power failure.
The point of the article was a how-to in the event one doesn't want to use a dynamic DNS solution. The only glitch I see is in my prior post: the command doesn't work for me using an rpm based distribution. (I'm pretty sure I'm not typing anything wrong)
That's not a frequent problem, and isn't a show stopper, for sure. I think DynDNS is an excellent solution, better than having cron running scripts on every remote host. Cron can fail, there might be a timeout with whatsmyip, there are variables that can render the whole thing useless.
DynDNS offers one point of failure, if you want to look at it that way, and they are redundant beyond belief. Your only real point of failure is if the remote host or firewall go down, eg power failure.
The point of the article was a how-to in the event one doesn't want to use a dynamic DNS solution. The only glitch I see is in my prior post: the command doesn't work for me using an rpm based distribution. (I'm pretty sure I'm not typing anything wrong)
Let ddclient run as a deamon if your using *nix rigs. I have it updating a dynamic IP shared by about five domain names. The IP can change frequently some days but ddclient is keeping up with it. Not sure if it'll maintain connection during a long rsync but may be worth looking at if you haven't yet.
This seems a case of the NIH-syndrome.
Appearently the original poster is not aware of ddclient, or the correct usage, and so invented his own solution.
I cannot see the advantages of his system instead of just having the remote systems using adresses such as john.hisdomain.dyndns.org, peter.hisdomain.dyndns.org etc.
But surely it must be embarrassing having invented such a system, and writing an article about it, and then having people telling "why don't you just..."
Appearently the original poster is not aware of ddclient, or the correct usage, and so invented his own solution.
I cannot see the advantages of his system instead of just having the remote systems using adresses such as john.hisdomain.dyndns.org, peter.hisdomain.dyndns.org etc.
But surely it must be embarrassing having invented such a system, and writing an article about it, and then having people telling "why don't you just..."
I'm not sure that it's entirely NIH. Maybe not having setup ddclient recently (dead simple for the folks with dpkg-reconfigure available but still).
The one difference I see between the two is the publicly discoverable domain names you end up with under ddclient. One may not want the private machines they support sitting behind a public domain name. The solution in the article sends the IP directly to the author which makes the machines less discoverable; you have to run IP network scanning which the target machine can detect versus domain name brute forcing which dyndns may not care to respond to and which the target machine will never know about.
Either way, I'd make sure those machines where locked down with proper security mechanisms rather than just obscuring the location by not providing a domain name:
IBR; Internet Background Radiation - the hostile network noise generated by both ongoing active network scanning and various malware infections that remain active and scanning for a path to propagate through.
The one difference I see between the two is the publicly discoverable domain names you end up with under ddclient. One may not want the private machines they support sitting behind a public domain name. The solution in the article sends the IP directly to the author which makes the machines less discoverable; you have to run IP network scanning which the target machine can detect versus domain name brute forcing which dyndns may not care to respond to and which the target machine will never know about.
Either way, I'd make sure those machines where locked down with proper security mechanisms rather than just obscuring the location by not providing a domain name:
IBR; Internet Background Radiation - the hostile network noise generated by both ongoing active network scanning and various malware infections that remain active and scanning for a path to propagate through.
between the actual article and other comments, I have already explained this point several times, but it is evident that it wasn't enough (my fault, surely), so I'll do it again.
This is not NIH. This is a solution for people who, like me, do not WANT to use anything DNS for this task, because, among other things,
the involved computers have really, really no reason at all to be discoverable/reachable all the time through constant domain names. I do NOT want that to happen
this solution is simpler, quicker to set up and more portable than anything based on DNS. Any version of m utt and w3m will work in that way. Oh, and from the ddclient home page "Dyndns decided to change their business model and they stopped offering free account. It made me decide to make dyndns less important for ddclient. "
is the publicly discoverable domain names you end up with under ddclient.
