Database Info

How do I access the localhost or 127.0.0.1 loopback address on a WM6.5 device?

How do I access the localhost or 127.0.0.1 loopback address on a WM6.5 device?
I want to know if windows mobile 6.5 has the same thing as a desktop machine - does it have a loopback address such as 127.0.0.1???
I know wm6.5 doesnt have a hosts file in the same sense that a windows xp machine does...
If localhost doesnt exist, how do I create a loopback address similar to localhost for my device?
I need to know this so that I can do some dynamical port forwarding using pocketputty.

bump bump

bump bump.............

bump !

[Completed] Scripting, forward a specific port from tun0 to wlan0 to PC

I have this script running on boot and cycling on a timer to make my wifi hotspot send data through a PIA VPN. PIA will assign a single port allowed to be used for forwarding and I now want to forward that assigned port to a PC connected to the wifi hotspot. The PC's local IP address is 192.168.1.252 (hotspot assigned but I can set it static) and the port number is 40212. Is there a way to add that routing to this script?
while sleep 30; do
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 8.8.8.8
ip rule add from 192.168.1.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.1.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61

Hi
Please sign up on forums and post in general Q/A
http://forum.xda-developers.com/general/help
Though personally I think you can find better information on Linux Admin sites.
Probably try using man pages for iptables ?
Good day !

Routing instead of NAT/Masquerade for WiFi Tether clients

When clients connect to Android Tethering they get IPs of the private Tethering network. There is plenty of info available on how to NAT/Masquerade the WiFi tethering clients (for example into a VPN), but I haven't managed to find how should I change or re-write IPTABLES and ROUTES in order to avoid natting/masquerading and just make ordinary routing from the tethered devices IP to the other networks (or a VPN).
Example: Local Tether client 1 gets : 192.168.43.1/24 Local Tether client 2 gets : 192.168.43.2/24 ... and at the VPN interface we have the 10.1.0.0/24 Network. Disabling NAT and adding the routes in an ordinary router is easy, but I need help to do it on my Android device. Thank you. Peter

HI Peter
I found this code from my friend. Just save the code with text editor like jota+ (from Google play store).
This code will forward all traffic from WiFi tethered clients to vpn. Just run via terminal emulator.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61

ndrancs said:
HI Peter
I found this code from my friend. Just save the code with text editor like jota+ (from Google play store).
This code will forward all traffic from WiFi tethered clients to vpn. Just run via terminal emulator.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Click to expand...
Click to collapse
Thank you very much NDrancs. Are you sure its just routing the packets with their original IP ? Its just because on the fourth line I see a Masquerade. I will check. Thank you so much for your time.
Peter

Slashdot "Open Ports Create Backdoors In Millions of Smartphones"

Slashdot is running a story about how lots of Android apps listen on ports for incoming connections.
https://it.slashdot.org/story/17/04/28/2343222/open-ports-create-backdoors-in-millions-of-smartphones
I was quite surprised by this as I thought virtually all Android apps would be outbound only and wouldn't need to create a listening socket, unless a genuine server (SSH/FTP/HTTP etc). But I ran an "netstat -apn | grep -i listen " on my phone, and to my surprise my mobile provider VoIP app is listening on a port (again I thought it would be outbound only). And worse I can happily connect to it from my WiFi.
I added iptables rules to block inbound connections but allow outbound unrestricted. The VoIP app seems happy enough.
But also surprised (for me this is LineageOS, but I assume common to all androids), that the default iptables rules don't block inbound connections, with an API allowing apps to request inbound on specific ports or something.
My iptables rules are below (covering v6 too):
Code:
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -j DROP
ip6tables -A INPUT -p icmp -j ACCEPT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -j DROP

I had a further look at one of the apps I have listening. I picked the popular Plex client app. Here is the netstat output (it also listens on a number of loopback ports but no big deal there):
tcp6 0 0 :::44411 :::* LISTEN 13084/com.plexapp.android
So listens on IPv4 and IPv6. Telneting to this port and it seems to have some sort of webserver listening on this:
Escape character is '^]'.
get /
HTTP/1.1 500 Internal Server Error
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1209600
Failure: 500 Internal Server Error
Connection closed by foreign host.
Not sure why a client app like this needs to listen really.

