[mythtv-users] Weird mythsocket error messages on master / fixes/31
John Hoyt
john.hoyt at gmail.com
Fri Jun 11 00:18:10 UTC 2021
Bill, thanks for the suggestion!
I finally figured out the cause - I forgot my IPS does a pseudo random scan
of clients daily to check for vulnerabilities. All of the "improper"
traffic traced back perfectly to the IPS and correlated perfectly to when
it ran over the past week.
On Sun, Jun 6, 2021 at 10:52 AM Bill Meek <keemllib at gmail.com> wrote:
> On 6/6/21 9:38 AM, John Hoyt wrote:
> > I would guess that you have a hacker or some rogue process that is
> sending messages to your mythtv box. Is your port open to the internet?
> > Port 6543 is normally the MythTV port. You can see these errors if
> you run telnet localhost 6534 and then type random junk into telnet. Each
> > line of stuff you type will be reported as a protocol error in
> mythbackend (unless you by chance type a valid MythTV command :).
> >
> >
> > Thanks Peter. This is interesting as I block port 6543 access from
> outside my network - so that means the rouge client is inside somehow. I'll
> > have to play around with some host firewall rules and VLAN firewall
> rules to better determine the source.
> >
> > Would enabling more detailed mythtv log help show a source for the
> socket connection?
>
> Another option:
>
> I'd shutdown everything MythTV and fire up Wireshark on the backend
> (if possible).
>
> You might see more text like the OPTIONS TNMP DmnP GIOP fragments.
>
> --
> Bill
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://lists.mythtv.org/mailman/listinfo/mythtv-users
> http://wiki.mythtv.org/Mailing_List_etiquette
> MythTV Forums: https://forum.mythtv.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20210610/a97afb99/attachment.htm>
More information about the mythtv-users
mailing list