Strange IP sinking my Kiwi

SA6BQZSA6BQZ
edited April 2020 in Problems and Issues
Hi,
In the last weeks my Kiwi is not working ok after strange IP´s are connected to my unit.
Frequency RX0: "(no identity)" (xxx.xx.xxx.xxx), Raleigh,) 4630.00 kHz iq z0 0:12:05 0:33:11 act.
The names "Raleigh" changes all the time to strange places around the world but the frequency are always the same.
I have blocked 4 IP´s to access the station all Chinese! When these IP´s connects it lowers my ADSL down to 2Mbps normally 20Mbps.
I can give anyone, via pm, that are interested the IP addresses that I have blocked.
Has anyone come across this before?
One solution is to PW protect my station but that would be a step back in an open society :smile:
//Gunnar

Comments

  • PowernumptyPowernumpty
    OK no idea on this but some questions:
    1. can you look at bandwidth through your router (I.E. see if something else is loading the connection at the same time as these connections)
    2. how are you recording your drop from 20Mbps to 2?
    3. Are any local machines using torrent or other P2P?
    4. does your ISP offer firewall DOS protection? (I'm thinking that some "trigger" is setting off the ISP firewall limiting)

    I can't easily see how the Kiwi is bombing your connection like that, on it's own, so I'd want to break down the traffic inside the network.

    73 Stu
  • ChrisSmolinskiChrisSmolinski
    I've had this problem also. Well, the IPs connecting anyway, not sure if they have caused problems or not. They seem to like 5598 kHz and other HF air traffic control frequencies. I've mentioned this in a previous thread. I block their IP address, and then they move on to another. The IP addresses always traceback to China. (No surprise there)
  • cathalferriscathalferris
    edited April 2020
    Do you have the Kiwi Ethernet speed set to 10 or to 100? (Admin page, Network tab, Ethernet Adapter Speed). Might be good to set that to 10, if only for RFI minimisation.
    It may be worth making only one connection possible from each IP (admin page. Network tab, "Prevent multiple connections from the same IP address?" to Yes).

    I'm not aware of any mechanism that exists on the Kiwi that can saturate 10Mbit on a single connection from a single IP (under normal use that is). If there is a genuine way that a Kiwi can generate that much traffic, it would be really good to see how that is and what that is, and we can then take steps to mitigate that. It would be worrisome if there's a flaw in the current setups that would allow that volume of traffic.

    It's possible that while the bad actor has one TCP connection visibly open to the Kiwi that they could be absolutely hammering your outside interface of your DSL device. and that would likely cause a slowdown on cheaper firewall devices that would not be designed to handle that kind of load.

    We need more information to proceed.
  • SA6BQZSA6BQZ
    edited April 2020
    73 Stu
    1. everything else that was connected is disconnected.
    2. Speedtest.net
    3. No other traffic
    4. I have to check that. Using ADSL TG799vac as router

    Chris,
    That is what I am doing, now having blocked 4 "Ci" IP

    cathalferris
    Will change to 10 and one connection per IP is on.
    "It's possible that while the bad actor has one TCP connection visibly"
    Interesting aspect! Do not know how to check this
    If I check my ADSL router the connection is still 20/1 so the Wan side is working with no problems. This has been tested by my ISP and they cannot anything strange with my connection.
    If i start a browser and test with Speedtest I get 2/0.5. If I disconnect the Kiwi it directly goes up to 20/1
    This happens every time when one of the strange IP´s are connected. If i kick it out, full speed ahead :smiley:
    73 de Gunnar
  • PowernumptyPowernumpty
    Gunnar,
    The only other comment I'd make is Q.O.S?
    your ISP could detect streaming and load balance to that, the idea is everything "feels snappy" for browsing but it clamps streaming (P2P especially) traffic to a "contended" share levels (lower than the headline).
    Obviously that should should be the same for all Kiwi connections if it happens at all.
    Do the logs show audio underruns? - my next thought was if the connection was dropping lots of packets that might show different affects as a chunk of your 1Mbps upload traffic will be tied up with resends and drops.

    A constant comment I always make is get a Mikrotik router for this sort of thing, if your ISP allows you to change, pick up a cheap Mikrotik with Level 4 license or better (from about $30) and you can inspect the traffic to your hearts content.

    73 Stu
Sign In or Register to comment.