Suspicious Connection to Hopper3

[dweber]

My new Nighthawk router came with a one year free subscription to Armor security.

1) Netgear Armor detected that a suspicious remote location 185.147.124.216 attempted a connection to Living Room Hopper3 and blocked that connection. Does anyone know If that is a legitimate connection from Dish? If it is a legitimate connection I can allow it. Otherwise I will allow Netgear to block the site.

2) Nighthawk Armor had blocked the moca connection from my Joey 3 to my Family Room Hopper3 but I went ahead and allowed that connection.

I am impressed with the Armor security software. It has checked all 50 of my home network connections. It found 2 vulnerabilities. My Netgear access point in my barn needed a firmware update to fix a security issue. My ancient Western Digital network drive is vulnerable but unfortunately there is no new firmware available. All of my other devices check out as being secure.


Sent from my iPhone using Tapatalk

 

[dweber]

I talked to Dish technical support and it is not their site so I will continue to allow Armor security to block the site.


Sent from my iPhone using Tapatalk

 

[Strega]

I checked several IP address to location services and they all said that IP address is in Russia.

 

[ewindowman]

I had xfinity and they blocked hopper attacks several times a day. Not sure if it was on there end or not just lots of warnings. I don’t have any programming in Russian so I doubt there is anything worth watching maybe Man vs Food .

 

[navychop]

They want to find out who’s watching the Borscht Channel.

 

[Almighty1]

whois 185.147.124.216
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See RIPE Database Terms and Conditions | Docs

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '185.147.124.0 - 185.147.124.255'

% Abuse contact for '185.147.124.0 - 185.147.124.255' is 'abuse@almirallc.ru'

inetnum: 185.147.124.0 - 185.147.124.255
netname: RU-ALMIRA-20240725
country: RU
org: ORG-AL1013-RIPE
admin-c: AL20125-RIPE
tech-c: AL20125-RIPE
status: ASSIGNED PA
mnt-by: IP-RIPE
created: 2024-07-25T16:18:11Z
last-modified: 2024-07-25T16:18:15Z
source: RIPE

organisation: ORG-AL1013-RIPE
org-name: Almira LLC
address: ul. Rogova, d. 12, pom. 2P
address: 123098 Moscow
address: Russia
abuse-c: AL20125-RIPE
mnt-ref: IP-RIPE
mnt-by: IP-RIPE
org-type: OTHER
created: 2024-05-20T18:22:24Z
last-modified: 2024-05-20T18:23:04Z
source: RIPE # Filtered

role: Almira LLC
address: ul. Rogova, d. 12, pom. 2P
address: 123098 Moscow
address: Russia
abuse-mailbox: abuse@almirallc.ru
phone: +7 495 1855735
nic-hdl: AL20125-RIPE
mnt-by: IP-RIPE
created: 2024-05-20T18:22:25Z
last-modified: 2024-05-20T18:22:25Z
source: RIPE # Filtered

% Information related to '185.147.124.0/24AS49505'

route: 185.147.124.0/24
origin: AS49505
mnt-by: IP-RIPE
created: 2024-07-25T16:18:16Z
last-modified: 2024-07-25T16:18:16Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.114 (SHETLAND)

 

[HipKat]

Not shocking. I run a Buffalo Bills forum, less than 50 users through Xenforo and almost daily I have Russian spambots/trolls trying to join and being blocked by security features.

 

[Scott Greczkowski]

You should see the number of attacks we get here per day.


Sent from my iPhone using Tapatalk

 

[navychop]

Training ground.

 

[arlo]

Wow. The paranoia that is built into consumer routers is simply amazing.
You know when you download and install different applications and you choose "typical installation" and then discover a lot of crap has been added to your pc? Yeah. Always choose a custom install even if you don't make any changes.

You know how when you buy. Let's say. A security camera system or stuff like that. And you have to register on their website to be able to view them remotely with an app? TCP port 8080 is the most common one for cameras that are exposed to the public internet.
Well. Through the vendors website, you're protected from opening those ports on your router. And a LOT of things can be done once a port is opened besides viewing and controlling your cameras. Bad things if somebody should find your pc, do a port scan, find one or more open to incoming traffic. And party down.

But then again on the extreme side. McAfee for one. Was (is still?) infamous for shutting your pc down from accessing the Internet.
It was too extremely strict.
Then, the folks who stack virus protection applications on a computer. That basically end up attacking each other. They kill me.

Scott said it right. If you have the proper equipment and software. Or your backbone is protecting your site. Tons and tons of traffic. Good or bad.
I got a bit mouthy on one place a long time ago. Got my butt kicked and account deleted. Honestly, I did.
So I tried creating a new account. They knew my IP address. And locale. Nope! Couldn't. TGFVPN. Haha.
Thank God for Virtual Private Network. Created a new account. Minded my manners. And after registered. Didn't care that I shut my VPN down and IP showed where I was on the globe.

So. Interesting as it is. And the wow factor that what you bought has bloatware built in. Pretty much toys. If you really want a firewall with customizable and even downloadable filters. Software like Pfsense and others are free. All you need is a spare pc that doesn't even have to be that robust with a couple of good NIC cards. And of course a bit of elbow grease. Or an old router that you can run back-to-back to yours with custom firmware. And Bob's your uncle (but mom knows better).

 

[HipKat]

You should see the number of attacks we get here per day.


Sent from my iPhone using Tapatalk

It's crazy, isn't it?