I have slightly modified my iptables rules to allow IPv6 SLAAC to work properly and to allow SSH (as an example allowed incoming service) in from my local IP addresses (and IPv6 local ULA addresses) on WiFi.
Code:
#!/system/bin/sh
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p udp --dport 33791 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j DROP
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -d fe80::/64 -p udp -m udp --dport 546 -m state --state NEW -j ACCEPT
ip6tables -A INPUT -p udp --dport 33791 -j ACCEPT
ip6tables -A INPUT -s fda1:12B0:97A1::/64 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -j DROP

DNS changes to hacker's specified DNS (android)

I have little knowledge about tech related stuff but what I knew from my experience is that hacker's DNS's which are pri: 39.39.39.39 , sec: 182.176.100.141 made possible for anyone can remotely view my phone just like using "Remote Desktop Viewer" software.
I had used following methods to prevent DNS from changing but was unsuccessful (because DNS changes instantly when on the other side someone tries to connect):
(1) Following rules are added to "20-dns.conf" file (system/etc/dhcpcd/dhcpcd-hooks), Afwall+ custom script and init.d script but its only set DNS after reboot or when I run the script each time and do not prevent DNS from changing:
setprop net.dns1 2208.67.222.22
setprop net.dns2 2208.67.222.22
setprop net.eth0.dns1 208.67.222.222
setprop net.eth0.dns2 208.67.220.220
setprop net.rmnet0.dns1 208.67.222.222
setprop net.rmnet0.dns2 208.67.220.220
setprop dhcp.tiwlan0.dns1 208.67.222.222
setprop dhcp.tiwlan0.dns2 208.67.220.220
setprop net.ppp0.dns1 208.67.222.222
setprop net.ppp0.dns2 208.67.220.220
setprop net.pdpbr1.dns1 208.67.222.222
setprop net.pdpbr1.dns2 208.67.220.220
I also add the above rules to "build.prop" but result was the same.
(2)Installed Override DNS (root), it also does not prevent DNS change. It only set DNS (google, openDNS etc) after every reboot/connectivity change and cannot detect DNS change. I tried to change DNS from "Terminal Emulator" and was able to change DNS while "Override DNS" was ON. Another problem with "Override DNS" is that it shows an error (Network device name is null, The error message is netInfo is null,something went wrong) when data/wifi is off. While hacker does not need me to ON data/wifi to achieve his goal.
(3) Following IPTABLES rules are added to Afwall+ custom script and init.d script (didn't worked):
su
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53 || true
iptables -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53 || true
iptables -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
&
$IPTABLES -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 208.67.222.222:53 || true
$IPTABLES -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 208.67.222.222:53 || true
(4) I use terminal emulator by using "getprop | grepdns" command to see my active DNS servers. But its not showing recent changes made to DNS from other side except changes made by myself.
Once I installed "Spyhunter4" in PC and "advance DNS protection system" in "Spyhunter4"did the job so far. It showed popup "Your DNS setting has changed, Do you want to keep changes?" every time when DNS change attempt was made from other side and when I clicked on NO it revert back DNS to google, openDNS etc. This pop-up appeared like 100 times in a minute but later when I connect my PC to internet he (the hacker) was able to make changes to "comodo firewall" rules and Spyhunter4. did not worked anymore. When you open Spyhunter4 it updates its database everytime you launch it and that was also disabled. I know that because I had seen many IP's (belonging to hacker) in comodo killswitch, established connection to my PC.
I think something which locks my specified DNS (google, openDNS etc) and prevent it from changing will solve the problem.
Maybe experts here will reach to the root of the problem by simply looking into these DNS's:
[39.39.39.39]
[182.176.100.141]
But again I want to add here that the "hacker" does not need me to connect to internet to change my DNS servers or viewing my phone.
[Hacker= works in NSA type agency (I am not wanted by any agency but the guy uses official resources for personal gain, for his friend]
Regards

Both websites show up only in spamhaus go to https://www.spamhaus.org/lookup/ to see. As far as iptables is concerned you should be blocking the input to those ips. To see your network traffic use a sniffer. It seems though that the hacker is using a RAT remote access trojan or a script. For your phone I would take out the sim set up firewall rules and then connect to another network and see what happens. I would install a new updated rom and see what happens, you can also try safe mode. The problem on your computer is another story... The key to do these things is to get all the data you can pcap files user access logs and then search online for help. On the computer is seems that spyhunter does work so trace back what turned it off. AFAIK using NSA tools especially the unreleased ones (wiki 7) gets you fired so maybe someone at the NSA will believe you if you have the data to prove it.

