Unwanted IP Connection

  • 1
  • Question
  • Updated 10 months ago
  • Answered
Using Windows 10 and a Flex 6500 with V2.  I noticed today an IP address popping up in the lower right corner of my screen indicating it was connected with Smart Link.  The address is 174.213.13.58 which is listed to Verizon.  I use Verizon Cell service but no wired services with Verizon.   About the same time I noted the band changed from 40 meters to 20 meters with no input from me.  I immediately changed the Flex login passwords but within a few minutes the same IP popped up again indicating it was connected.

Has anyone else noticed this activity?  Any suggestions other than running a full virus scan?
Photo of K6MBY

K6MBY

  • 23 Posts
  • 0 Reply Likes
  • confused!

Posted 11 months ago

  • 1
Photo of Ned K1NJ

Ned K1NJ

  • 302 Posts
  • 75 Reply Likes
  Ping it from a cmd window.  If the ping comes back <1ms,  disable wi-fi on your smart phone.

       Ned,  K1NJ
Photo of K6MBY

K6MBY

  • 23 Posts
  • 0 Reply Likes
Request timed out.

Bob
K6MBY
Photo of Mark - WS7M

Mark - WS7M

  • 1001 Posts
  • 356 Reply Likes
Were you in a coffee shop or other public place?

A common hijacking technique is someone sets up a "fake router" that looks and feels like it is the real Starbucks WiFi but you are connected to them instead and they skim off keystrokes etc.  

If this was the case then they probably got curious and played with your flex connection a little. Most people doing this simply have way too much time on their hands.

One reason NEVER to do financial stuff on public WiFi at hotels, Starbucks, etc.
Photo of K6MBY

K6MBY

  • 23 Posts
  • 0 Reply Likes
I have never been in a public place with the computer used to connect to the Flex.  Only device ever used on a public hot spot was cellphone and that was only for email.

Agree on never do financial stuff on public wifi.

Bob
K6MBY
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9152 Posts
  • 3471 Reply Likes
Have you ever used your Verizon service (hot spot) to establish a SmartLink connection?

Looks like a device that you have enabled SmartLink on that is using Verizon is connecting to the radio.  If you are concerned, change your SmartLink account (user ID or password)
Photo of K6MBY

K6MBY

  • 23 Posts
  • 0 Reply Likes
Tim,
Yes I have used my Verizon cell phone hot spot to test the SmartLink connection.  The phone hot spot, however, has not been on in some time.   Ah, but this does give me an idea to chase down.

I have changed the password but I think I will log off Smartlink for a bit.

Bob
K
Photo of K6MBY

K6MBY

  • 23 Posts
  • 0 Reply Likes
Found it.  Some time ago a Ham RV friend was here and used his Verizon MiFi to log into my Flex.  He is now gone from my location and in central California.   We have just completed some testing and when he turns off his MiFi the 174.XXX IP address goes away.  I see this by looking at the connections in the router.  When he turns the MiFi back on the 174 IP address comes back.   We did this several times and each time the connection reappeared when the MiFi was turned back on.    Whether I am logged in to the SmartLink or not the connection appears when the MiFi is on.

We are not sure how to get rid of the "calling home" feature of the MiFi but at least I know where the address is coming from.

Bob
K6MBY
Photo of Varistor

Varistor

  • 334 Posts
  • 73 Reply Likes
Why is the RV guy being able to logon with invalid credentials (ie, the password has been changed)?
Photo of k3Tim

k3Tim

  • 843 Posts
  • 164 Reply Likes
Could this be some third party app running on the Win-10 platform using the CAT interface. Since you're on a Verizon connection that should be secure. Having used this same configuration no hack attacks have been observed.
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9152 Posts
  • 3471 Reply Likes
This is true too since SmartSDR, Maestro and CAT auto reconnect when they are started.
Photo of K6MBY

K6MBY

  • 23 Posts
  • 0 Reply Likes
I can stop the apps using CAT for the moment and see if the issue goes away.

Bob
K6MBY
Photo of K6MBY

K6MBY

  • 23 Posts
  • 0 Reply Likes
Further testing today.

My SmartLink password has been changed on my end and I am logged out.  My friend, W5NH BTW, is logged out of SmartLink.    Both of our 6500s are on with the WSJT application running.

When W5NH pushes his Tune button within his WSJT application..... MY radio keys up.  His does not.  WSJT has a method of changing bands via a mouse click.   When W5NH clicks to change bands, my radio changes bands. His does not.

The reverse of this is not true, however.   My pushing the tune button or changing bands does nothing at the W5NH end. 

My thought is that somehow SmartLink is still in the play even though both of us are logged out.   While I have OpenVPN running, I deleted my previous DDNS and created a new DDNS with a different domain name.  OpenVPN has not been reconfigured with the new domain.

Totally amazed by this and out of possible solution.

Any ideas appreciated.

Bob
K6MBY
Sequim, WA
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9152 Posts
  • 3471 Reply Likes
CAT is SmartLink enabled and he is still logged into your SmartLink account on his copy of SmartSDR CAT.
(Edited)
Photo of K6MBY

K6MBY

  • 23 Posts
  • 0 Reply Likes
Ah Tim... Thank you.   I had totally forgotten about that right click on "Radio Connected" in the SmartSDR Cat dialog.    5NH now at home at the moment but I will leave a message for him.  I will confirm with a response back tomorrow.

Bob
K6MBY
Photo of K1UO - Larry

K1UO - Larry

  • 788 Posts
  • 126 Reply Likes
Just thinking out loud.  Doesn't SSDR CAT also operate through Smartlink?  It sounds like your friends SSDR CAT is still tied in or logged into Smartlink somehow.  Was his local VPN Client ever tied into your Router via the VPN link ?
(Edited)
Photo of Varistor

Varistor

  • 334 Posts
  • 73 Reply Likes
My bet is on insufficient verification of credentials. That is, upon initial successful logon, SSDR places some sort of auth token on the end point. Think of it as a fancy cookie.


Next time a connection attempt is made SADR first looks for the token. If a token is found SSDR does not re-authenticate. This is evident from the first post when the password was changed and the RV guy could still connect.


Further, my bet is that the token does not expire in the name of keeping things “simple” for the benefit of the user. If the token were to expire then the radio keying ritual has to be repeated whenever the token expires.

All this can be tested by installing Burp on the endpoint and observing the handshakes between SSDR, the auth server, and radio itself.
(Edited)
Photo of K6MBY

K6MBY

  • 23 Posts
  • 0 Reply Likes
Larry,
Yes, I think that is exactly the issue as Tim just pointed out.  Even though we had signed out of SmartLink the SmartSDR Cat was still connected to the last radio..... which in this case, must have been my radio when he was visiting.

Up on the top of the SmartSDR Cat dialog box..... right click on "Radio Connected."   The two boxes noted in this drop down must be checked on my friends SDR Cat application.

Bob
K6MBY
Sequim, WA

This conversation is no longer open for comments or replies.