Suspicious Connection to Hopper3

dweber

SatelliteGuys Pro
Original poster
Pub Member / Supporter
Jul 29, 2005
1,827
2,636
Plain City, OH
My new Nighthawk router came with a one year free subscription to Armor security.

1) Netgear Armor detected that a suspicious remote location 185.147.124.216 attempted a connection to Living Room Hopper3 and blocked that connection. Does anyone know If that is a legitimate connection from Dish? If it is a legitimate connection I can allow it. Otherwise I will allow Netgear to block the site.

2) Nighthawk Armor had blocked the moca connection from my Joey 3 to my Family Room Hopper3 but I went ahead and allowed that connection.

I am impressed with the Armor security software. It has checked all 50 of my home network connections. It found 2 vulnerabilities. My Netgear access point in my barn needed a firmware update to fix a security issue. My ancient Western Digital network drive is vulnerable but unfortunately there is no new firmware available. All of my other devices check out as being secure.


Sent from my iPhone using Tapatalk
 
I talked to Dish technical support and it is not their site so I will continue to allow Armor security to block the site.


Sent from my iPhone using Tapatalk
 
  • Wow
Reactions: charlesrshell
I had xfinity and they blocked hopper attacks several times a day. Not sure if it was on there end or not just lots of warnings. I don’t have any programming in Russian so I doubt there is anything worth watching maybe Man vs Food . :)
 
whois 185.147.124.216
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See RIPE Database Terms and Conditions | Docs

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '185.147.124.0 - 185.147.124.255'

% Abuse contact for '185.147.124.0 - 185.147.124.255' is 'abuse@almirallc.ru'

inetnum: 185.147.124.0 - 185.147.124.255
netname: RU-ALMIRA-20240725
country: RU
org: ORG-AL1013-RIPE
admin-c: AL20125-RIPE
tech-c: AL20125-RIPE
status: ASSIGNED PA
mnt-by: IP-RIPE
created: 2024-07-25T16:18:11Z
last-modified: 2024-07-25T16:18:15Z
source: RIPE

organisation: ORG-AL1013-RIPE
org-name: Almira LLC
address: ul. Rogova, d. 12, pom. 2P
address: 123098 Moscow
address: Russia
abuse-c: AL20125-RIPE
mnt-ref: IP-RIPE
mnt-by: IP-RIPE
org-type: OTHER
created: 2024-05-20T18:22:24Z
last-modified: 2024-05-20T18:23:04Z
source: RIPE # Filtered

role: Almira LLC
address: ul. Rogova, d. 12, pom. 2P
address: 123098 Moscow
address: Russia
abuse-mailbox: abuse@almirallc.ru
phone: +7 495 1855735
nic-hdl: AL20125-RIPE
mnt-by: IP-RIPE
created: 2024-05-20T18:22:25Z
last-modified: 2024-05-20T18:22:25Z
source: RIPE # Filtered

% Information related to '185.147.124.0/24AS49505'

route: 185.147.124.0/24
origin: AS49505
mnt-by: IP-RIPE
created: 2024-07-25T16:18:16Z
last-modified: 2024-07-25T16:18:16Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.114 (SHETLAND)
 
Not shocking. I run a Buffalo Bills forum, less than 50 users through Xenforo and almost daily I have Russian spambots/trolls trying to join and being blocked by security features.
 
  • Like
Reactions: charlesrshell
Wow. The paranoia that is built into consumer routers is simply amazing.
You know when you download and install different applications and you choose "typical installation" and then discover a lot of crap has been added to your pc? Yeah. Always choose a custom install even if you don't make any changes.

You know how when you buy. Let's say. A security camera system or stuff like that. And you have to register on their website to be able to view them remotely with an app? TCP port 8080 is the most common one for cameras that are exposed to the public internet.
Well. Through the vendors website, you're protected from opening those ports on your router. And a LOT of things can be done once a port is opened besides viewing and controlling your cameras. Bad things if somebody should find your pc, do a port scan, find one or more open to incoming traffic. And party down.

But then again on the extreme side. McAfee for one. Was (is still?) infamous for shutting your pc down from accessing the Internet.
It was too extremely strict.
Then, the folks who stack virus protection applications on a computer. That basically end up attacking each other. They kill me.

Scott said it right. If you have the proper equipment and software. Or your backbone is protecting your site. Tons and tons of traffic. Good or bad.
I got a bit mouthy on one place a long time ago. Got my butt kicked and account deleted. Honestly, I did.
So I tried creating a new account. They knew my IP address. And locale. Nope! Couldn't. TGFVPN. Haha.
Thank God for Virtual Private Network. Created a new account. Minded my manners. And after registered. Didn't care that I shut my VPN down and IP showed where I was on the globe.

So. Interesting as it is. And the wow factor that what you bought has bloatware built in. Pretty much toys. If you really want a firewall with customizable and even downloadable filters. Software like Pfsense and others are free. All you need is a spare pc that doesn't even have to be that robust with a couple of good NIC cards. And of course a bit of elbow grease. Or an old router that you can run back-to-back to yours with custom firmware. And Bob's your uncle (but mom knows better).
 
Wow. The paranoia that is built into consumer routers is simply amazing.
You know when you download and install different applications and you choose "typical installation" and then discover a lot of crap has been added to your pc? Yeah. Always choose a custom install even if you don't make any changes.

