I have a strange problem with my Solo2 box. I am currently running Apollo 023 however this issue was happening in an earlier build before I updated.

Basically if I'm watching a programme, the screen will briefly go blank and re-appear. After it did this a few times (sometimes 4 or 5 times a minute) I checked the on screen display of the Solo2 and saw that it was recording and then stopping.

I have no timers set up and no recordings appear on my internal HDD. Can someone please advise what's going on?

More than likely someone has gained access to your box & is streaming from it.
Next time it happens, telnet into the box & issue:

netstat
Should point you towards who's using it.

thanks, will try that although i'm not sure how anyone has gained access to it considering I have setup a complex password which I haven't shared with anyone. Will give it a try next time and report back

Password might work for WebIF, doesn't mean it will work on streaming ports.
If you open those ports to an outside network, you're asking for anyone to use your tuners.

A simple google code search will show loads of boxes running WebIF, password protected or not.
Then trying those boxes using a streaming app on default ports or running a port scanner gives access.
Using a VPN for external access is your best solution.

As judge says, if you open ports for streaming then passwords are pretty much useless. Try the net stat command and report back as more likely than not you will have been hacked via those open streaming ports.


Sent from my iPad Air using Tapatalk HD

Hi there, it's happened again so I did as suggested above and have found the following results:


Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52284 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-89-216-134-193.dynamic.sbb.rs:6587 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 host-82-222-233-22.reverse.superonline.net:61310 CLOSE_WAIT
tcp 0 128492 VU_Plus_Solo2.home.gateway:8002 host-41.47.5.231.tedata.net:56615 ESTABLISHED
tcp 7268 0 localhost.localdomain:33127 localhost.localdomain:http ESTABLISHED
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52306 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 197.0.31.18:49918 CLOSE_WAIT
tcp 0 0 VU_Plus_Solo2.home.gateway:ssh Dell_T3500.home.gateway:49917 ESTABLISHED
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52276 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52200 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52200 CLOSE_WAIT
tcp 0 0 localhost.localdomain:http localhost.localdomain:33127 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 6 [ ] DGRAM 497 /dev/log
unix 2 [ ] DGRAM 6676
unix 3 [ ] STREAM CONNECTED 7507 /tmp/.listen.camd.socket
unix 3 [ ] STREAM CONNECTED 6425
unix 2 [ ] DGRAM 1775
unix 3 [ ] STREAM CONNECTED 1633 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 526
unix 3 [ ] STREAM CONNECTED 521
unix 3 [ ] STREAM CONNECTED 520
unix 2 [ ] DGRAM 517
unix 2 [ ] DGRAM 500
unix 3 [ ] STREAM CONNECTED 1537
unix 3 [ ] STREAM CONNECTED 1536
root@vusolo2:~#

my transcoding port is 8002. I have since closed that port on my router and deleted the firewall rule for both 8001 and 8002 however doing a netstat after 5 minutes provides the same results as above.

suggestions?

edit:
tcp 0 0 VU_Plus_Solo2.home.gateway:ssh Dell_T3500.home.gateway:49917 ESTABLISHED <--- this is my Pc.

Just rebooted now and I have the following. Looking cleaner now.



root@vusolo2:~# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8002 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.39:22 192.168.0.42:50380 ESTABLISHED
tcp 0 0 ::ffff:127.0.0.1:80 :::* LISTEN
tcp 0 0 ::1:80 :::* LISTEN
tcp 0 0 :::8084 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
udp 0 0 0.0.0.0:54984 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 573 /tmp/hotplug.socket
unix 2 [ ACC ] STREAM LISTENING 415 /var/run/dbus/system_bus_socket
unix 5 [ ] DGRAM 440 /dev/log
unix 2 [ ACC ] STREAM LISTENING 465 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 477 /tmp/.listen.camd.socket
unix 2 [ ] DGRAM 713
unix 3 [ ] STREAM CONNECTED 468 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 467
unix 3 [ ] STREAM CONNECTED 462
unix 3 [ ] STREAM CONNECTED 461
unix 2 [ ] DGRAM 458
unix 2 [ ] DGRAM 1696
unix 3 [ ] STREAM CONNECTED 419
unix 3 [ ] STREAM CONNECTED 418
root@vusolo2:~#


will monitor this over the next few days. Thanks for the help guys. For someone that works in IT - I was totally oblivious to this! :D

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52284 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-89-216-134-193.dynamic.sbb.rs:6587 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 host-82-222-233-22.reverse.superonline.net:61310 CLOSE_WAIT
tcp 0 128492 VU_Plus_Solo2.home.gateway:8002 host-41.47.5.231.tedata.net:56615 ESTABLISHED
tcp 7268 0 localhost.localdomain:33127 localhost.localdomain:http ESTABLISHED
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52306 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 197.0.31.18:49918 CLOSE_WAIT
tcp 0 0 VU_Plus_Solo2.home.gateway:ssh Dell_T3500.home.gateway:49917 ESTABLISHED
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52276 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52200 CLOSE_WAIT
tcp 1 0 VU_Plus_Solo2.home.gateway:8002 cable-188-246-61-75.dynamic.kdsinter.net:52200 CLOSE_WAIT


Quite a few different IP addresses logged on there that shouldn't be...
Serbia, Egypt, Tunisia...

For someone that works in IT - I was totally oblivious to this! :D

Don't feel too bad, most people dont give it a second thought that their receivers can be vulnerable, at least now you know and can take the appropriate measures.

Don't feel too bad, most people dont give it a second thought that their receivers can be vulnerable, at least now you know and can take the appropriate measures.

cheers mate, time to investigate VPN access to my box.

Quite a few different IP addresses logged on there that shouldn't be...
Serbia, Egypt, Tunisia...

@judge, while I understand the risk of leaving a port (in this case 8002) forwarded across the home router, what I'm not quite following is how the streaming/transcoding is being initiated. I thought the Web-IP port (default 80 but can be changed) was needed in order to trigger the transcoding on 8002 or raw streaming on 8001? I see both those ports 8001 and 8002 being in "listen" mode on netstat - do they actually accept command input and commence streaming? Anywhere I can look for more info? I have certain ports forwarded across my router for Planeplotter and some gaming, but the apps listening on those ports are pretty much unable to do anything except their designed function. The issue as I would see it is that the E2 boxes generally run everything as root and have no password protection by default.

Short answer, if someone knows you have streaming ports open, they can construct the URL to stream.
Longer answer in reported post.

Short answer, if someone knows you have streaming ports open, they can construct the URL to stream.
Longer answer in reported post.

Don't understand the "longer answer in reported post" :confused:

If you are not actually streaming from your box, how does the external person actually initiate the stream?

Don't understand the "longer answer in reported post" :confused:

If you are not actually streaming from your box, how does the external person actually initiate the stream?

You don't have to be streaming you just need to have the port for streaming open as it's essentially unprotected over those ports.


Sent from my iPad Air using Tapatalk HD

Do these ports open if you are only using Samba for internal FTP say from my LX3 to my Duo2

Do these ports open if you are only using Samba for internal FTP say from my LX3 to my Duo2

No, you would have to open them your self in your router. So if you have not there is nothing to worry about, this mainly affects those users who open ports so they can stream channels to a mobile device while out and about.


Sent from my iPad Air using Tapatalk HD

I'm struggling to find a definitive post for configuring OpenVPN on my box. Can anyone point me towards the correct/working config method?