This is not NIH. This is a solution for people who, like me, do not WANT to use anything DNS for this task, because, among other things,
the involved computers have really, really no reason at all to be discoverable/reachable all the time through constant domain names. I do NOT want that to happen
this solution is simpler, quicker to set up and more portable than anything based on DNS. Any version of m utt and w3m will work in that way. Oh, and from the ddclient home page "Dyndns decided to change their business model and they stopped offering free account. It made me decide to make dyndns less important for ddclient. "
is the publicly discoverable domain names you end up with under ddclient.
for the reasons already explained by pgit. The problems he mentioned were quite frequent also in my case, much more than cron failures. it takes much, much, much less to write and set up script like that than just getting mad over dyndns only because it is more elegant. Especially in cases where nobody else needs to access those boxes.
The only issue I have with this is that you're now limiting 'Aunt Joyce' and 'Uncle Frank' to their browsers and Email. While this is usually no issue, what about if they want to learn a bit more about their systems, or just fool around a little? They'll ask for advice or take a local class which, of course, will be for MS Windows...
Local support, I just have them manually go to the whatismyip website and tell me the number over the phone. As for remote backups, I don't go that far. I'll teach people how to drive better, but I won't do their driving for them all of the time.
Local support, I just have them manually go to the whatismyip website and tell me the number over the phone. As for remote backups, I don't go that far. I'll teach people how to drive better, but I won't do their driving for them all of the time.
"manually go to whatsmyip".. which conflicts with the key point of the article; to provide the support person with an IP address with *no* manual steps by the user.
Also, nothing limiting Aunty or Uncle. If they need more than a browser or email, options are available. If they want to learn more about there system, resources are available. Why can't they pick up the phone and call Nephew to ask for advice? Given that they have specific needs including providing an IP address with no user interaction; me thinks your desire to push Windows is well outside the scope of the discussion.
Also, nothing limiting Aunty or Uncle. If they need more than a browser or email, options are available. If they want to learn more about there system, resources are available. Why can't they pick up the phone and call Nephew to ask for advice? Given that they have specific needs including providing an IP address with no user interaction; me thinks your desire to push Windows is well outside the scope of the discussion.
"what about if they want to learn a bit more about their systems, or just fool around a little?"
Info,
what on Earth makes you think that I would ever **prevent** people who did want to learn more about Linux and computers from doing that? This is a trick I use ONLY with the others
Info,
what on Earth makes you think that I would ever **prevent** people who did want to learn more about Linux and computers from doing that? This is a trick I use ONLY with the others
I setup a WWW site on my own computer and can see the IP address in the access log. Either you setup a wget/curl every 15 minutes in a cronjob, or you can ask them to manually go to the WWW site if you suspect that the IP address has changed since the last cronjob. The URL doesn't even have to exist...http://myWWWsite.com/unclebob will tell you uncle Bob's IP address even when Uncle Bob gets a 404 non-existent error.
as several other comments, this simply does NOT apply to the scenario I presented. Specifically, it won't work when the support person too has a dynamic IP address at home, or any time he/she is traveling and accessing the Net only through other computers/ip addresses
I see this with both cable and DSL. The providers' modems are NAT'ing, so will only show their Internet-facing IP, not that of any PC's "inside". Seems to me you would need to deal with opening a port for external access, and then would need to find the PC on the in-home network (even if only one). Does this solution not require direct Internet connection?
I wouldn't figure this an adhoc solution. If your taking the time to setup a script to check the IP and email it somewhere then you surely have the time to open port 22 in the house router and set a proper firewall rule so the machine only accepts connections from you. It doesn't even add any real time to drop fail2ban on there should someone try hammering port 22; heck, toss in psad for the extra five minutes that's initially going to take and now your automatically banning anyone that isn't you who's even touching port 22 let along trying passwords against it.
Personally, psad and fail2ban are defaults in my *nix system builds so the initially install process is going to have those in place without any further effort on my part. Leaving port 22 open and forwarded from the router.. no problem.
