Strange remote connection happening


Klaus Rung
 

Hi it appears for a few days now node 4794 has been automatically connection to a phantom destination right after all echolink stations have cleared off and the node is idle.

May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM

Does anyone have an idea where this connection is coming from and how to prevent it?

Here is the log:

May 11 2021 09:39:52 -0400 EchoIRLP: Node Disconnect from EchoLink 9521 KN4JEN
May 11 2021 09:40:18 -0400 EchoIRLP: disconnected bye WX4E-R 0
May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
May 11 2021 09:45:49 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:45:50 -0400 EchoIRLP: Busy IRLP mo
May 11 2021 09:46:00 -0400 EchoIRLP: sent_chat WX4E-R>System connected to IRLP node mo.  Please try again later.
May 11 2021 09:46:00 -0400 EchoIRLP: playbackcomplete KO4OSJ playback complete
May 11 2021 09:46:42 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:46:42 -0400 EchoIRLP: Busy IRLP mo


Klaus
ve3kr
node 2460


David Cameron - IRLP
 

This is someone making the connection using the remote admin software. Who has the admin password to control the web interface?

Dave Cameron 



Sent from my Galaxy


-------- Original message --------
From: "Klaus Rung via groups.io" <k_rung@...>
Date: 2021-05-11 7:27 AM (GMT-08:00)
To: IRLP Help Group <irlp@irlp.groups.io>
Subject: [IRLP] Strange remote connection happening

Hi it appears for a few days now node 4794 has been automatically connection to a phantom destination right after all echolink stations have cleared off and the node is idle.

May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM

Does anyone have an idea where this connection is coming from and how to prevent it?

Here is the log:

May 11 2021 09:39:52 -0400 EchoIRLP: Node Disconnect from EchoLink 9521 KN4JEN
May 11 2021 09:40:18 -0400 EchoIRLP: disconnected bye WX4E-R 0
May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
May 11 2021 09:45:49 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:45:50 -0400 EchoIRLP: Busy IRLP mo
May 11 2021 09:46:00 -0400 EchoIRLP: sent_chat WX4E-R>System connected to IRLP node mo.  Please try again later.
May 11 2021 09:46:00 -0400 EchoIRLP: playbackcomplete KO4OSJ playback complete
May 11 2021 09:46:42 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:46:42 -0400 EchoIRLP: Busy IRLP mo


Klaus
ve3kr
node 2460


Klaus Rung
 

I am not following this Dave. So yes we have the irlpvcon installed and two people have the password me being one of them. So you mean that someone is making a dial out to this ip ? What is that destination?

On Tuesday, May 11, 2021, 10:29:39 a.m. EDT, David Cameron - IRLP <dcameron@...> wrote:


This is someone making the connection using the remote admin software. Who has the admin password to control the web interface?

Dave Cameron 



Sent from my Galaxy


-------- Original message --------
From: "Klaus Rung via groups.io" <k_rung@...>
Date: 2021-05-11 7:27 AM (GMT-08:00)
To: IRLP Help Group <irlp@irlp.groups.io>
Subject: [IRLP] Strange remote connection happening

Hi it appears for a few days now node 4794 has been automatically connection to a phantom destination right after all echolink stations have cleared off and the node is idle.

May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM

Does anyone have an idea where this connection is coming from and how to prevent it?

Here is the log:

May 11 2021 09:39:52 -0400 EchoIRLP: Node Disconnect from EchoLink 9521 KN4JEN
May 11 2021 09:40:18 -0400 EchoIRLP: disconnected bye WX4E-R 0
May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
May 11 2021 09:45:49 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:45:50 -0400 EchoIRLP: Busy IRLP mo
May 11 2021 09:46:00 -0400 EchoIRLP: sent_chat WX4E-R>System connected to IRLP node mo.  Please try again later.
May 11 2021 09:46:00 -0400 EchoIRLP: playbackcomplete KO4OSJ playback complete
May 11 2021 09:46:42 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:46:42 -0400 EchoIRLP: Busy IRLP mo


Klaus
ve3kr
node 2460


Klaus Rung
 

I am presently logged in to the irlpvcon connection but I don't see any dialing that took place or is the irlpvcon presenting like an irlp connection thus preventing the node from being deemed as Busy, and nobody can connect via echollink or irlp until the node is cleared with a 73 or an end call? I have never seen this before.

On Tuesday, May 11, 2021, 10:29:39 a.m. EDT, David Cameron - IRLP <dcameron@...> wrote:


This is someone making the connection using the remote admin software. Who has the admin password to control the web interface?

