4 instance of wsjt
4 instances of jtalert
HF Auto software
If you never used smartlink, i wonder why there would be any port open from outside to inside of your network at all. You should have that checked , this would offend a security flaw. Our flex opens his ports when switched on through the router via UPNP . Then , well if there is an occasional portscan against your public IP, SSDR will see this as a connection attempt and hopefully just not understand what the guy wants.
As far as i understood the smartlink IP channel is only build up between SSDR and the Flex Box when the credentials are correct.
I am no "elmer" but have been using by 6700 for over 5 years and have seen this in the past on many ocassions.
We reviewed the reports, looked through our Azure-based server logs, and found nothing that indicated a security breach of any kind.
The messages generate when any TCP client connects to the radio. Messages do not generate when software using CAT or DAX to control or read data from a radio connection to the virtual serial port or the audio stream.
Connections from Private (local) Networks
Radios accept TCP connections without authentication from the following “local network” IPV4 address blocks:
Address Block Use Reference
Connections originating from these networks typically include SmartSDR, DAX and CAT clients, third-party software, or other devices that utilize the SmartSDR API, like the PGXL amplifier and Antenna Genius. For a successful connection, these devices must be visible to the subnet the radio is on. For example, a radio on the 192.168.0.0/24 network (netmask 255.255.255.0) with an IP address of 192.168.0.10 could accept unauthenticated connections from any device on the same network with an IP address of 192.168.0.1-254. Radios connected in a DMZ ignore connections from the Internet provided the radio is on a network described in the ranges specified above. The radio ignores direct TCP connection attempts from all other network ranges.
Connections from Public Networks
Connections from public networks require a SmartLink connection authenticated through our SmartLink service by the OAuth mechanism and encrypted with the latest version of TLS (v1.3). The authentication and subsequent encrypted communications are radio-specific. Meaning, even armed with the external IP address and TCP port information, a connection spoof attempt would fail authentication, and the payload is unreadable by the radio because it is encrypted using a secure, radio-unique signature.
Can I Log Connections?
Currently, there is no way, through our software, for a customer to enable a connection log. Our development team can enable debug logging, but the space available on the SD cards in the radios is both insufficient for long-term use and inaccessible to customers.
Can I Write Software to Monitor and Log Connections?
Yes, a monitoring function would best be implemented externally to the radio using our SmartSDR API. The API is more than capable of performing a monitoring function. It would be a straightforward software effort to build a Syslog bridge or a rudimentary logger to capture and log client connect events. The Windows SmartSDR client uses a publicly available .NET library (FlexLib), which encapsulates the SmartSDR API in C# objects and eliminates the network connection (TCP/UDP) and string parsing work.
Can Notifications be Disabled?
No, notifications cannot be disabled.
Under what conditions are connection messages generated from an external, non-private IP address?
- An SSDR client (PC and iPhone/IPad client via the SmartLink process. Please note this is also possible if you sold/purchased a radio without removing it from your SmartLink account, or someone connects from a stolen iPhone, iPad, PC, laptop, or your SmartLink credentials are compromised.
- A client connects to a radio directly connected to the Internet (and assigned a public IP address). Note: this would open the radio for anyone to connect to and use.
- A client connects to a radio connected to a private network, with TCP port access forwarded through the edge network/router, and with the “Enforce Private IP Connections” configuration setting disabled.
- 5402 Conversations
- 1696 Followers
- 3164 Conversations
- 660 Followers
- 3712 Conversations
- 975 Followers
- 900 Conversations
- 151 Followers
- 3051 Conversations
- 876 Followers
- 1208 Conversations
- 195 Followers
- 1065 Conversations
- 148 Followers
- 1259 Conversations
- 178 Followers
- 1245 Conversations
- 163 Followers