Thanks a lot sir. You are right that I should block input to those ip's. And i think it will work.

Applied Protocol said:
Both websites show up only in spamhaus go to https://www.spamhaus.org/lookup/ to see. As far as iptables is concerned you should be blocking the input to those ips. To see your network traffic use a sniffer. It seems though that the hacker is using a RAT remote access trojan or a script. For your phone I would take out the sim set up firewall rules and then connect to another network and see what happens. I would install a new updated rom and see what happens, you can also try safe mode. The problem on your computer is another story... The key to do these things is to get all the data you can pcap files user access logs and then search online for help. On the computer is seems that spyhunter does work so trace back what turned it off. AFAIK using NSA tools especially the unreleased ones (wiki 7) gets you fired so maybe someone at the NSA will believe you if you have the data to prove it.
Click to expand...
Click to collapse
Can you briefly explain to me how to set those iptables rules. As I said in the beginning of my thread that I am new to these kind of stuff. I followed instruction from here (https://forum.xda-developers.com/ge...-to-change-dns-android-device-t3273769/page1
) when I tried all methods described in my thread. Thanks in advance.

Ykhann said:
Can you briefly explain to me how to set those iptables rules. As I said in the beginning of my thread that I am new to these kind of stuff. I followed instruction from here (https://forum.xda-developers.com/ge...-to-change-dns-android-device-t3273769/page1
) when I tried all methods described in my thread. Thanks in advance.
Click to expand...
Click to collapse
here is a full iptables script
Code:
#!system/bin/sh
###################################
#
# File name paranoidfw.sh
# Iptables secure paranoid Firewal script for Android
# Loging Everything With DNS protection
# By Applied Protocol
#
###################################
#
IPTABLES=system/bin/iptables
IP6TABLES=system/bin/ip6tables
# DNS servers
DNS_SERVER="1.1.1.1 1.0.0.1"
DNS_SERVER6="2606:4700:4700::1001 2606:4700:4700::1111"
# Block IP
BAD_IP=" "
BAD_DNS="39.39.39.39 182.176.100.141"
### INPUT Chain
# Start with New Rules
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -F -t mangle
$IPTABLES -t mangle -X
$IP6TABLES -F
$IP6TABLES -F -t nat
$IP6TABLES -X
$IP6TABLES -P INPUT DROP
$IP6TABLES -P OUTPUT DROP
$IP6TABLES -P FORWARD DROP
$IP6TABLES -F -t mangle
$IP6TABLES -t mangle -X
## Connection Tracking
$IPTABLES -A INPUT -m state --state INVALID -j NFLOG --log-prefix "DROP INVALID" --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A INPUT -m state --state INVALID -j NFLOG --log-prefix "DROP INVALID" --log-ip-options --log-tcp-options
$IP6TABLES -A INPUT -m state --state INVALID -j DROP
$IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### INPUT Chain
## Block IP
for ip in $BAD_IP
do
$IPTABLES -A INPUT -s $ip -m state --state NEW -j NFLOG --log-prefix "DROP Bad IP NEW" --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -s $ip -m state --state NEW -j DROP
$IPTABLES -A INPUT -s $ip -m state --state ESTABLISHED,RELATED -j NFLOG --log-prefix "DROP Bad IP EST" --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -s $ip -m state --state ESTABLISHED,RELATED -j DROP
done
## Block Bad DNS
for ip in $BAD_DNS
do
$IPTABLES -A INPUT -p udp -s $ip --dport 53 -m state --state NEW -j NFLOG --log-prefix "DROP Bad DNS NEW" --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -p udp -s $ip --dport 53 -m state --state NEW -j DROP
$IPTABLES -A INPUT -p tcp -s $ip --dport 53 -m state --state NEW -j NFLOG --log-prefix "DROP Bad DNS NEW" --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -p tcp -s $ip --dport 53 -m state --state NEW -j DROP
$IPTABLES -A INPUT -p udp -s $ip --dport 53 -m state --state ESTABLISHED,RELATED -j NFLOG --log-prefix "DROP Bad DNS EST" --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -p udp -s $ip --dport 53 -m state --state ESTABLISHED,RELATED -j DROP
$IPTABLES -A INPUT -p tcp -s $ip --dport 53 -m state --state ESTABLISHED,RELATED -j NFLOG --log-prefix "DROP Bad DNS EST" --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -p tcp -s $ip --dport 53 -m state --state ESTABLISHED,RELATED -j DROP
