SmartSDR v3.8.19 and the SmartSDR v3.8.19 Release Notes | SmartSDR v2.12.1 and the SmartSDR v2.12.1 Release Notes
SmartSDR v1.12.1 and the SmartSDR v1.12.1 Release Notes
Power Genius XL Utility v3.8.8 and the Power Genius XL Release Notes v3.8.8
Tuner Genius XL Utility v1.2.11 and the Tuner Genius XL Release Notes v1.2.11
Antenna Genius Utility v4.1.8
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.
Unknown IP address trying to connect to Flex 6600M
Supposedly this IP address belongs to DigitalOcean, LLC and located in London, United Kingdom.
Has anyone else had something link this happen to them? Could this be a software glitch or was someone actually trying to hack into my radio?
73,
Geoff - W8GNM
Answers
-
Google search shows lots of complaints on these guys. One of the services they supply are VPN's. If it was me, I would probably block in my router.0
-
I seen the same thing today.0
-
also seen same thing
0 -
also had my xfinity show me that it blocked a "malicious ip" not sure what it means though0
-
To all,
We are aware of this issue that affected several users yesterday. We worked on the issue last evening and it would appear that this was a result of a specific type of port scan in an attempt to **** your network. These types of scans (probes) happen all the time (my firewall log is full of them every day) so this is not a unique situation.
We'll have more to communicate on this a little later, but in every case we investigated, the security mechanisms we put into place to protect your radio from intrusion worked as designed and a successful connection to your radio did not actually occur. And No SmartLink credentials were compromised either.
0 -
I haven't found an easy way to block this IP address or a range of IP addresses around it on my TP-Link C8 wireless router,
0 -
Tim,
Is there anything I can disable on my 6600M if I am not using remote access?
I just need local connectivity to me PC with CAT and FT8 apps.
0 -
Ant actual risk is essentially nil, so there really isn't anything you need to do.
However, if you have configured SmartLink and do not need use, unregister your radio from your SmartLink account and remove any port forwarding rules that you may have entered into your router for SmartLink if you used manual port forwarding. Also, turn off UPnP in your router too (although this may break other things that relay on it.)
0 -
Thanks for the suggestions Tim. I'll be interested in seeing the rest of the information on this issue when it is available.
0 -
Chapter 10 of the C8 manual
https://static.tp-link.com/Archer%20C8_V4_User%20Guide.pdf
sub chapter 10.4
GL // k3Tim/70 -
Thanks for bringing this issue to our attention. First, I want to say up front how seriously we take security at FlexRadio. The SmartLink system was designed with security in mind, so when we get reports like this, it is important for us to figure out what is going on. We use the latest industry standards to secure your SmartLink account including public key infrastructure (pki) encryption alongside TLS (successor to SSL) -- the same technology used for your online banking needs. To cut to the chase, what we found was that the SmartLink system is working as intended and the “connections” in the message are benign. We found no evidence of compromised systems (radio or SmartLink).
We observed several instances of what was reported here in this thread both with employees and other customers yesterday around the same time. Essentially, multiple messages pop up that say that “Client connected from IP (IP shown here).” We understand this can be disconcerting when the IP is not one that you recognize and you quickly come to the conclusion that someone else is using your radio.
In our analysis, we found that the radio will display the message whenever an initial connection is made to the SmartLink TCP port. However, the connection is severed if the TLS authentication is not validated. As such, it is ultimately unsuccessful in being fully connected to the radio as a valid client. This is kind of like someone trying your car door handle when it is locked. Yes, they are pulling the handle, but since it is locked, they still can’t get in.
As some of you in the IT industry can attest, this kind of thing happens on firewalls all the time. There are IP and port scans done routinely across the entire IPv4 space. On a firewall, you wouldn’t typically see this unless you went looking in the logs for it as this is exactly the kind of activity that the firewall is designed to keep out and despite the attempts, the firewall is working when it blocks those connections. This most likely boils down to a port scan where the scanner has gone a step further to attempt a TLS connection to the open port. Without the appropriate credentials, that’s where the road ends. The SmartLink system does its job to prevent access to the radio.
But not before displaying the confusing message about the connection to the user. This was a mistake and we understand the alarm this may have caused for you. For this reason, we will be changing the logic to only display the connection message upon successful validation of the client for SmartLink connections in a maintenance release at some point in the near future. This will suppress these messages.
tl;dr Your radio is secure. The messaging is confusing. We’ll improve the messaging.
2 -
This is Interesting, I have a question. Other radio companies allow remote using some sort of app for remote use, but they go direct without the use of a setup like Smart Link. How are they protected against attacks over the wide network?
0 -
It would not be prudent for FlexRadio to comment on other types of radio remote access. I recommend if you have a question, ask them directly.1
-
Eric, Thanks for the details. I checked my SmartLInk status and found that I was not registered in SmartLink at the time I was seeing IP address 134.122.106.19 trying to connect to my 6600M. I don't understand why I was seeing this if I wasn't registered in SmartLInk. Everyone else is reporting the same IP address.
Geoff
0 -
We actually saw a number of different IP addresses show up in the reports that we saw. They weren't all the same. To prevent this kind of connection, you'll need to ensure that external connections (WAN) cannot access your radio. To do this, make sure that you don't have any port forwarding to your radio and services like UPnP are disabled. ***Just to be clear (for others), SmartLink will not function if you configure your network to refuse all WAN traffic to the radio.***0
-
Hi Tim, Thanks for the link to V4 of the Archer C8 manual. I could not find sub chapter 10.4. My version of the manual only goes to 10.3. In the various security settings, I could not find a way to block a specific IP address from the WAN. The only blocking tool I found was MAC address blocking. I am running the latest version of C8 firmware. Do you have any other suggestions? Thanks, Geoff
0 -
Hi Geoff
The link posted shows an updated manual that has chapter 10, subsection 4. If trhe router firmware does not support blocking the attack your seeing, I would personally replace it. Using a Netgear commercial router here at the WAN interface and it seems very secure.
Perhaps a port scan to see what ports are open?
Someone in IT security here on the community may have a suggestion...
k3Tim/70
Leave a Comment
Categories
- All Categories
- 289 Community Topics
- 2.1K New Ideas
- 536 The Flea Market
- 7.5K Software
- 6K SmartSDR for Windows
- 146 SmartSDR for Maestro and M models
- 360 SmartSDR for Mac
- 250 SmartSDR for iOS
- 231 SmartSDR CAT
- 172 DAX
- 353 SmartSDR API
- 8.8K Radios and Accessories
- 7K FLEX-6000 Signature Series
- 30 FLEX-8000 Signature Series
- 851 Maestro
- 44 FlexControl
- 847 FLEX Series (Legacy) Radios
- 799 Genius Products
- 417 Power Genius XL Amplifier
- 279 Tuner Genius XL
- 103 Antenna Genius
- 243 Shack Infrastructure
- 166 Networking
- 404 Remote Operation (SmartLink)
- 130 Contesting
- 632 Peripherals & Station Integration
- 125 Amateur Radio Interests
- 873 Third-Party Software