Announcement

Collapse
No announcement yet.

Echo IP connections

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Echo IP connections

    Only slightly related, but if anyone has access to their IP nat translation table in their router, I'd be interested in how many NTP connections they see for each Echo. I'm seeing a LOT (300+), but I'm not sure if it's the Echo, or perhaps an NTP issue in my router.

    Thanks,
    Z

    #2
    Something is not right

    If you are talking about the number of connections at any point in time I seldom have 300 for my network, including the Echo. There are ~25 IP addresses in my network. Echo, FireTV, Chromecast, and others like to phone home or DNS a lot but the Echo isn't even the worst of the lot. Chromecast wins hands down. That thing throws a fit when I shut my network down.

    Comment


      #3
      Originally posted by mikaluch View Post
      If you are talking about the number of connections at any point in time I seldom have 300 for my network, including the Echo. There are ~25 IP addresses in my network. Echo, FireTV, Chromecast, and others like to phone home or DNS a lot but the Echo isn't even the worst of the lot. Chromecast wins hands down. That thing throws a fit when I shut my network down.
      It's not necessarily the number of IP connections, but the number of ports for each IP. How many port 123 (NTP) connections do you see for the Echo? You should also see ports 434, 40317, 49317 & 33434 as well for the Echo.

      Thanks,
      Z

      Comment


        #4
        I just checked it sitting idle. Two UDP connections to the 33434 you mentioned - the phone home to Amazon. Two SSL connections (443). That's it. No NTP connection at the moment. I seldom see any machine have more than 1 or 2 NTP connections simultaneously.

        I'm guessing you have a typo with 434? Are the other high ports you mention destination or source? I usually notice any odd ports regularly leaving my network and I don't remember those.

        So then I went out and asked it to play music. It added two NTP connections - I assume coincidental. It added I don't know, maybe 40 more SSL connections.

        Comment


          #5
          Originally posted by mikaluch View Post
          I just checked it sitting idle. Two UDP connections to the 33434 you mentioned - the phone home to Amazon. Two SSL connections (443). That's it. No NTP connection at the moment. I seldom see any machine have more than 1 or 2 NTP connections simultaneously.

          I'm guessing you have a typo with 434? Are the other high ports you mention destination or source? I usually notice any odd ports regularly leaving my network and I don't remember those.

          So then I went out and asked it to play music. It added two NTP connections - I assume coincidental. It added I don't know, maybe 40 more SSL connections.
          Thanks for checking.
          Right, 443

          The high ports are all on the Echo, actually no 123 ports which is probably a clue. I've reduced the UDP timeout on the router which has reduced the number by half, but that still points to the Echo generating them. I thinking the Echo isn't receiving the NTP responses even though the NTP master is the router. Also the NTP IP's have nothing to do with Amazon.

          Clearly an issue with my network it seems, thanks for checking.

          Z

          Here's sample dump from the router: 192.168.1.92 is the Echo.
          SCRC#sho ip nat trans | i :123
          udp 199.xxx.xxx.xxx:39999 192.168.1.92:39999 72.21.192.213:123 72.21.192.213:123
          udp 199.xxx.xxx.xxx:39999 192.168.1.92:39999 128.138.141.172:123 128.138.141.172:123
          udp 199.xxx.xxx.xxx:39999 192.168.1.92:39999 132.163.4.101:123 132.163.4.101:123
          udp 199.xxx.xxx.xxx:39999 192.168.1.92:39999 173.51.147.14:123 173.51.147.14:123
          udp 199.xxx.xxx.xxx:39999 192.168.1.92:39999 199.182.221.110:123 199.182.221.110:123
          udp 199.xxx.xxx.xxx:39999 192.168.1.92:39999 207.171.178.6:123 207.171.178.6:123
          udp 199.xxx.xxx.xxx:39999 192.168.1.92:39999 208.75.89.4:123 208.75.89.4:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 45.127.113.2:123 45.127.113.2:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 52.0.56.137:123 52.0.56.137:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 67.18.187.111:123 67.18.187.111:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 69.28.91.73:123 69.28.91.73:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 72.21.192.213:123 72.21.192.213:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 96.126.105.86:123 96.126.105.86:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 104.131.51.97:123 104.131.51.97:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 104.131.53.252:123 104.131.53.252:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 138.236.128.36:123 138.236.128.36:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 162.243.63.11:123 162.243.63.11:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 167.114.204.238:123 167.114.204.238:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 192.150.149.245:123 192.150.149.245:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 198.100.156.225:123 198.100.156.225:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 206.108.0.131:123 206.108.0.131:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 207.171.178.6:123 207.171.178.6:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 208.43.245.212:123 208.43.245.212:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 209.114.111.1:123 209.114.111.1:123
          udp 199.xxx.xxx.xxx:41147 192.168.1.92:41147 209.244.0.3:123 209.244.0.3:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 45.127.112.2:123 45.127.112.2:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 50.116.52.97:123 50.116.52.97:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 64.71.128.26:123 64.71.128.26:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 66.228.42.59:123 66.228.42.59:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 72.21.192.213:123 72.21.192.213:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 74.120.8.2:123 74.120.8.2:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 104.131.51.97:123 104.131.51.97:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 104.131.53.252:123 104.131.53.252:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 104.131.118.129:123 104.131.118.129:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 173.44.32.10:123 173.44.32.10:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 192.95.25.79:123 192.95.25.79:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 198.55.111.5:123 198.55.111.5:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 199.182.221.110:123 199.182.221.110:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 206.108.0.131:123 206.108.0.131:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 207.171.178.6:123 207.171.178.6:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 208.53.158.34:123 208.53.158.34:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 209.123.234.43:123 209.123.234.43:123
          udp 199.xxx.xxx.xxx:55831 192.168.1.92:55831 209.208.79.69:123 209.208.79.69:123