Dave Cameron 



Sent from my Galaxy


-------- Original message --------
From: "Klaus Rung via groups.io" <k_rung@...>
Date: 2021-05-11 7:27 AM (GMT-08:00)
To: IRLP Help Group <irlp@irlp.groups.io>
Subject: [IRLP] Strange remote connection happening

Hi it appears for a few days now node 4794 has been automatically connection to a phantom destination right after all echolink stations have cleared off and the node is idle.

May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM

Does anyone have an idea where this connection is coming from and how to prevent it?

Here is the log:

May 11 2021 09:39:52 -0400 EchoIRLP: Node Disconnect from EchoLink 9521 KN4JEN
May 11 2021 09:40:18 -0400 EchoIRLP: disconnected bye WX4E-R 0
May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
May 11 2021 09:45:49 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:45:50 -0400 EchoIRLP: Busy IRLP mo
May 11 2021 09:46:00 -0400 EchoIRLP: sent_chat WX4E-R>System connected to IRLP node mo.  Please try again later.
May 11 2021 09:46:00 -0400 EchoIRLP: playbackcomplete KO4OSJ playback complete
May 11 2021 09:46:42 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:46:42 -0400 EchoIRLP: Busy IRLP mo


Klaus
ve3kr
node 2460


David Cameron - IRLP
 

This is done from the IRLP Web Admin, not IRLPvCON, but the same password is used for both web systems.

There may also be an option on IRLPvCON, but I am not sure as I didn't write that software.

In IRLP Web admin, there is something called the Desktop Call. If you click that Submit, it will launch a blind call to the IP listed. So if there is something that has access to the web interface (like a google bot) and clicks that, you get that result.

Dave Cameron

On 2021-05-11 7:38 a.m., Klaus Rung via groups.io wrote:
I am presently logged in to the irlpvcon connection but I don't see any dialing that took place or is the irlpvcon presenting like an irlp connection thus preventing the node from being deemed as Busy, and nobody can connect via echollink or irlp until the node is cleared with a 73 or an end call? I have never seen this before.
On Tuesday, May 11, 2021, 10:29:39 a.m. EDT, David Cameron - IRLP <dcameron@irlp.net> wrote:
This is someone making the connection using the remote admin software. Who has the admin password to control the web interface?
Dave Cameron
Sent from my Galaxy
-------- Original message --------
From: "Klaus Rung via groups.io" <k_rung=yahoo.com@groups.io>
Date: 2021-05-11 7:27 AM (GMT-08:00)
To: IRLP Help Group <irlp@irlp.groups.io>
Subject: [IRLP] Strange remote connection happening
Hi it appears for a few days now node 4794 has been automatically connection to a phantom destination right after all echolink stations have cleared off and the node is idle.
May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
Does anyone have an idea where this connection is coming from and how to prevent it?
Here is the log:
May 11 2021 09:39:52 -0400 EchoIRLP: Node Disconnect from EchoLink 9521 KN4JEN
May 11 2021 09:40:18 -0400 EchoIRLP: disconnected bye WX4E-R 0
May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
May 11 2021 09:45:49 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:45:50 -0400 EchoIRLP: Busy IRLP mo
May 11 2021 09:46:00 -0400 EchoIRLP: sent_chat WX4E-R>System connected to IRLP node mo.  Please try again later.
May 11 2021 09:46:00 -0400 EchoIRLP: playbackcomplete KO4OSJ playback complete
May 11 2021 09:46:42 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:46:42 -0400 EchoIRLP: Busy IRLP mo
Klaus
ve3kr
node 2460


Fred
 

Klaus,
     Change your vcon password 

On May 11, 2021, at 9:38 AM, Klaus Rung via groups.io <k_rung@...> wrote:


I am presently logged in to the irlpvcon connection but I don't see any dialing that took place or is the irlpvcon presenting like an irlp connection thus preventing the node from being deemed as Busy, and nobody can connect via echollink or irlp until the node is cleared with a 73 or an end call? I have never seen this before.

On Tuesday, May 11, 2021, 10:29:39 a.m. EDT, David Cameron - IRLP <dcameron@...> wrote:


This is someone making the connection using the remote admin software. Who has the admin password to control the web interface?

Dave Cameron 



Sent from my Galaxy


-------- Original message --------
From: "Klaus Rung via groups.io" <k_rung@...>
Date: 2021-05-11 7:27 AM (GMT-08:00)
To: IRLP Help Group <irlp@irlp.groups.io>
Subject: [IRLP] Strange remote connection happening

Hi it appears for a few days now node 4794 has been automatically connection to a phantom destination right after all echolink stations have cleared off and the node is idle.