Personally, psad and fail2ban are defaults in my *nix system builds so the initially install process is going to have those in place without any further effort on my part. Leaving port 22 open and forwarded from the router.. no problem.
...with users who have more than one computer behind their router, yes. Personally, I've not come across this configuration yet (crossing fingers)
You could have each client use a different port, especially for the incoming connections you might make. Let the router/firewall sort 'em out.
To me this is scary. I'm not as tech savy as you so I apologize for ignorance. But this is scary to me since I was recently hacked by a co-worker/supervisor so that he could spy on my family at home. He went so far as to obtain a credit report about me that he had no reason to. How to prevent hacking has become something I'm trying to figure out.
Keep all your software and anti-virus up to date.
Don't click on links in emails when you don't know what they are.
Don't visit dodgy websites.
Use a firewall, or several.
NEVER give out your password to anyone.
Use a complicated password.
Trust no-one.
There are lots more examples you'll be able to find with a quick Google search.
Don't click on links in emails when you don't know what they are.
Don't visit dodgy websites.
Use a firewall, or several.
NEVER give out your password to anyone.
Use a complicated password.
Trust no-one.
There are lots more examples you'll be able to find with a quick Google search.
Your co-worker/supervisor committed a crime by breaking into your personal machines without your prior permission to do so. He also would have used methods well known already so nothing new was created or discovered.
This was not hacking (self guided learning through hands on experimentation and creation), this was a criminal act plane and simple. A real Hacker would ask your permission first and show you how it was done along with how you can protect yourself after. The mass media representation is meant to drive profits not deliver accurate information else they'd use the term criminal when what they are discussing is crime.
As for defense, the same safe computing habits you should be developing in general would also protect you against your co-worker.
- keep your software up to date; Your operating system and all the applications you install on top of it. That means Windows or osX and whatever programs have been added. The really hot targets right now are Adobe Flash, Adobe Reader (PDF files in general) and Java. At minimum, you need to confirm that the OS and those programs (if installed) are up to date.
- keep your antivirus up to date
- only install what programs you need and only if you've downloaded them from a trusted source (get your Adobe PDF Reader from Adobe not Bob's Software Download Site)
- do not open unexpected email especially from unknown sources
- do not open unexpected attachements
- do not click on links in email (hover the mouse you can at least confirm if the link displayed really points back to where it says it does)
- use a user level account with a password for day to day computer use and question why it is prompting you for administrator rights when that happens. Do not share your password with anyone (the kids can have there own accounts). Do not leave your mobile devices unattended without at least locking the screen so your password is needed before tampering with it.
The real Hackers will happily provide tips on how you can stay safe. If someone is breaking in without permission, they are not a Hacker regardless of what they or the mass media claims.
This was not hacking (self guided learning through hands on experimentation and creation), this was a criminal act plane and simple. A real Hacker would ask your permission first and show you how it was done along with how you can protect yourself after. The mass media representation is meant to drive profits not deliver accurate information else they'd use the term criminal when what they are discussing is crime.
As for defense, the same safe computing habits you should be developing in general would also protect you against your co-worker.
- keep your software up to date; Your operating system and all the applications you install on top of it. That means Windows or osX and whatever programs have been added. The really hot targets right now are Adobe Flash, Adobe Reader (PDF files in general) and Java. At minimum, you need to confirm that the OS and those programs (if installed) are up to date.
- keep your antivirus up to date
- only install what programs you need and only if you've downloaded them from a trusted source (get your Adobe PDF Reader from Adobe not Bob's Software Download Site)
- do not open unexpected email especially from unknown sources
- do not open unexpected attachements
- do not click on links in email (hover the mouse you can at least confirm if the link displayed really points back to where it says it does)
- use a user level account with a password for day to day computer use and question why it is prompting you for administrator rights when that happens. Do not share your password with anyone (the kids can have there own accounts). Do not leave your mobile devices unattended without at least locking the screen so your password is needed before tampering with it.
