Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

FlexRadio/SmartLink network intrusions.

I have moved my FlexRadio from one location to another. Since setting up the radio a few days ago, my network firewall has logged several attempts to access my internal network via the FlexRadio(6400).

  1. Are these known SmartLink servers?
  2. What do others do to secure their networks from intrusion via the FlexRadio?
  3. Is this the radio doing some kind of network discovery?

I had the same problem at the old location, but assumed that was an ISP problem.

Comments

  • Dan Trainor
    Dan Trainor Member ✭✭✭

    I am seeing similar intrusions. In the last 7 days, there was attempted access to my flex radio from Russian, Germany, and other countries. Fortunately, my ISP Xfinity blocked them as suspicious. They all try to target just the Flex Radio. No other devices in the home are being targeted. It is only the 6400, that is vulnerable. I find this interesting. How did these foreign attackers get IP address and other information about Flex Radio? And how is SmartLink involved? Was SmartLink DB hacked? What is going on?

  • cyril
    cyril Member ✭✭

    I don't know how SmartLink works so I am not sure how their discovery works. But I imagine a lot of people are not aware of these attacks.

    I don't understand enough to really point fingers, but these attempts all started at this new property when I installed the FlexRadio here and they are targeting the Flex specifically.

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin

    Interesting

    For those of you seeing these, are you using 4992 and 4993 on your WAN side and not some other value?

    I passed this on to engineering, but since the radio communication is fully encrypted, they will not be able to access your radio. They are doing a sweep of IP addresses in a brute force attempt to find a hole. It just happens to be the port your radio is reached via.

    However, if you are someone that forwarded the internal port for a direct SmartSDR connection then you are exposed. This can happen if you are SmartSDR for MAC user and you do I direct IP address connection to your radio and you manually set up a port forward on your firewall. This means you really had to go out of your way to make this happen.

    But, I want to repeat, it is like someone ringing the doorbell at your house but you don't answer it.


    73

  • Dan Trainor
    Dan Trainor Member ✭✭✭

    In my case, use only SmartSDR for Mac and also iOS. I am not a Windows user at this time. Also when connecting remotely via SmartLink I am in “Discovery” mode as opposed to “Scan” or “Fixed”. And in this context, it uses uPnP default values for router to dynamically map IP port addresses from 21000 and 22000 to 4992 and 4993 (default mapping). The radio IP happens to resolve to 10.0.0.19 most of the time. Lease within the pool is set for 2 weeks. I don’t manually set any IP or port addresses. All is dynamically mapped by router. I have not made any specific port forwarding. I only use network settings out of the box with no changes by me.

  • Dan Trainor
    Dan Trainor Member ✭✭✭

    In other words, I am using DHCP with default network settings of SmartSDR for Mac. No values changed by me. Just for clarification.

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin

    We chatted about this internally.

    Nothing to worry about. This is just related to a malicious port probe.

    A malicious port probe, also known as a "malicious port scan" or "malicious port scanning," refers to the unauthorized and often malicious act of scanning a target system or network to identify open and accessible ports.

  • Dan Trainor
    Dan Trainor Member ✭✭✭

    OK Thanks Mike. I not worry. Dan

  • fpmacko
    fpmacko Member ✭✭

    I dunno, Mike. I doubt if the USSR or any other criminal State care about my encrypted SSDR traffic. Its much more likely that they’re attacking the radio’s IP stack in the hope that they can 1) plant some Linux malware in the radio or 2) use the IP stack to do a 180 and then attack other devices on my LAN. Can your engineers give any insight on this?

    73…..Frank / WA3NHK

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin

    They already did. It isn't FlexRadio related or targetted.

  • cyril
    cyril Member ✭✭

    For me it wasn’t a port scan.. I skip those.. Here is the readout from the UniFi box.

    At the last location before I turned on intrusion detection and blocking I did have a group from St. Petersburg regularly trying to access my network.. I assumed it was an ISP problem.

    Also these are targeted at the Flex. I am not getting these from/for any of the other devices on the network.



  • cyril
    cyril Member ✭✭

    What is about the Flex that is attracting this attention. I do not get these intrusions for ANY other device on my network. And they started the moment I plugged my 6400 in. I have a sophisticated firewall in place that can block these. Many other users may not. Which means their whole network and machines they have attached are vulnerable.




  • cyril
    cyril Member ✭✭

    Here is the latest list. I have 40+ devices on my network and this is complete unfiltered list of attempts to gain access to my network.



Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.