You know how when you buy. Let's say. A security camera system or stuff like that. And you have to register on their website to be able to view them remotely with an app? TCP port 8080 is the most common one for cameras that are exposed to the public internet.
Well. Through the vendors website, you're protected from opening those ports on your router. And a LOT of things can be done once a port is opened besides viewing and controlling your cameras. Bad things if somebody should find your pc, do a port scan, find one or more open to incoming traffic. And party down.

But then again on the extreme side. McAfee for one. Was (is still?) infamous for shutting your pc down from accessing the Internet.
It was too extremely strict.
Then, the folks who stack virus protection applications on a computer. That basically end up attacking each other. They kill me.

Scott said it right. If you have the proper equipment and software. Or your backbone is protecting your site. Tons and tons of traffic. Good or bad.
I got a bit mouthy on one place a long time ago. Got my butt kicked and account deleted. Honestly, I did.
So I tried creating a new account. They knew my IP address. And locale. Nope! Couldn't. TGFVPN. Haha.
Thank God for Virtual Private Network. Created a new account. Minded my manners. And after registered. Didn't care that I shut my VPN down and IP showed where I was on the globe.

So. Interesting as it is. And the wow factor that what you bought has bloatware built in. Pretty much toys. If you really want a firewall with customizable and even downloadable filters. Software like Pfsense and others are free. All you need is a spare pc that doesn't even have to be that robust with a couple of good NIC cards. And of course a bit of elbow grease. Or an old router that you can run back-to-back to yours with custom firmware. And Bob's your uncle (but mom knows better).
It sounds to me like OP’s software was accurate, not paranoid. Nobody needs connections to their hopper from Russia, except maybe Russians. Your suggestions are not realistic for the majority of users. Do you really think they are going to fire up a FreeBSD box and install and configure pfsense?
 
I'm confused.

If your Hopper is on your internal network behind your router, and you haven't configured any open ports from the outside to the Hopper's internal IP address, what makes you think this is something trying to get to the Hopper and not just some random bot on the internet trying to see what it can find? The only way anything outside your network should know that your internal device exists, is if that device initiates a connection to the outside.
 
Pepper's got it. DB10. In front of your router at the modem you would be surprised at the traffic that tries to "get in' to your LAN over the public Internet. As a stand-alone modem, ONT is just a MOdulator/DEmodulator.
Sites that provide online port scanning and trojan port scans help settle folks from the 'paranoia'.
Scott said it too. In front of the firewall. The attempts to scan your network for ways to get in is simply amazing over a 24 hour period.
Didn't mean to ruffle your feathers.
Russkies, Chinese, you name it. Not that an actual person is sitting at a console doing one-by-one port scans by IP address. Nothing like your Indian call centers. Slap in a range of IP's to scan in the software. And look at logs. Heck. If you know the right venues. You can grab software that does the same. The "good guys" on the port scan sites have it. Obviously.

When did Windows realize protection was needed? What was it? "A vulnerability for a remote attacker....." patches.
Then a fairly good firewall, virus protection. But really. Stop it at the source. As soon as the signal enters your home and is demodulated.
A NAT router with firewall. "Stuff".
Pfsense and others by the way are bootable. Run from removable drive or install and configure. Look at Netgate. Or roll your own.
Or.....buy a router with pre installed expire-ware and pay.
Now. Count your feathers in case of emergencies.
 
Pepper's got it. DB10. In front of your router at the modem you would be surprised at the traffic that tries to "get in' to your LAN over the public Internet. As a stand-alone modem, ONT is just a MOdulator/DEmodulator.
Sites that provide online port scanning and trojan port scans help settle folks from the 'paranoia'.
Scott said it too. In front of the firewall. The attempts to scan your network for ways to get in is simply amazing over a 24 hour period.
Didn't mean to ruffle your feathers.
Russkies, Chinese, you name it. Not that an actual person is sitting at a console doing one-by-one port scans by IP address. Nothing like your Indian call centers. Slap in a range of IP's to scan in the software. And look at logs. Heck. If you know the right venues. You can grab software that does the same. The "good guys" on the port scan sites have it. Obviously.

When did Windows realize protection was needed? What was it? "A vulnerability for a remote attacker....." patches.
Then a fairly good firewall, virus protection. But really. Stop it at the source. As soon as the signal enters your home and is demodulated.
A NAT router with firewall. "Stuff".
Pfsense and others by the way are bootable. Run from removable drive or install and configure. Look at Netgate. Or roll your own.
Or.....buy a router with pre installed expire-ware and pay.
Now. Count your feathers in case of emergencies.

No feathers ruffled here. I just think it’s unrealistic to expect people to do all that. It’s like when people complain about windows someone will always say well, just use Linux. Right, like that going to happen with a casual user.

I’m familiar with what goes on with internet connections as I spend a lot of time looking at firewall and router logs, as well as IPS systems.
 
  • Like
Reactions: charlesrshell
We now know where that connection came from.

1734964233944.png
 
  • Like
Reactions: charlesrshell
I continue to get attacks on both of my Hopper 3 receivers from I/P addresses located in Russia and Poland. The Armor security on my new Nighthawk RS700 router has been blocking the attacks and alerting me. I am very impressed with the Armor security. It is included for free for 1 year. I will probably subscribe to it when it comes due in 335 days. It has checked all 50 devices on my home network. The only device that I can’t fix is my Western Digital MyBook network drive since it is so old that there is no new firmware.


Sent from my iPhone using Tapatalk
 
  • Like
Reactions: charlesrshell
Top