The real Hackers will happily provide tips on how you can stay safe. If someone is breaking in without permission, they are not a Hacker regardless of what they or the mass media claims.
Hi LindaLou,
Yes, another way to read this post is that it can be quite easy for people more tech-savvy than you to "spy" into your computer. See my comment titled "Here are those two issues" for more
Yes, another way to read this post is that it can be quite easy for people more tech-savvy than you to "spy" into your computer. See my comment titled "Here are those two issues" for more
No need to touch their router because it utilizes NAT traversal techniques. Free for personal use.
http://www.teamviewer.com/en/download/linux.aspx
http://www.teamviewer.com/en/download/linux.aspx
when I installed this it used wine. The downloads don't have md5sums or some other way to verify them. You have to actually install the full version on a remote Linux host to use it, because there is no quick connect module for them. And windows hosts need the quick connect module installed. All said and done kind of defeats the op's reasoning behind his method.
I have no experience with a Linux install of Teamviewer and it's use of Wine. Are you saying that you have an objection to it's use for some reason or just being informative?
Do you believe there is some overuse of system resources like CPU or hard drive space because of a full version versus just a host version or security related to using a minimal amount of code that may possibly be exploitable?
I do have issues with their point to point "VPN" since it does not give out an IP address on the remote LAN and therefore can not be used to overcome censorship in different countries i.e. torrents from Isohunt or BBC video. It also needs BIOS remote control.
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology
Version 8 is adding remote print capabilities to the already useful file transfer and videochat functions.
You can find more information about security concerns here:
http://www.teamviewer.com/en/help/cat19-Security.aspx
You can submit a ticket for next day email support to ask them about putting up a webpage with checksums for installers. I personally do not see the security implications of this because if they can hack the download server containing the executables, it is likely they can also change the webserver with the page containing the checksums.
I have taken advantage of their client to overcome Nvidia driver black screen problems that Microsoft RDP was unable to solve.
You may also not like the fact that your actions are going through Teamviewer's servers. If you have serious concerns about security, besides the obligatory 20+ character password to deter GPU cracking, standard user and whitelisting of email contacts and executables on your computers, you should setup a PFSense L2TP/IPSec VPN to replace their gateway. You can use a script to gather the outside WAN NIC IP address and http the text to your ISP's webserver space instead of relying on dynamic DNS pointing to your usually ISP TOS unallowed server. There may be provisions for exceptions to this rule regarding security solutions. I know FiOS has such a clause which would allow the VPN server. This configuration is also useful for smartphone security over free wi-fi (even with WPA2 encryption) at retail establishments because you are further segregated from anyone else on that WLAN. Obviously once you are on their LAN, you can use whatever tools you prefer to support them. Additionally, Windows computers should also use MBSA to rectify their security profile, EMET to help mitigate poorly coded software, and
IE using InPrivate Browsing which defaults to using no add-ons, thus minimizing your security footprint.
Although I have no experience with Logmein, it may be a better choice for you.
I do agree that remote control applications do not support the op's reasoning for just an easy way to get an IP address. The bigger picture is what utility that information has. He needs to support relative's computers remotely with a solution that is always available. He can use a laborious script configuration
that is self-supported. It will require using two different technologies/providers (Web/Email) which decreases reliability and ironically uses third party services that are implied as being undesirable. This paradoxically is claimed to be simpler than a Dynamic DNS or a simple remote control executable installation with commercial support. The choice is his.
Do you believe there is some overuse of system resources like CPU or hard drive space because of a full version versus just a host version or security related to using a minimal amount of code that may possibly be exploitable?
I do have issues with their point to point "VPN" since it does not give out an IP address on the remote LAN and therefore can not be used to overcome censorship in different countries i.e. torrents from Isohunt or BBC video. It also needs BIOS remote control.
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology
Version 8 is adding remote print capabilities to the already useful file transfer and videochat functions.
