Settop Box IP network issues
FFXFiosUser
Newbie

This gets in the weeds a little, but I'm just trying to make sure something isnt wrong.

I presume a software upgrade was done in the Fairfax VA area in the past couple weeks.  I am seeing a bunch of IP network activity on my FIOS internet from both my HD DVR (QIP7216) and HD STB (QIP6200).  They are trying to contact something at an address, 172.27.x.x on UDP port 6794.  Both boxes are trying to 'call out' to this address about every 90 minutes.

This just started in the past week or two.  Of course, those addresses are not valid external addresses, so something, somewhere, has to to be misconfigured.  I am just seeing if anyone can confirm or explain this action.  It doesnt hurt anything, unless someone has hacked my boxes... 🙂

0 Likes
Re: Settop Box IP network issues
prisaz
Legend

@FFXFiosUser wrote:

This gets in the weeds a little, but I'm just trying to make sure something isnt wrong.

I presume a software upgrade was done in the Fairfax VA area in the past couple weeks.  I am seeing a bunch of IP network activity on my FIOS internet from both my HD DVR (QIP7216) and HD STB (QIP6200).  They are trying to contact something at an address, 172.27.x.x on UDP port 6794.  Both boxes are trying to 'call out' to this address about every 90 minutes.

This just started in the past week or two.  Of course, those addresses are not valid external addresses, so something, somewhere, has to to be misconfigured.  I am just seeing if anyone can confirm or explain this action.  It doesnt hurt anything, unless someone has hacked my boxes... 🙂


I used wireshark on my ntework a while back and found those addresses being used by the MOCA network for communications between the DVR and STBs. Even though the DVR has an address asigned to it in the range of 192.168.1.100-106 the MOCA still was broadcasting at the 172.27.x.x subnet. I was told it is comunication between the boxes. Doesn't make since and just adds to the network overhead to an extent. But it is nothing new. I had the QIP6412 DVR and QIP2500 STBs. I may just see if any of that traffic is still out there. I run a Tivo and the 2500s now.

0 Likes
Re: Settop Box IP network issues
FFXFiosUser
Newbie

Thanks for the reply.  So its not only my site. 

I was seeing it on my firewall as blocked outbound sessions (I 'deny all, permit by exception') and like I said, it just started up in the past week or two.  I think something may have been fixed in the firewall software tho, because there was a bug in the logging that seems to be gone.  Maybe the stuff has always been there and I just never saw it until whatever fixed the firewall logging got updated.

I havent put wireshark on it yet.  I was thinking of putting a machine up with that address and watching on wireshark to see if there was any data passing once it made contact.  That would require pretty extensive change to the actiontec firewall tho, since, as you say, everything local is 192.168, so 172.27 is going to try and be routed.  I'd have to change the internal network to the right address, or add 172.27 as a local subnet.  But, a lot of router software is supposed to drop private network packets.  I know on cisco, you have to specifically set up routing of RFC 1918 addresses or the router assumes it to be an error and drops it.

Probably just a tester's code that accidently got left in the distro...

0 Likes
Re: Settop Box IP network issues
prisaz
Legend

I think this sort of belongs in the network forum but also belongs here.

My 2500 boxes are still spitting out broadcasts. But not on 172.

1    0.000000    169.254.1.117    255.255.255.255    UDP    Source port: 21302  Destination port: 21302

Ethernet II, Src: Motorola_ec:54:f4 (00:1a:66:ec:54:f4), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

6    6.999966    169.254.1.117    169.254.1.255    UDP    Source port: intecom-ps1  Destination port: commplex-main

Ethernet II, Src: Motorola_ec:54:f4 (00:1a:66:ec:54:f4), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

The 2500 boxes still spew this as captured by wireshark. Wireshark will monitor all traffic not just traffic bound for your current subnet.

0 Likes