Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Client connect - What is this?

John - AI4FRJohn - AI4FR Member ✭✭
edited April 17 in SmartSDR for Windows
About 30 minutes after SSDR 317 was up and running I had an odd experience. See picture below. This IP address attempted to connect to SSDR about 30 or 40 times. I do not recognize it but a net search revealed it is from BlueOcean LLC from India. Any ideas?

Flex 6700
SSDR 317
Windows 7
4 instance of wsjt
4 instances of jtalert
Flex control
HF Auto software
DDUTIL





«1

Answers

  • DavidDavid Member ✭✭
    edited January 1
    I recommend you change your SmartLink password.
  • Erika - KØDDErika - KØDD Member ✭✭
    edited December 2019
    Well yeah John, people out there smurfing the net are looking for ports to hack their way into.  In this case looks like a station from India on that internet provider made an attempt to play radio.  They need a user name and password though, and your radio must not necessarily be OPEN...  OR IS IT?  Erika DD
  • John - AI4FRJohn - AI4FR Member ✭✭
    edited December 2019
    Thanks David and Erika. I've never really used Smartlink and doubt that I could remember my password. As far as I know the radio is not open. Is there such a setting in SSDR or Smartlink? Time for me to pull out the manual.
  • DavidDavid Member ✭✭
    edited December 2019
    It has been a while since I have mine set to auto-reconnect. I think if you disconnect from the radio (from menu line: Setting - Chose Radio - SmartLink Setup) you will find an option to change the password and other account options.
  • Erika - KØDDErika - KØDD Member ✭✭
    edited December 2019
    My smartlink setup which I am not currently using uses my "GOOGLIE" Username and password...  I am just local with this one anyway,

    Not that a VU2 ham is a bad guy or anything but trying to hack a radio IS being a bad guy.  IT's so EZ to download various versions of the SSDR software right off the website, and ANYBODY could connect...  It's just that they can't get past the Username ETC...  FUNNY, apparently neither can you?
  • John - AI4FRJohn - AI4FR Member ✭✭
    edited December 2019
    Thanks David and I was just playing with that. I have unregistered the radio from smartlink. I'll leave it this way for a while or until I need it.
  • Erika - KØDDErika - KØDD Member ✭✭
    edited December 2019
    It's nice to know the next time you're in India John, you'll be able to use your radio... That is after resetting things. giggle
  • MaxMax Member
    edited December 2019
    Same happened to me 2hrs ago but different ip
  • John - AI4FRJohn - AI4FR Member ✭✭
    edited December 2019
    LOL, very true Erika!! Gosh is it ever good to know that it works in India. As far as we know the hacker is following this post.

    Yes, I still have the vette. It sits in the garage which is right next to the shack. I've wanted one since before I was of age to drive. Many decades later, with an empty nest, we saved our pennies and finally got one. Thanks for asking.

    I created a page about it here:
    http://ai4fr.com/main/page_1965_corvette_1965_corvette.html

  • KC7ESKC7ES Member ✭✭
    edited December 2019
    Just turned up SSDR and seeing this IP trying to connect, over and over :45.56.126.141
    Looks like the SIP bots we get at our broadcast plant before the devices permitted blacklisting. Any chance Flex needs to get involved. This only just started today (12/31/19) for me.

  • Ha GeiHa Gei Member
    edited December 2019
    John,
    If you never used smartlink, i wonder why there would be any port open from outside to inside of your network at all. You should have that checked , this would offend a security flaw. Our flex opens his ports when switched on through the router via UPNP . Then , well if there is an occasional portscan against your public IP, SSDR will see this as a connection attempt and hopefully just not understand what the guy wants. 
    As far as i understood the smartlink IP channel is only build up between SSDR and the Flex Box when the credentials are correct. 



  • John - AI4FRJohn - AI4FR Member ✭✭
    edited December 2019
    Thanks Erika, I did log out of SmartLink and was able to log back in on the third try due to guessing at what password I used. I do not log in with Google or Facebook. For now I will run it unregistered since I do not use SmartLink.
  • John - AI4FRJohn - AI4FR Member ✭✭
    edited December 2019
    Ha Gei thanks for your thoughts. I had it turned on the help others and or to test it but never turned it off.

    It appears that several Flex users are seeing this IP attack today. Scary.


  • Tim BlankTim Blank Member ✭✭
    edited December 2019
    Same thing happened to me also, I am beginning to thing the flex licensing server dB was hacked? How else could such a large number of people see this same behavior?
  • Erika - KØDDErika - KØDD Member ✭✭
    edited December 2019
    Just flippen wonderful... If so maybe they'll put that on a list of things to fix some day?
  • K5CGK5CG Danny Member ✭✭
    edited April 3
    This kind of thing is going to happen when your network becomes more complex and you don't reinforce your front door. Consumer grade Internet routers are not adequate.
  • Chris DL5NAMChris DL5NAM Member
    edited December 2019
    ... and if you use your Google or Facebook account login for other software login = open your door for the world and invite them to come !

