Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Client connect - What is this?

2»

Answers

  • Ha GeiHa Gei Member
    edited January 1
    Up to now...no sightings here, none of my users saw any tries here.. We all kept a watch during the day.


  • Erika - KØDDErika - KØDD Member ✭✭
    edited January 1
    Yeah like one from the land of hackers attempting to invade a port they can "SEE" or "SCAN" and try to get into.  All we can do is attempt to make it so  difficult to get into our systems that they get bored, leave it alone, and go away.

    It takes a really bored wiz **** to hack away at a FLEX RADIO in Quincy Illinois and then spin down to the next.  Some of these yahoos are notorious hackers...  Hoping to **** things wide open, or steal information. Well have fun, I hope ya'all can figure out how to lock the world down, and keep others from gaining access.

    Russians?  Ukrainians? North Koreans? Da CIA?  Your cousin Joey???  Everybody is in the hacking business..

    Erika DD
  • Dan-N7HQDan-N7HQ FlexRadio Employee, Community Manager admin
    edited April 17
    Please check to ensure you have not inadvertently disabled the Private IP Connections protection mechanism.  The issue you describe would be caused by that if you have ports forwarded on your router. Smartlink is not impacted by this setting.  


  • John - AI4FRJohn - AI4FR Member ✭✭
    edited January 2
    Excellent point Dan. I just checked and mine is like yours above, it is and was Enabled.
  • KC7ESKC7ES Member ✭✭
    edited January 2
    Mine was enabled Dan, but was also enabled when I got a string of attempted connections the other day. No problems today.
    Thanks for the post.
    73,
    Eric
  • Dan-N7HQDan-N7HQ FlexRadio Employee, Community Manager admin
    edited January 2
    Thanks, Eric and John, I'll discuss this with the software team and report back here. 

    Please drop a note to me ([email protected]) if this occurs again.

    Best,
    Dan
  • John - AI4FRJohn - AI4FR Member ✭✭
    edited January 2
    Will do and thanks again Dan. First and only time I have seen it in 2 years of running a Flex.
  • edited January 2
    Dan, I'm running the latest version of SSDR and I do not have the "Advanced" portion of the Network screen like you have. Is there a setting somewhere that will enable it?
    James
    WD5GWY

  • DavidDavid Member ✭✭
    edited January 2
    Did you click the Advanced button to the right of the MAC Address:?
  • John - AI4FRJohn - AI4FR Member ✭✭
    edited January 2
    James, go to SSDR, then settings, then radio setup, then network, then click on Advanced which is located at the end of the MAC address.
  • edited January 2
    There's not one.
    image
  • edited January 2
    Maybe, I have the "Appliance Operator" version of SSDR!
    :-)

  • edited January 2
    Version 3.1.8
  • John - AI4FRJohn - AI4FR Member ✭✭
    edited January 2
    Version here, 317. Flex 6700 with CAT cable to router.

    Thanks for the pic. What happened to your advance button?
  • edited January 2
    That's a good question. Like I said, maybe I have the appliance operator version of SSDR. Or, the radio just doesn't trust me!
    I'm running the radio thru a switch to my router. It seems in earlier versions of SSDR that the Advanced Tab was present. Not sure what happened here.
  • MaxMax Member
    edited January 2
    You must be on a local network for that selection to appear.
  • Steve K9ZWSteve K9ZW Member ✭✭✭
    edited January 2
    https://community.flexradio.com/flexradio/topics/m-series-radio-no-advanced-network-option

    I don't think FRS ever spoke to this issue, as operators are finding the Advanced button missing on M models?  

    73

    Steve
    K9ZW

    Blog:  http://k9zw.wordpress.com  
  • edited January 2
    It's not on the M model display or in SSDR on my PC either. Maybe, it's only the M models that are affected. James WD5GWY
  • Dan-N7HQDan-N7HQ FlexRadio Employee, Community Manager admin
    edited January 2
    Yes, sir, it is only the M models impacted by this bug.  I'll update the status of that when I write up the results of the meeting with the software team.

    Best,
    Dan
  • Dan-N7HQDan-N7HQ FlexRadio Employee, Community Manager admin
    edited April 17
    I promised to get back to folks here about the questions asked or implied on this thread.  

    We reviewed the reports, looked through our Azure-based server logs, and found nothing that indicated a security breach of any kind.

    The messages generate when any TCP client connects to the radio. Messages do not generate when software using CAT or DAX to control or read data from a radio connection to the virtual serial port or the audio stream.

    Connections from Private (local) Networks

    Radios accept TCP connections without authentication from the following “local network” IPV4 address blocks:


    Address Block  Use  Reference


    Connections originating from these networks typically include SmartSDR, DAX and CAT clients, third-party software, or other devices that utilize the SmartSDR API, like the PGXL amplifier and Antenna Genius. For a successful connection, these devices must be visible to the subnet the radio is on. For example, a radio on the 192.168.0.0/24 network (netmask 255.255.255.0) with an IP address of 192.168.0.10 could accept unauthenticated connections from any device on the same network with an IP address of 192.168.0.1-254. Radios connected in a DMZ ignore connections from the Internet provided the radio is on a network described in the ranges specified above. The radio ignores direct TCP connection attempts from all other network ranges. 

    Connections from Public Networks

    Connections from public networks require a SmartLink connection authenticated through our SmartLink service by the OAuth mechanism and encrypted with the latest version of TLS (v1.3). The authentication and subsequent encrypted communications are radio-specific. Meaning, even armed with the external IP address and TCP port information, a connection spoof attempt would fail authentication, and the payload is unreadable by the radio because it is encrypted using a secure, radio-unique signature.

    Can I Log Connections?

    Currently, there is no way, through our software, for a customer to enable a connection log. Our development team can enable debug logging, but the space available on the SD cards in the radios is both insufficient for long-term use and inaccessible to customers. 

    Can I Write Software to Monitor and Log Connections?

    Yes, a monitoring function would best be implemented externally to the radio using our SmartSDR API. The API is more than capable of performing a monitoring function. It would be a straightforward software effort to build a Syslog bridge or a rudimentary logger to capture and log client connect events. The Windows SmartSDR client uses a publicly available .NET library (FlexLib), which encapsulates the SmartSDR API in C# objects and eliminates the network connection (TCP/UDP) and string parsing work.

    Can Notifications be Disabled?

    No, notifications cannot be disabled.

    Under what conditions are connection messages generated from an external, non-private IP address?

     

    • An SSDR client (PC and iPhone/IPad client via the SmartLink process. Please note this is also possible if you sold/purchased a radio without removing it from your SmartLink account, or someone connects from a stolen iPhone, iPad, PC, laptop, or your SmartLink credentials are compromised.

     

    • A client connects to a radio directly connected to the Internet (and assigned a public IP address). Note: this would open the radio for anyone to connect to and use.

     

    • A client connects to a radio connected to a private network, with TCP port access forwarded through the edge network/router, and with the “Enforce Private IP Connections” configuration setting disabled.
       

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.