done
## Selected DNS
for ip in $DNS_SERVER
do
$IPTABLES -A INPUT -p tcp -s $ip --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -s $ip --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
done
for ip in $DNS_SERVER6
do
$IP6TABLES -A INPUT -p tcp -s $ip --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A INPUT -p tcp -s $ip --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
done
### default INPUT LOG rule
$IPTABLES -A INPUT ! -i lo -j NFLOG --log-prefix "DROP" --log-ip-options --log-tcp-options
## Make sure that loopback traffic is accepted
$IPTABLES -A INPUT -s 127.0.0.1 -j -j NFLOG --log-prefix "LoopBack" --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -s 127.0.0.1 -j ACCEPT
### OUTPUT Chain
## Block IP
for ip in $BAD_IP
do
$IPTABLES -A OUTPUT -d $ip -m state --state NEW -j NFLOG --log-prefix "DROP Bad REQ NEW" --log-ip-options --log-tcp-options
$IPTABLES -A OUTPUT -d $ip -m state --state NEW -j DROP
$IPTABLES -A OUTPUT -d $ip -m state --state ESTABLISHED,RELATED -j NFLOG --log-prefix "DROP Bad IP REQ EST" --log-ip-options --log-tcp-options
$IPTABLES -A OUTPUT -d $ip -m state --state ESTABLISHED,RELATED -j DROP
done
## Block Bad DNS
for ip in $BAD_DNS
do
$IPTABLES -A OUTPUT -p udp -d $ip --dport 53 -m state --state NEW -j NFLOG --log-prefix "Bad DNS NEW udp" --log-ip-options --log-tcp-options
$IPTABLES -A OUTPUT -p udp -d $ip --dport 53 -m state --state NEW -j DROP
$IPTABLES -A OUTPUT -p udp -d $ip --dport 53 -m state --state ESTABLISHED,RELATED -j NFLOG --log-prefix "DROP Bad DNS EST " --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -p tcp -d $ip --dport 53 -m state --state ESTABLISHED,RELATED -j DROP
done
## Selected DNS
for ip in $DNS_SERVER
do
$IPTABLES -A OUTPUT -p udp -d $ip --dport 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -d $ip --dport 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 53 -j NFLOG --log-prefix "Other DNS REQ" --log-ip-options --log-tcp-options
$IPTABLES -A OUTPUT -p tcp --dport 53 -j NFLOG --log-prefix "Other DNS REQ" --log-ip-options --log-tcp-options
$IPTABLES -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination $ip:53
$IPTABLES -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination $ip:53
done
for ip in $DNS_SERVER6
do
$IP6TABLES -A OUTPUT -p udp -d $ip --dport 53 -m state --state NEW -j ACCEPT
$IP6TABLES -A OUTPUT -p tcp -d $ip --dport 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 53 -j NFLOG --log-prefix "Other DNS REQ" --log-ip-options --log-tcp-options
$IPTABLES -A OUTPUT -p tcp --dport 53 -j NFLOG --log-prefix "Other DNS REQ" --log-ip-options --log-tcp-options
$IP6TABLES -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination $ip:53
$IP6TABLES -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination $ip:53
done
exit
### EOF ###
To explain this script is mainly a DNS script it changes over your DNS requests to a different ip it does need NAT for ipv4 and ipv6 compiled in the kernel.
All logging is done with all the info of the packet (not pcap)
First define your good DNS and bad DNS and other ip to block (if blank comment it out with # in the commands below) do not use ip for DNS the loggs willnot be clear
Then we start from fresh iptables chains and zeroing the chains
next is connection tracking turned on so unsolicited requests do not work it will drop and log
Bad ip and bad DNS ip both block ip for DNS this is only port 53 it will drop and log new connections and old ones it logs them separately
Selected DNS is the preferred DNS servers only to be allowed in unless it is requested this allows only old connections
any non requested (new) connections are dropped and logged
loopback is allowed and logged also
the same idea is in the OUTPUT tables
Any other DNS requests are logged and passed on to be ip changed.
That said the script is used by checking the logs (a colored log viewer helps!) and seeing how many times the rules where hit this can be done with
Code:
iptables -L
ip6tables -L
If you do believe that someone is using NSA tech on you I would save the phone image with abd and dd and share it with the security community (first saving your data and deleting it temporary)