    Chris
  • Erika - KØDDErika - KØDD Member ✭✭
    edited December 2019
    I would never have UPNP setup...  I'd get the correct port numbers from FLEX and manually set them up.  When I had UPNP turned on every hacker in on the planet walked right in my front door.  I needed to find out from the defaults on my router what loopholes existed.

    I LOCKED it down tight.  I also changed the time server.  It was using the European Netgear default one and all of Europe was monitoring!!!!!  Wowsers...

    I then set ONLY MAC address filtering and DHCP has reservations and only those and no new ones can connect.

    That keep the front door locked down, but if they find individual ports...  Well that could be another thing.

    My attacks went from 25 different IPs to maybe one a week or so.

    Close your doors and lock them.  also close the ability to log in to your router remotely.  This is why I didn't use the router from the Provider and bought my own.

    Erika DD
  • Erika - KØDDErika - KØDD Member ✭✭
    edited December 2019
    Oh Chris, all of my googlie accounts have 15 character randomly generated passwords.  each one is a different ONE...  I'd never have anything important on less than 15 characters and they're weird ones...  I can barely type them twice when I have to !
    
  • Chris DL5NAMChris DL5NAM Member
    edited December 2019
    Erika, i believe you but you count to the 0.1% they do it right . Most used password of the is ?

    PASSWORD

  • Erika - KØDDErika - KØDD Member ✭✭
    edited December 2019
    and their USER NAME is USERNAME...  Dummies  Yeah I found a site on the net with a random password generator and had the thing **** out 80 of them for me.  I only mark the pages with a used when i actually use them and there's no X-reference.  I usually add an additional character to some too.  HOWEVER if somebody got into my file cabinet and pulled my master password list out...  YOUWSERS...  Even my husband doesn't know ehere that thing is at at and if he did probably couldn't type one in correct.  HAHAHAHA.  Yes I have all his passwords and got rid of his 5 and 6 character ones, hahahaha.  I hate computers...  sigh
  • edited March 8
    I have seen this message when my network was unstable.  I think if you check the IP address , it will be the IP address of the device you were using for smart SDR-like your PC.  I have seen this occur when part of your network is hard wired and some wireless.  The network sometimes fails to "talk" with itself and generates this on Smart SDR.  I doubt it's a hacker.

    I am no "elmer" but have been using by 6700 for over 5 years and have seen this in the past on many ocassions.
  • John - AI4FRJohn - AI4FR Member ✭✭
    edited December 2019
    On this end everything is hardwired. Radio to router and computer to router. Been running this way for about 2 years now and today was the first time I have ever seen this issue.
  • Erika - KØDDErika - KØDD Member ✭✭
    edited December 2019
    me 2 time to look at the router logs
  • Erika - KØDDErika - KØDD Member ✭✭
    edited December 2019
    Only thing I've been seeing is accessing from various ports to the ECHOLINK port...

    [LAN access from remote] from 185.156.73.52:57710 to 192.168.1.11:5200, Tuesday, Dec 31,2019 06:08:56

    That's happening about once a week and NOT when I get on with the YLRL ladies.

    I'm getting an occasional IP Spoof here also..  Somebody is trying to get in with a "DOT 5" IP address. HAHAHAHA yeah buddy I only accept MAC addresses.

    This 185 guy is a a KNOWN and reported hacker.  Nice.

  • Ha GeiHa Gei Member
    edited January 1
    Her, UPNP is the best solution :  

    My Router will ONLY let the Flex and 2 other machines from inside use UPNP at all and never ever expose UPNP to the outside. I trust the handbook and the proposals of AVM who make my fritzbox router.

    I have not seen the attack here myself, but was online just a while last day. I will monitor this today.

    What scares me :  Why does no one from flex comment here at all ??  
  • K5CGK5CG Danny Member ✭✭
    edited January 1
    "Why does no one from flex comment here at all ??"

    Because it's not a problem with the radio.

  • Bill -VA3WTBBill -VA3WTB Member ✭✭✭
    edited January 1
    Flex employees could chime in to explain what we are seeing here.
    It is nothing new, I have seen this for a long time time. I was under the impression that DAX and CAT both have an IP address. When my radio starts I always see 3 IP addresses pop up. I thought I am seeing DAX IP CAT IP and the radio IP. I may be wrong about this.
  • John - AI4FRJohn - AI4FR Member ✭✭
    edited January 1
    Bill what you are seeing is normal. We all see that. We are also familiar with the IP addresses. What happened here is a NEW IP address attempting to connect over and over again, 30 or 40 times for nearly a minute.
  • Bill -VA3WTBBill -VA3WTB Member ✭✭✭
    edited January 1
    John, it sounds like your very concerned, perhaps you should start a help desk ticket to find out what it is.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.