Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Client connect - What is this?

2»

Answers

  • Ha Gei
    Ha Gei Member ✭✭
    edited January 2020
    Up to now...no sightings here, none of my users saw any tries here.. We all kept a watch during the day.


  • Erika - KØDD
    Erika - KØDD Member ✭✭
    edited January 2020
    Yeah like one from the land of hackers attempting to invade a port they can "SEE" or "SCAN" and try to get into.  All we can do is attempt to make it so  difficult to get into our systems that they get bored, leave it alone, and go away.

    It takes a really bored wiz **** to hack away at a FLEX RADIO in Quincy Illinois and then spin down to the next.  Some of these yahoos are notorious hackers...  Hoping to **** things wide open, or steal information. Well have fun, I hope ya'all can figure out how to lock the world down, and keep others from gaining access.

    Russians?  Ukrainians? North Koreans? Da CIA?  Your cousin Joey???  Everybody is in the hacking business..

    Erika DD
  • Dan-N7HQ
    Dan-N7HQ FlexRadio Employee, Community Manager admin
    edited April 2020
    Please check to ensure you have not inadvertently disabled the Private IP Connections protection mechanism.  The issue you describe would be caused by that if you have ports forwarded on your router. Smartlink is not impacted by this setting.  


  • John - AI4FR
    John - AI4FR Member ✭✭
    edited January 2020
    Excellent point Dan. I just checked and mine is like yours above, it is and was Enabled.
  • KC7ES
    KC7ES Member ✭✭
    edited January 2020
    Mine was enabled Dan, but was also enabled when I got a string of attempted connections the other day. No problems today.
    Thanks for the post.
    73,
    Eric
  • Dan-N7HQ
    Dan-N7HQ FlexRadio Employee, Community Manager admin
    edited January 2020
    Thanks, Eric and John, I'll discuss this with the software team and report back here. 

    Please drop a note to me ([email protected]) if this occurs again.

    Best,
    Dan
  • John - AI4FR
    John - AI4FR Member ✭✭
    edited January 2020
    Will do and thanks again Dan. First and only time I have seen it in 2 years of running a Flex.
  • James Whiteway
    edited January 2020
    Dan, I'm running the latest version of SSDR and I do not have the "Advanced" portion of the Network screen like you have. Is there a setting somewhere that will enable it?
    James
    WD5GWY

  • David
    David Member ✭✭
    edited January 2020
    Did you click the Advanced button to the right of the MAC Address:?
  • John - AI4FR
    John - AI4FR Member ✭✭
    edited January 2020
    James, go to SSDR, then settings, then radio setup, then network, then click on Advanced which is located at the end of the MAC address.
  • James Whiteway
    edited January 2020
    There's not one.
    image
  • James Whiteway
    edited January 2020
    Maybe, I have the "Appliance Operator" version of SSDR!
    :-)

  • James Whiteway
    edited January 2020
    Version 3.1.8
  • John - AI4FR
    John - AI4FR Member ✭✭
    edited January 2020
    Version here, 317. Flex 6700 with CAT cable to router.

    Thanks for the pic. What happened to your advance button?
  • James Whiteway
    edited January 2020
    That's a good question. Like I said, maybe I have the appliance operator version of SSDR. Or, the radio just doesn't trust me!
    I'm running the radio thru a switch to my router. It seems in earlier versions of SSDR that the Advanced Tab was present. Not sure what happened here.
  • Max
    Max Member
    edited January 2020
    You must be on a local network for that selection to appear.
  • Steve K9ZW
    Steve K9ZW Member ✭✭✭
    edited January 2020
    https://community.flexradio.com/flexradio/topics/m-series-radio-no-advanced-network-option

    I don't think FRS ever spoke to this issue, as operators are finding the Advanced button missing on M models?  

    73

    Steve
    K9ZW

    Blog:  http://k9zw.wordpress.com  
  • James Whiteway
    edited January 2020
    It's not on the M model display or in SSDR on my PC either. Maybe, it's only the M models that are affected. James WD5GWY
  • Dan-N7HQ
    Dan-N7HQ FlexRadio Employee, Community Manager admin
    edited January 2020
    Yes, sir, it is only the M models impacted by this bug.  I'll update the status of that when I write up the results of the meeting with the software team.

    Best,
    Dan
  • Dan-N7HQ
    Dan-N7HQ FlexRadio Employee, Community Manager admin
    edited April 2020
    I promised to get back to folks here about the questions asked or implied on this thread.  

    We reviewed the reports, looked through our Azure-based server logs, and found nothing that indicated a security breach of any kind.

    The messages generate when any TCP client connects to the radio. Messages do not generate when software using CAT or DAX to control or read data from a radio connection to the virtual serial port or the audio stream.

    Connections from Private (local) Networks

    Radios accept TCP connections without authentication from the following “local network” IPV4 address blocks:


    Address Block  Use  Reference


    Connections originating from these networks typically include SmartSDR, DAX and CAT clients, third-party software, or other devices that utilize the SmartSDR API, like the PGXL amplifier and Antenna Genius. For a successful connection, these devices must be visible to the subnet the radio is on. For example, a radio on the 192.168.0.0/24 network (netmask 255.255.255.0) with an IP address of 192.168.0.10 could accept unauthenticated connections from any device on the same network with an IP address of 192.168.0.1-254. Radios connected in a DMZ ignore connections from the Internet provided the radio is on a network described in the ranges specified above. The radio ignores direct TCP connection attempts from all other network ranges. 

    Connections from Public Networks

    Connections from public networks require a SmartLink connection authenticated through our SmartLink service by the OAuth mechanism and encrypted with the latest version of TLS (v1.3). The authentication and subsequent encrypted communications are radio-specific. Meaning, even armed with the external IP address and TCP port information, a connection spoof attempt would fail authentication, and the payload is unreadable by the radio because it is encrypted using a secure, radio-unique signature.

    Can I Log Connections?

    Currently, there is no way, through our software, for a customer to enable a connection log. Our development team can enable debug logging, but the space available on the SD cards in the radios is both insufficient for long-term use and inaccessible to customers. 

    Can I Write Software to Monitor and Log Connections?

    Yes, a monitoring function would best be implemented externally to the radio using our SmartSDR API. The API is more than capable of performing a monitoring function. It would be a straightforward software effort to build a Syslog bridge or a rudimentary logger to capture and log client connect events. The Windows SmartSDR client uses a publicly available .NET library (FlexLib), which encapsulates the SmartSDR API in C# objects and eliminates the network connection (TCP/UDP) and string parsing work.

    Can Notifications be Disabled?

    No, notifications cannot be disabled.

    Under what conditions are connection messages generated from an external, non-private IP address?

     

    • An SSDR client (PC and iPhone/IPad client via the SmartLink process. Please note this is also possible if you sold/purchased a radio without removing it from your SmartLink account, or someone connects from a stolen iPhone, iPad, PC, laptop, or your SmartLink credentials are compromised.

     

    • A client connects to a radio directly connected to the Internet (and assigned a public IP address). Note: this would open the radio for anyone to connect to and use.

     

    • A client connects to a radio connected to a private network, with TCP port access forwarded through the edge network/router, and with the “Enforce Private IP Connections” configuration setting disabled.
       

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.