my own IP address is trying to set a cookie

Discussion in 'privacy problems' started by LMHmedchem, Nov 26, 2012.

Thread Status:
Not open for further replies.
  1. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    I'm not sure if this is the right forum, so feel free to move this.

    I use seamonkey for my email/browser (the old mozilla setup). The cookie control works similar to firefox where I have options for when cookies expire. I have this set to, "ask every time". The result is that whenever a site tries to set a cookie, I have options, allow, allow for session, block, and a "use every time" check box. I rarely get these popups anymore because the permissions are set for the sites I visit.

    A couple of days ago, I started getting a cookie permission request when I first open seamonkey. The request is from an IP address (no domain name). I looked up the IP, since I know it was not the IP of my yahoo homepage, and discovered that it is my own comcast IP address. This would appear that some software on my system, or router, is setting a cookie. There is no content in the cookie, and so far it hasn't changed when browsing, so I'm not sure what it's purpose is. Seamonkey does not use individual text file cookies like ie, but keeps them in a sqlite database file. There never seems to be anything in this file, so it's hard to get a good look at what the cookie content is other than opening the seamonkey cookie manager.

    Cookies are set by software. I'm not running any kind of server on this box, so I can't see what app could be trying to set a cookie. I am running a sofaware firewall router, but that software has not changed in a long time. It could be from the comcast server I am connecting to, but then it should be set from the IP of the comcast server, not my IP.

    Has anyone ever seen this or have any idea what may be going on?

    LMHmedchem
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Did you set "do not track"?
     
  3. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    As far as I know, Seamonkey does not have a "do not track" setting like firefox. You can control you cookie settings, so by using session cookies (no persistent cookies) and just blocking third party cookies, I think you can more or less prevent tracking. Things like BHO are a bit different and I have those handled with better privacy and the adobe settings.

    My main question is about what software is trying to set this cookie and and where from. Also, why has this just started and why is it not happening in every profile? I did see this cookie in firefox while it was set to private browsing, but when unchecked private browsing and set cookie permissions to "ask me every time", there does not appear to be any attempt to set the cookie in firefox anymore. I do not see this cookie in ie.

    There are times when copies of the folders,

    C:\Documents and Settings\username\Cookies
    C:\Documents and Settings\basic_user\Local Settings\Temporary Internet Files

    appear in,
    C:\Documents and Settings\basic_user\Local Settings\Temp

    and that makes me a bit suspicious.

    LMHmedchem
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    When I log into my ISP-provided router, it sets a simple session id cookie, so what you're seeing could be the same.
     
  5. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    My router was not provided by my ISP, it is a sofaware that I bought. I have had this router for several years, so part of my question is why I am just seeing this now. It also doesn't seem to happen everywhere, which is odd if it is from my ISP. I have several seamonkey profiles, and I only get this cookie set in one of the profiles. It seems likely that it would be from the ISP, but why is it starting now and why doesn't it happen in all browsers and profiles?

    LMHmedchem
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    I don't know what to tell you, other than if there's no content in the cookie, it's probably nothing to worry about. If it's only Seamonkey alerting you to these and not other browsers, it could be the other browsers recognize they're "empty" cookies so they don't bother alerting to them? Just a theory.

    Also, since the cookie is set by either your ISP or maybe your router, then it should only be passed back and forth during your session between you and that point of origin.
     
  7. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    I actually checked the cookie locations of the other browsers to make sure there was no cookie for that IP. It would just be nice to know what that "point of origin" is.

    After looking into this a bit more, it looks like there is a difference in the cookie settings between the account showing this behavior and the others. There is a setting for "allow cookies from originating site only" that was checked in the other profiles, but not in the problem one. When I check this, I don't get the attempt to set anymore. I don't know if a recent update changed this setting or something like that. Apparently what ever it is may have been trying to set this cookie for some time and I just didn't see it since it was automatically blocked. I just updated SM and maybe there was some kind of glitch that didn't copy the setting quite right, or possibly they have changed that setting page.

    Is there any way to see where the instructions are coming from to set a cookie? I seem to remember the old Privoxy software logging all kinds of events like that. Would there be a way with wireshark or some similar tool? I just seems odd that when I open a browser, some server somewhere would want to set a cookie from my IP address that has nothing in it. Is this some kind of loss prevention so that the ISP can see if there are multiple computers connecting through the same IP? Whatever it is doesn't seem to effective if you can just block the cookie from being set.

    LMHmedchem
     
  8. Sir paranoids

    Sir paranoids Registered Member

    Joined:
    Oct 20, 2012
    Posts:
    101
    whatever just disable cookie's.

    i know i did a long time ago,one more dirt bag farming em on your computer not going to change anything and in some cases they are needed as you well know.

    when done, for internet site "X" purge the pile ~ problem solved.

    Web Services Privacy Policy, comcast
     
    Last edited: Nov 28, 2012
  9. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    It sounds as though the Yahoo homepage you are using *might* for some reason be causing SM to issue an HTTP request to your IP Address, which is being responded to by your router, the router's HTTP response(s) via header or javascript tries to set a cookie, which in this case is a third-party cookie which SM is set to prompt you about in this profile. I would suggest you investigate and attempt to confirm/deny this, as you don't want your router to be open to some related attacks.

    I would close all instanced of SM, run ipconfig /flushdns at the cmdline, launch Wireshark and start capturing, launch SM and let the homepage load, wait a few seconds, then stop Wireshark capturing and walk through the results. Presumably in there you will see a connection *to* your public IP Address, an HTTP request and an HTTP response (possibly several depending on what your router serves up). Look for a Set-Cookie header and/or cookie setting javascript in the response(s) from your router. I would also look at the content served by Yahoo and try to understand if/why it is triggering a request to your IP Address.
     
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    In the cookies content you should see "Host:" or "Domain:" with a domain name or ip address next to it. That is the point of origin, or whatever issued you the cookie. The cookie is sent on every request from your browser to only the site or domain that issued it.
     
    Last edited: Nov 28, 2012
  11. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    Thanks, I will try this and see what I find out. I'm not certain that this only happens when I open my yahoo home page, but I will check and see if I can reproduce this when SM opens to a different home page. Another fly in the ointment is that there seems to be a bug in cookie handling for the most recent SM release. Cookie permissions seem to be disappearing. I am also using comodo from my DNS server if that makes a difference.

    The problem is that that next to Host: is my own IP address, as if somehow I am setting a cookie in my own browser.

    LMHmedchem
     
  12. Sir paranoids

    Sir paranoids Registered Member

    Joined:
    Oct 20, 2012
    Posts:
    101
    1st your home page should be about:blank when checking for this problem.

    2nd everything your talking about is in your legal agreement with your isp

    btw have you called your isp about this tropic ?

     
Loading...
Thread Status:
Not open for further replies.