SmartSDR v3.7.4 and the SmartSDR v3.7.4 Release Notes | SmartSDR v2.12.1 and the SmartSDR v2.12.1 Release Notes
SmartSDR v1.12.1 and the SmartSDR v1.12.1 Release Notes
Power Genius XL Utility v3.8.8 and the Power Genius XL Release Notes v3.8.8
Tuner Genius XL Utility v1.2.11 and the Tuner Genius XL Release Notes v1.2.11
Antenna Genius Utility v4.1.8
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.
FlexRadio/SmartLink network intrusions.
I have moved my FlexRadio from one location to another. Since setting up the radio a few days ago, my network firewall has logged several attempts to access my internal network via the FlexRadio(6400).
- Are these known SmartLink servers?
- What do others do to secure their networks from intrusion via the FlexRadio?
- Is this the radio doing some kind of network discovery?
I had the same problem at the old location, but assumed that was an ISP problem.
Comments
-
I am seeing similar intrusions. In the last 7 days, there was attempted access to my flex radio from Russian, Germany, and other countries. Fortunately, my ISP Xfinity blocked them as suspicious. They all try to target just the Flex Radio. No other devices in the home are being targeted. It is only the 6400, that is vulnerable. I find this interesting. How did these foreign attackers get IP address and other information about Flex Radio? And how is SmartLink involved? Was SmartLink DB hacked? What is going on?
0 -
I don't know how SmartLink works so I am not sure how their discovery works. But I imagine a lot of people are not aware of these attacks.
I don't understand enough to really point fingers, but these attempts all started at this new property when I installed the FlexRadio here and they are targeting the Flex specifically.
0 -
Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator adminOptionsInteresting
For those of you seeing these, are you using 4992 and 4993 on your WAN side and not some other value?
I passed this on to engineering, but since the radio communication is fully encrypted, they will not be able to access your radio. They are doing a sweep of IP addresses in a brute force attempt to find a hole. It just happens to be the port your radio is reached via.
However, if you are someone that forwarded the internal port for a direct SmartSDR connection then you are exposed. This can happen if you are SmartSDR for MAC user and you do I direct IP address connection to your radio and you manually set up a port forward on your firewall. This means you really had to go out of your way to make this happen.
But, I want to repeat, it is like someone ringing the doorbell at your house but you don't answer it.
73
0 -
In my case, use only SmartSDR for Mac and also iOS. I am not a Windows user at this time. Also when connecting remotely via SmartLink I am in “Discovery” mode as opposed to “Scan” or “Fixed”. And in this context, it uses uPnP default values for router to dynamically map IP port addresses from 21000 and 22000 to 4992 and 4993 (default mapping). The radio IP happens to resolve to 10.0.0.19 most of the time. Lease within the pool is set for 2 weeks. I don’t manually set any IP or port addresses. All is dynamically mapped by router. I have not made any specific port forwarding. I only use network settings out of the box with no changes by me.
0 -
In other words, I am using DHCP with default network settings of SmartSDR for Mac. No values changed by me. Just for clarification.
0 -
Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator adminOptions
We chatted about this internally.
Nothing to worry about. This is just related to a malicious port probe.
A malicious port probe, also known as a "malicious port scan" or "malicious port scanning," refers to the unauthorized and often malicious act of scanning a target system or network to identify open and accessible ports.
0 -
OK Thanks Mike. I not worry. Dan
0 -
I dunno, Mike. I doubt if the USSR or any other criminal State care about my encrypted SSDR traffic. Its much more likely that they’re attacking the radio’s IP stack in the hope that they can 1) plant some Linux malware in the radio or 2) use the IP stack to do a 180 and then attack other devices on my LAN. Can your engineers give any insight on this?
73…..Frank / WA3NHK
1 -
Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator adminOptions
They already did. It isn't FlexRadio related or targetted.
0 -
For me it wasn’t a port scan.. I skip those.. Here is the readout from the UniFi box.
At the last location before I turned on intrusion detection and blocking I did have a group from St. Petersburg regularly trying to access my network.. I assumed it was an ISP problem.
Also these are targeted at the Flex. I am not getting these from/for any of the other devices on the network.
0 -
What is about the Flex that is attracting this attention. I do not get these intrusions for ANY other device on my network. And they started the moment I plugged my 6400 in. I have a sophisticated firewall in place that can block these. Many other users may not. Which means their whole network and machines they have attached are vulnerable.
0 -
Here is the latest list. I have 40+ devices on my network and this is complete unfiltered list of attempts to gain access to my network.
0
Leave a Comment
Categories
- All Categories
- 251 Community Topics
- 2.1K New Ideas
- 490 The Flea Market
- 7.4K Software
- 5.9K SmartSDR for Windows
- 135 SmartSDR for Maestro and M models
- 332 SmartSDR for Mac
- 241 SmartSDR for iOS
- 224 SmartSDR CAT
- 161 DAX
- 344 SmartSDR API
- 8.6K Radios and Accessories
- 6.9K FLEX-6000 Signature Series
- 779 Maestro
- 42 FlexControl
- 836 FLEX Series (Legacy) Radios
- 733 Genius Products
- 393 Power Genius XL Amplifier
- 254 Tuner Genius XL
- 86 Antenna Genius
- 224 Shack Infrastructure
- 151 Networking
- 375 Remote Operation (SmartLink)
- 119 Contesting
- 586 Peripherals & Station Integration
- 116 Amateur Radio Interests
- 810 Third-Party Software