May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM

Does anyone have an idea where this connection is coming from and how to prevent it?

Here is the log:

May 11 2021 09:39:52 -0400 EchoIRLP: Node Disconnect from EchoLink 9521 KN4JEN
May 11 2021 09:40:18 -0400 EchoIRLP: disconnected bye WX4E-R 0
May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
May 11 2021 09:45:49 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:45:50 -0400 EchoIRLP: Busy IRLP mo
May 11 2021 09:46:00 -0400 EchoIRLP: sent_chat WX4E-R>System connected to IRLP node mo.  Please try again later.
May 11 2021 09:46:00 -0400 EchoIRLP: playbackcomplete KO4OSJ playback complete
May 11 2021 09:46:42 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:46:42 -0400 EchoIRLP: Busy IRLP mo


Klaus
ve3kr
node 2460


Klaus Rung
 

Ok I will do that to see if it helps with a new password

thanks

On Tuesday, May 11, 2021, 10:58:53 a.m. EDT, Fred via groups.io <w5mgm@...> wrote:


Klaus,
     Change your vcon password 

On May 11, 2021, at 9:38 AM, Klaus Rung via groups.io <k_rung@...> wrote:


I am presently logged in to the irlpvcon connection but I don't see any dialing that took place or is the irlpvcon presenting like an irlp connection thus preventing the node from being deemed as Busy, and nobody can connect via echollink or irlp until the node is cleared with a 73 or an end call? I have never seen this before.

On Tuesday, May 11, 2021, 10:29:39 a.m. EDT, David Cameron - IRLP <dcameron@...> wrote:


This is someone making the connection using the remote admin software. Who has the admin password to control the web interface?

Dave Cameron 



Sent from my Galaxy


-------- Original message --------
From: "Klaus Rung via groups.io" <k_rung@...>
Date: 2021-05-11 7:27 AM (GMT-08:00)
To: IRLP Help Group <irlp@irlp.groups.io>
Subject: [IRLP] Strange remote connection happening

Hi it appears for a few days now node 4794 has been automatically connection to a phantom destination right after all echolink stations have cleared off and the node is idle.

May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM

Does anyone have an idea where this connection is coming from and how to prevent it?

Here is the log:

May 11 2021 09:39:52 -0400 EchoIRLP: Node Disconnect from EchoLink 9521 KN4JEN
May 11 2021 09:40:18 -0400 EchoIRLP: disconnected bye WX4E-R 0
May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
May 11 2021 09:45:49 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:45:50 -0400 EchoIRLP: Busy IRLP mo
May 11 2021 09:46:00 -0400 EchoIRLP: sent_chat WX4E-R>System connected to IRLP node mo.  Please try again later.
May 11 2021 09:46:00 -0400 EchoIRLP: playbackcomplete KO4OSJ playback complete
May 11 2021 09:46:42 -0400 EchoIRLP: connected echolink KO4OSJ 1
May 11 2021 09:46:42 -0400 EchoIRLP: Busy IRLP mo


Klaus
ve3kr
node 2460


Klaus Rung
 

Ok thanks for the explanation Dave. I will dig into it a bit more to see what is going on.

Klaus
ve3kr

On Tuesday, May 11, 2021, 10:58:52 a.m. EDT, David Cameron - IRLP <dcameron@...> wrote:


This is done from the IRLP Web Admin, not IRLPvCON, but the same
password is used for both web systems.

There may also be an option on IRLPvCON, but I am not sure as I didn't
write that software.

In IRLP Web admin, there is something called the Desktop Call. If you
click that Submit, it will launch a blind call to the IP listed. So if
there is something that has access to the web interface (like a google
bot) and clicks that, you get that result.

