Outbound connection to 23.129.64.159?

[qu3bec]

Any reason why konnected board would try utbound connection to 23.129.64.159? Noticed this in the logs on the firewall running on my router. Dec 11 21:01:30 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=18:31:bf:4a:20:e0:68:c6:3a:e1:9c:2a:08:00 SRC=192.168.1.11 DST=23.129.64.159 LEN=76 TOS=0x00 PREC=0x00 TTL=255 ID=6 PROTO=UDP SPT=4096 DPT=123 LEN=56

[rotcop4u2]

By using google on the IP address. It shows that is a tor IP. Also shows that it is an abusive IP.

On Sat, Dec 14, 2019, 12:09 AM qu3bec notifications@github.com wrote:

Any reason why konnected board would try utbound connection to 23.129.64.159? Noticed this in the logs on the firewall running on my router. Dec 11 21:01:30 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=18:31:bf:4a:20:e0:68:c6:3a:e1:9c:2a:08:00 SRC=192.168.1.11 DST=23.129.64.159 LEN=76 TOS=0x00 PREC=0x00 TTL=255 ID=6 PROTO=UDP SPT=4096 DPT=123 LEN=56

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/konnected-io/konnected-security/issues/114?email_source=notifications&email_token=AJB2YJRXBPCSXU2DULCHH4TQYRTBPA5CNFSM4J2YWTTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEG32RAY#issuecomment-565684355, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJB2YJUTAX7PZK5ZODYJSBLQYRTBPANCNFSM4J2YWTTA .

[heythisisnate]

No idea why Konnected would be hitting this ip. Are you sure the source is a konnected device?

[qu3bec]

No idea why Konnected would be hitting this ip. Are you sure the source is a konnected device?

Yes I've set up the board with a static IP 192.168.1.11

[DeeCla1973]

The alarm can't seem to connect to my wifi as of yesterday. I have no idea and can't see to correct the issue.

On Sun, Dec 15, 2019 at 4:07 PM qu3bec notifications@github.com wrote:

No idea why Konnected would be hitting this ip. Are you sure the source is a konnected device?

Yes I've set up the board with a static IP 192.168.1.11

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/konnected-io/konnected-security/issues/114?email_source=notifications&email_token=AMCWOAGXTCEKP2WYVDJET73QY2MBBA5CNFSM4J2YWTTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEG5CG4Q#issuecomment-565846898, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMCWOAAVLFVEXU2BTOZX6LLQY2MBBANCNFSM4J2YWTTA .

[heythisisnate]

I really have no idea. This is not much info to go on. Maybe try capturing the traffic with wireshark to see if we can see what kind of content it is?

[qu3bec]

https://otx.alienvault.com/indicator/ip/23.129.64.159 Under Passive DNS some ntp servers listed. Does the board connect to ntp servers? I just found out that my TP-Link HS110 plug also tried to hit this ip!!

[heythisisnate]

Yes, it does connect to NTP to sync the current time.

[heythisisnate]

Looks like pool.ntp.org is one of the DNS entries, so that makes sense now.

[qu3bec]

Yeah it does. How often does the board sync current time? Mine reboots once every few days and sometimes twice a day so maybe it can't connect to ntp servers when it reboots?

[heythisisnate]

It syncs after every reboot. It will prefer to get the current time from your router/gateway. So, if you can configure your router to act as a NTP server, then you can avoid going out to the internet to sync time.