SECURITY: NO AUTH YET:
Good morning...
I would like to know the meaning of this log information.
Sun Mar 5 08:11:10 23:33:30.648 01.. 1 L ### SECURITY: NO AUTH YET: W/F W/F 8.208.76.137 33 <SERVER DE CLIENT openwebrx.js W/F> Sun Mar 5 08:11:10 23:33:30.654 01.. 1 L ### SECURITY: NO AUTH YET: W/F W/F 8.208.76.137 13 <SET send_dB=1> Sun Mar 5 08:11:10 23:33:30.664 01.. 1 L ### SECURITY: NO AUTH YET: W/F W/F 8.208.76.137 18 <SET zoom=0 start=0> Sun Mar 5 08:11:10 23:33:30.667 01.. 1 L ### SECURITY: NO AUTH YET: W/F W/F 8.208.76.137 13 <SET interp=13> Sun Mar 5 08:11:10 23:33:30.677 01.. 1 L ### SECURITY: NO AUTH YET: W/F W/F 8.208.76.137 17 <SET window_func=2> Sun Mar 5 08:11:10 23:33:30.683 01.. 1 L ### SECURITY: NO AUTH YET: W/F W/F 8.208.76.137 14 <SET wf_speed=0> Sun Mar 5 08:11:10 23:33:30.689 01.. 1 L ### SECURITY: NO AUTH YET: W/F W/F 8.208.76.137 107 <SET MARKER db=0 min=0.000 max=30000.000 zoom=0 width=1903 types_> Sun Mar 5 08:11:10 23:33:30.693 01.. 1 L ### SECURITY: NO AUTH YET: W/F W/F 8.208.76.137 28 <SET aper=1 algo=3 param=0.00> Sun Mar 5 08:11:10 23:33:30.694 01.. 1 L ### SECURITY: NO AUTH YET: W/F W/F 8.208.76.137 10 <SET cmap=0> Sun Mar 5 08:11:10 23:33:30.730 01.. 1 L ### SECURITY: NO AUTH YET: SND SND 8.208.76.137 33 <SERVER DE CLIENT openwebrx.js SND> Sun Mar 5 08:11:10 23:33:30.733 01.. 1 L ### SECURITY: NO AUTH YET: SND SND 8.208.76.137 13 <SET GET_USERS> Sun Mar 5 08:11:10 23:33:30.735 01.. 1 L ### SECURITY: NO AUTH YET: SND SND 8.208.76.137 14 <SET GET_CONFIG> Sun Mar 5 08:11:10 23:33:30.735 01.. 1 L ### SECURITY: NO AUTH YET: SND SND 8.208.76.137 942 <SET geojson=%7B%22ip%22%3A%22162.162.122.138%22%2C%22network%22%> Sun Mar 5 08:11:10 23:33:30.735 01.. 1 L ### SECURITY: NO AUTH YET: SND SND 8.208.76.137 32 <SET geoloc=Chicago,United States>
Comments
Yeah, I'd like to know too.
It means someone, or something, is issuing reasonable looking Kiwi API commands without having first sent the all important
SET auth
command to establish connection authentication. It's difficult for me to imagine how this would happen. All those commands are logged, but otherwise ignored, without a proper auth established.Perhaps a really old version of kiwiclient is being used? Someone probing the API? Who knows.. The IP seems to be from the Alibaba cloud, lol. Anyone else seeing this?