[mythtv-users] Why is MythTV sending data out to some servers out there?

[Ian Campbell]

On Mon, 2020-04-06 at 13:43 +0100, Simon Hobson wrote:
> Ian Campbell <ijc at hellion.org.uk> wrote:
> 
> > "curl -v https://178.62.234.39" presents a certificate with
> > CN=vpn.delin.pro.
> 
> But bear in mind that anything supporting SNI (which is anything not
> rather ancient) will present a different certificate based on the
> hostname being requested by the client. Mostly likely it's a generic
> hosting service upon which some website runs, and knowing it's
> default identity doesn't help.

It's a digital ocean VM (or droplet or whatever they call them), so
there's a more than usual chance that it is running a single service,
but point taken that the cert might not necessarily be relevant (but I
don't think it's as much of a dead loss as you suggest in the
circumstances) .

> The traffic might be nothing more than (e.g.) something trying to
> lookup channel icons or something like that - and retrying stuff it's
> failed to collect already.

This is UDP traffic, looking up channel icons (or pretty much all the
other suggestions seen on this thread) would almost certainly be TCP.
UDP does fit with a VPN of some sort though.

> The only way to find out for sure would be to capture the traffic and
> take a look. If it's HTTPS then at least part of the initial data
> packet will contain human readable text.

It's unlikely to be HTTPS since it is UDP...

>  Failing that, route everything via a transparent proxy - and yes,
> you can do that for secure traffic if you generate your own
> certificate and configure your clients to trust the certificate used
> by the proxy to re-encrypt traffic client-side.

If he knew the client so he could reconfigure it I suppose he wouldn't
be asking what the traffic was.

Ian.