You can find more information about security concerns here:
http://www.teamviewer.com/en/help/cat19-Security.aspx
You can submit a ticket for next day email support to ask them about putting up a webpage with checksums for installers. I personally do not see the security implications of this because if they can hack the download server containing the executables, it is likely they can also change the webserver with the page containing the checksums.
I have taken advantage of their client to overcome Nvidia driver black screen problems that Microsoft RDP was unable to solve.
You may also not like the fact that your actions are going through Teamviewer's servers. If you have serious concerns about security, besides the obligatory 20+ character password to deter GPU cracking, standard user and whitelisting of email contacts and executables on your computers, you should setup a PFSense L2TP/IPSec VPN to replace their gateway. You can use a script to gather the outside WAN NIC IP address and http the text to your ISP's webserver space instead of relying on dynamic DNS pointing to your usually ISP TOS unallowed server. There may be provisions for exceptions to this rule regarding security solutions. I know FiOS has such a clause which would allow the VPN server. This configuration is also useful for smartphone security over free wi-fi (even with WPA2 encryption) at retail establishments because you are further segregated from anyone else on that WLAN. Obviously once you are on their LAN, you can use whatever tools you prefer to support them. Additionally, Windows computers should also use MBSA to rectify their security profile, EMET to help mitigate poorly coded software, and
IE using InPrivate Browsing which defaults to using no add-ons, thus minimizing your security footprint.
Although I have no experience with Logmein, it may be a better choice for you.
I do agree that remote control applications do not support the op's reasoning for just an easy way to get an IP address. The bigger picture is what utility that information has. He needs to support relative's computers remotely with a solution that is always available. He can use a laborious script configuration
that is self-supported. It will require using two different technologies/providers (Web/Email) which decreases reliability and ironically uses third party services that are implied as being undesirable. This paradoxically is claimed to be simpler than a Dynamic DNS or a simple remote control executable installation with commercial support. The choice is his.
I can't read a sed command to save my butt, but (ha ha, a pun) copying and pasting the guts of line 13 into a command prompt "just worked". My debian system has mutt and w3m installed, so it runs here, but I don't have any linux using aunts or uncles. Real nice, though.
I ended the article saying "As is, the script has two issues. One is technical, one is not."
Here are those two issues.
The purely technical issue is that if the computer (but not the modem!) is powered off, and then powered on again, the "support person" will not be informed that the computer is up and online again, because the script will not see a change in the IP address. This can be overcome, if it is a problem, in many ways. A simple one is adding a couple of lines to the shell script that cancel the my_ip_address file if the uptime is less than 10 minutes.
The non technical issue is privacy. This "support trick", or any other alternative suggested in the comments, lets the "support person" know whenever the "users" are surfing the Net from that computer. It makes scenarios like "I didn't hear your call because I was sleeping" "No, you weren't, I know you had just turned on your computer" possible.
In my case, this is not an issue because I only do this as unpaid assistance for relatives to whom I HAVE explained all the implications and only AFTER they have explicitly accepted. If they don't like the idea, then the deal is "next time I come to your place, even if it's ten days from now, I'll help you to "fix" your computer". YMMV
Here are those two issues.
The purely technical issue is that if the computer (but not the modem!) is powered off, and then powered on again, the "support person" will not be informed that the computer is up and online again, because the script will not see a change in the IP address. This can be overcome, if it is a problem, in many ways. A simple one is adding a couple of lines to the shell script that cancel the my_ip_address file if the uptime is less than 10 minutes.
The non technical issue is privacy. This "support trick", or any other alternative suggested in the comments, lets the "support person" know whenever the "users" are surfing the Net from that computer. It makes scenarios like "I didn't hear your call because I was sleeping" "No, you weren't, I know you had just turned on your computer" possible.
In my case, this is not an issue because I only do this as unpaid assistance for relatives to whom I HAVE explained all the implications and only AFTER they have explicitly accepted. If they don't like the idea, then the deal is "next time I come to your place, even if it's ten days from now, I'll help you to "fix" your computer". YMMV
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