Dave Cameron

On 2021-05-11 7:38 a.m., Klaus Rung via groups.io wrote:
> I am presently logged in to the irlpvcon connection but I don't see any
> dialing that took place or is the irlpvcon presenting like an irlp
> connection thus preventing the node from being deemed as Busy, and
> nobody can connect via echollink or irlp until the node is cleared with
> a 73 or an end call? I have never seen this before.
>
> On Tuesday, May 11, 2021, 10:29:39 a.m. EDT, David Cameron - IRLP
> <dcameron@...> wrote:
>
>
> This is someone making the connection using the remote admin software.
> Who has the admin password to control the web interface?
>
> Dave Cameron
>
>
>
> Sent from my Galaxy
>
>
> -------- Original message --------
> From: "Klaus Rung via groups.io" <k_rung=yahoo.com@groups.io>
> Date: 2021-05-11 7:27 AM (GMT-08:00)
> To: IRLP Help Group <irlp@irlp.groups.io>
> Subject: [IRLP] Strange remote connection happening
>
> Hi it appears for a few days now node 4794 has been automatically
> connection to a phantom destination right after all echolink stations
> have cleared off and the node is idle.
>
> May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
>
> Does anyone have an idea where this connection is coming from and how to
> prevent it?
>
> Here is the log:
>
> May 11 2021 09:39:52 -0400 EchoIRLP: Node Disconnect from EchoLink 9521
> KN4JEN
> May 11 2021 09:40:18 -0400 EchoIRLP: disconnected bye WX4E-R 0
> May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM
> May 11 2021 09:45:49 -0400 EchoIRLP: connected echolink KO4OSJ 1
> May 11 2021 09:45:50 -0400 EchoIRLP: Busy IRLP mo
> May 11 2021 09:46:00 -0400 EchoIRLP: sent_chat WX4E-R>System connected
> to IRLP node mo.  Please try again later.
> May 11 2021 09:46:00 -0400 EchoIRLP: playbackcomplete KO4OSJ playback
> complete
> May 11 2021 09:46:42 -0400 EchoIRLP: connected echolink KO4OSJ 1
> May 11 2021 09:46:42 -0400 EchoIRLP: Busy IRLP mo
>
>
> Klaus
> ve3kr
> node 2460
>
>






Fred
 

Dave C,

          You can do this from IRLPvCON,   so I have a feeling that his password has possibly been compromised,  best thing to do is change that password in my pea brained opinion.

 

Fred

W5MGM

 

From: David Cameron - IRLP
Sent: Tuesday, May 11, 2021 9:58 AM
To: IRLP@irlp.groups.io
Subject: Re: [IRLP] Strange remote connection happening

 

This is done from the IRLP Web Admin, not IRLPvCON, but the same

password is used for both web systems.

 

There may also be an option on IRLPvCON, but I am not sure as I didn't

write that software.

 

In IRLP Web admin, there is something called the Desktop Call. If you

click that Submit, it will launch a blind call to the IP listed. So if

there is something that has access to the web interface (like a google

bot) and clicks that, you get that result.

 

Dave Cameron

 

On 2021-05-11 7:38 a.m., Klaus Rung via groups.io wrote:

> I am presently logged in to the irlpvcon connection but I don't see any

> dialing that took place or is the irlpvcon presenting like an irlp

> connection thus preventing the node from being deemed as Busy, and

> nobody can connect via echollink or irlp until the node is cleared with

> a 73 or an end call? I have never seen this before.

>

> On Tuesday, May 11, 2021, 10:29:39 a.m. EDT, David Cameron - IRLP

> <dcameron@...> wrote:

>

>

> This is someone making the connection using the remote admin software.

> Who has the admin password to control the web interface?

>

> Dave Cameron

>

>

>

> Sent from my Galaxy

>

>

> -------- Original message --------

> From: "Klaus Rung via groups.io" <k_rung@...>

> Date: 2021-05-11 7:27 AM (GMT-08:00)

> To: IRLP Help Group <irlp@irlp.groups.io>

> Subject: [IRLP] Strange remote connection happening

>

> Hi it appears for a few days now node 4794 has been automatically

> connection to a phantom destination right after all echolink stations

> have cleared off and the node is idle.

>

> May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM

>

> Does anyone have an idea where this connection is coming from and how to

> prevent it?

>

> Here is the log:

>

> May 11 2021 09:39:52 -0400 EchoIRLP: Node Disconnect from EchoLink 9521

> KN4JEN

> May 11 2021 09:40:18 -0400 EchoIRLP: disconnected bye WX4E-R 0

> May 11 2021 09:41:34 -0400 on_to_remote calling 73.27.240.88 using ADPCM

> May 11 2021 09:45:49 -0400 EchoIRLP: connected echolink KO4OSJ 1

> May 11 2021 09:45:50 -0400 EchoIRLP: Busy IRLP mo

> May 11 2021 09:46:00 -0400 EchoIRLP: sent_chat WX4E-R>System connected

> to IRLP node mo.  Please try again later.

> May 11 2021 09:46:00 -0400 EchoIRLP: playbackcomplete KO4OSJ playback

> complete

> May 11 2021 09:46:42 -0400 EchoIRLP: connected echolink KO4OSJ 1

> May 11 2021 09:46:42 -0400 EchoIRLP: Busy IRLP mo

>

>

> Klaus

> ve3kr

> node 2460

>

>