Vera establishing odd connections

Hello -

While looking into all kind of Vera things, I also looked at netstat and found 2 TCP and 1 UDP connection which looks a bit odd since it is connecting to non mios servers:

li260-75.members.linode.com:telnet ESTABLISHED
96.44.157.171.static.quadranet.com:telnet ESTABLISHED

and
mail.coldnorthadmin.com:ntp ESTABLISHED

This seems very odd to me and looking up the ip addresses is pretty concerning:

1st IP: Hosted at Linode.

2nd IP: has been flagged with hacking attacks before. I am also surprised it uses telnet as protocol.

3rd IP Also hosted at Linode.

What is so disturbing about this is that all of teh Mios servers are hosted in AmazonWS, so there is no real reason for these connections. Any idea? If not I will block the respective hosts outgoing in my firewall…

How are they telnetting to your Vera? Do you have telnet port forwarded? Or worse, do you have Vera in a “DMZ” port with no protections whatsoever.

The ntp connection is weird. UDP is connectionless, so how do you have a connection?

None of those connections are legitimate Vera connections. Either you don’t have Vera firewalled or your Vera has been compromised. I guess those aren’t mutually exclusive.

Thanks.

I access Vera through ssh and had to enable Support access due to a ton of other issues with the box (very frustrating and they do not respond after I enabled remote access, so I have no idea if they did anything yet)

Vera is firewalled and on an internal network (behind another firewall) which makes this even more concerning.

One thing I noticed: I had “failsafe connections” enabled. After I disabled that, the two TCP telnet connections are gone and I do see a garden variety of http and https connections, some of them even point to amazonws.

I agree about the ntp connection. It does not make sense either since ntp is configured to access *.openwrt.pool.ntp.org.

For now I have blocked all outgoing traffic for the three connections, reconfigured ntpclient to use my inhouse GPS based time server and see what happens. If I can’t get a good answer for the question, I may need to move Vera into my IoT DMZ with no access to internal resources. I am not trusting all the IoT stuff anymore, so they may need to get isolated…

Hm… also seems the ntp connection was ligit… After i changed the ntpclient config, the connection changed to my local ntp server.

Still… the way the communication with the cloud servers is implemented is extremely odd, especially considering that the reverse dns is not clear (nor the forward dns). Makes we wonder how badly hacked together the Vera back end is… Random servers across the US?? Multiple connections to different servers?

To the best of my knowledge, several of the vera relay servers are hosted at linode so those connections are most likely legit. Looks like rDNS is fubar’ed for linode again. They also have a number of them hosted at AWS from what I can tell. Looks like a good idea in case either cloud server goes down the other one can still accept connections. Not sure about the quadranet one.

You won’t like their infrastructure the more you discover. I do not believe the people that designed and built the systems are still around, the methods and processes are pretty dated. What one hobbyist can do in in a few weekends, they haven’t given the resources for years. They appear to just be keeping the boat afloat and focusing on eyeball-facing stuff like the web UIs. However the post about nortek pitching in a 25% stake in the company does make me hopeful they’ll hire some sys and software engineers. If they really want people to make plugins they need a community advocate that can help the devs and take over the maintenance of plugins that were once working, but need minor changes to work with their new UI of the month.

It has the potential to be great, but the focus hasn’t been there. If you look around the dev archives of why earlier plugin devs gave up on the platform, those points are all still valid. Hopefully those product concerns will be on the list of things to do with the new funding.

If you haven’t invested too much time in the vera, you may be better off with a zwave dongle and openLuup or openHab. If I could go back in time I’d tell myself to go the DIY route. I purchased a product because I just wanted it to work, but the amount of time I put into vera I would’ve been better off going an open route in the first place.

The only way I know to check if they changed anything is a diff -ur of /etc, I don’t recall ever seeing anything about web authentications/usage in the logs and their remote access is an established ssh tunnel (obfuscated via the telnet port you saw). lsof -ito find it and ps to see the full command and args.

There’s a forum member that will try to sell you a plugin scripting language, take a look at the free altui and it should be able to handle the logic you’re looking for.

fyi, if you use their energy monitoring and reporting, all of that unencrypted personal data goes to a 3rd party - which has had plenty of reliability issues for me.

buckle-up!

Thanks Derrick -

Yeah, I have been using Vera for several years and things have never been good but they got a whole lot worse since UI7. I have been considering jumping ship before but initially the Vera Edge upgrade helped a lot and things have been fairly good for a while - until I started adding more stuff into it due to the second phase of my house remodel. Ever since I have trouble with Vera not responding ( UserData::TempLogFileSystemFailure start 0 followed by some odd reload of the engine). Support is really another big topic - and has always been.

I am almost willing to pay for support just to get someone with real expertise to look at the thing and tell me what’s wrong (I pay for Cisco Support and I can tell the one time I had to call, they most likely spent 10 years of my support fees fixing my issue, same for Dell)

I have started looking into alternatives. And while I could handle an open system from a knowledge perspective at this point I just hope someone can fix vera so I can spare the countless hours to switch. And I really got used to VeraMate… I have even looked into Homeseer but the price point and the closed architecture are a little off-putting. And even browsing the openHab forums is not really encouraging. I searched for a few of my highly important devices and saw way to many “Need to exclude and re-include and it may work”…

I’ll give it another 6 month to see if the nortek money is going to change anything. Otherwise I have to find the time to switch… but with close to 100 devices, this is more than a few days worth of work…

Strange place to have your comments - however they stuck a chord with me as I was just browsing around

I had abandoned my two Vera’s for a while - feels like over a year. Came back and whilst they work they have lots of problems still so not particularly sure which way to go . I also want something which works without so much effort as this still seems to be a hobbyists solution.

However is there something which works or works better? I want my Switches/sensors to join in with all the fancy bits and from some comments I read on the SmartThings forum that does not seem to be a guaranteed result for anything
I’m not really sure where I’m going to go -

Blast from the past but this IP was my server which a member of a public NTP pool. This is probably why you saw UDP 123 being active there :slight_smile:

Best Home Automation shopping experience. Shop at getvera!

© 2020 Vera Control Ltd., All Rights Reserved. Terms of Use | Privacy Policy | Forum Rules