          Comment


            #6
            It could be an issue with the list of NTP servers Echo is using. Advertised NTP servers disappear all the time, some limit how many connections you can make, and some have switched to handling only internal traffic.

            I go straight to the list of local second tier servers, check their restrictions and test a few before I start using them. I try not to rely on the pools - my router connection monitoring shows SYNs with no responses and it was always full of NTP no responses when I used the pools. Although I don't believe I ever input anything regarding NTP to the Echo.

            If it was a desktop I'd be a little worried that I was participating in a DDOS attack but if Amazon or Google were easily penetrated they would always be down. The upside is if there is a vulnerability in the Echo and you find it you'll be famous.

            I looked up a few of those addresses. Random hosted server farms. The one odd thing I noticed was none I checked were named like NTP servers often are (ntp.example.com) but several were identified like DNS servers (ns.example.com or resolver.example.com).

            Here are the second tiers:
            http://support.ntp.org/bin/view/Serv...TwoTimeServers

            Comment


              #7
              Got it.. Bonehead mistake.. No return path for NTP to that NAT address. I have all of the Echo's Natted to the same IP address (I can't get them to accept IPV6 addresses, so not sure if it's not supported, or I didn't try hard enough), so I was letting it out, but not in. I have an "if established" rule, but not for UDP, just TCP

              Yes, some of the NTP servers the Echo is checking with seem pretty esoteric, when I called Echo support they said they only used Amazon NTP, but that's clearly not what's happening. LOT's of traffic coming from an Echo though, even some going to their Data center in Ireland

              The whole reason I started this "hunt" was because I couldn't get an alarm to work without punching some holes in the Firewall. Works now on one of the Echo's, but not the others.. Have to dig into that further I guess.

              Fun toys. I installed one in the Shelter today and the Volunteers had a field day

              Thanks again,
              Z

              Originally posted by mikaluch View Post
              It could be an issue with the list of NTP servers Echo is using. Advertised NTP servers disappear all the time, some limit how many connections you can make, and some have switched to handling only internal traffic.

              I go straight to the list of local second tier servers, check their restrictions and test a few before I start using them. I try not to rely on the pools - my router connection monitoring shows SYNs with no responses and it was always full of NTP no responses when I used the pools. Although I don't believe I ever input anything regarding NTP to the Echo.

              If it was a desktop I'd be a little worried that I was participating in a DDOS attack but if Amazon or Google were easily penetrated they would always be down. The upside is if there is a vulnerability in the Echo and you find it you'll be famous.

              I looked up a few of those addresses. Random hosted server farms. The one odd thing I noticed was none I checked were named like NTP servers often are (ntp.example.com) but several were identified like DNS servers (ns.example.com or resolver.example.com).

              Here are the second tiers:
              http://support.ntp.org/bin/view/Serv...TwoTimeServers

              Comment


                #8
                I gave up on automation about 7-8 years ago because to me without the ability to talk directly to the controller it is more trouble than it is worth. I told my wife and friends that what was needed was a directional noise canceling array microphone. I design antennas for satellites for a living so you would think I should be able to whip one up but the electronics side was a bit beyond me. Then I saw the ad for the Echo and picked one up. Bingo. Just what I was looking for back then. I love talking to that thing.

                Comment

                Working...
                X