not sure what port they are using for scanning but recommend you block there ips as they state
You're seeing this on your hub?
yep.. and my firewall blocks almost everthng.. i wish it said what port that was coming in on..
i have now blocked all those ips .. i first block the 2 i found /24 blocks and then found the page and blocked them all.
Bizarre, never heard of these guys... Thanks for the info.
check you hub logs.. history.. i wouldn't have noticed if i hadnt checked it because i tried a firmware update on a zigbee device and i am pretty sure the results if any go into the hub log.
another strange thing i wonder if it was the result of the scans.. my sylvania smart+ plugs zigbee have started turning off on their own.. logs said physical press. no ffing way i hit the button.
so i swapped one out.. then a second one started turning off.
now i have swapped them both out. i found articles on smartthings site about these plugs doing that.. i know they turn off ond dont come back on after power failure.. but never had this issue till last few days noticed the cameras on these switches were off and the switches themselves were off..
i have some of these in my other house and never till now have had a lick of trouble with them.. the 2 or 3 in the other house have not been turning off on their own.
Nothing in my logs, but I can only see back to 11-ish this morning.
i have a few other ports around that forwarding to 39501 as i have 3 remote weather stations reporting back to me.
actually there are other port numbers i am not naming forwarding to 39501 on the hubitat. and they are open becuase the ips of the weather stations can change.. hmm. i think i will try to lock them down further if i can figure out all the various ips they can be..
Ah, I don't have anything running on my router other than Wireguard VPN, so I'm more isolated than you. I'll check my other hub and will likely will block those IPs as well.
Just further restricted what ips can be forward from the router hubitat based on my whitelist and allowed imap addresses
hopefully i wont have to keep editing this..
This company, if they do what they say, is scanning your router for open ports, I think?
How would your hub have received a request to connect?
That's what scanning means. Ie to scan for an ftp port for instance you try to connect to ftp.
I gave 2 open ports as i mentioned forwarded to the hubitat cloud part so remote weather stations work.
Remote/cloud devices should communicate with your hub only via Hubitat’s Cloud Server. There is no reason to ever forward any incoming ports to directly access your Hubitat Hub. Hackers will always find these port forwards, and will then start probing.
no that is not the way the weather services work it is local on a specific cloud port.. it does not go through the actual hubitat cloud .. hubitat has a specific port listening for info.. that does not mean that everything goes thorugh its cloud servers..
yes somethings like dashboards etc. go through there cloud servers but others can go direct to specific cloud port like ecowitt, honeywell , logitec etc..they dont go through hubitats server.
many are usually local such as ecowitt or logitech, or kasa , but sometimes when you have a remote device that want to integrate into hubitat you need to forward a port to let it through if it is not local. In fact i have to use different forwarded ports because both remote devices communicate through the same hubitat port 39501..
Why not have the Hubitat hub reach out to these weather services, and pull the data into Hubitat? There should be no need for these weather services to push the data to the hub.
thats not the way ecowitt works.. .
anyway i have further locked down my firewall to only allow data on the 2 forwarded ports from specific ips, as i previously had it open as wasnt too worried about scanning on non standard high ports.
How would this IP port scan have any effect on a zigbee switch?
No sure maybe.not. maybe just.coincidental