PDA

View Full Version : All my devices talk port 9000 outbound to Amazon AWS servers??



esackbauer
2016-01-24, 04:51
Hi,

I did a stronger outgoing firewall policy yesterday.
Since then I noticed all of my Squeezebox devices (Radio and SqueezePlay) want to talk to 5 Amazon AWS Servers in Ireland over Port 9000:
46.137.90.12
79.125.18.68
79.125.18.91
176.34.103.98
79.125.111.32

Strangely, my LMS 7.8.0 is not talking to those servers, only the players.
I do not use mysqueezebox.com, its not configured on the LMS.

Regards
Edmund

karlek
2016-01-24, 05:52
There is a plugin called Amazon Store, or so. Maybe you only have to deactivate it.

esackbauer
2016-01-24, 06:02
There is a plugin called Amazon Store, or so. Maybe you only have to deactivate it.

This plugin was already deactivated. Amazon AWS is providing cloud computing, not a store.

Mnyb
2016-01-24, 06:09
Speculation . Can it be part of the setup code still polling in with mysqueezebox.com awaiting the setup to complete ?

You probably skipped the part of the setup where you create or give email details about your account .

If any of the players are used they may still talk to thier old accounts .

Also I don't know if mysqueezebox.com provides any kind of menus or service even to unregistered players ?

bpa
2016-01-24, 06:45
Some radio station icons (e.g. BBC ) used to be stored on Amazon AWS servers.

esackbauer
2016-01-24, 09:23
Some radio station icons (e.g. BBC ) used to be stored on Amazon AWS servers.

Might be, but wouldn't they download via normal http ports 80/443? Why port 9000?

I'll have a look and see if icons are missing.

bpa
2016-01-24, 14:46
Might be, but wouldn't they download via normal http ports 80/443? Why port 9000?

I'll have a look and see if icons are missing.

OK - forgot about the port 9000.

If the players are Touch and radio (possibly other Squeezeplay players) - IIRC the menu first icons are down loaded from a LMS server and Touch and Radio. LMS and possibly mysqueezebox.com may also be requested to resize cover art/radio station logo etc. rather make a low powered device do it. Enable logging on these player to check.

pippin
2016-01-24, 16:43
Artwork resizing? Unless you are using LMS 7.8 or newer all remote artwork is resized on MySqueezebox.com.
Then there is radio. Whether you configure a MySB account or not, pre-7.8 (and even with newer LMS version unless you explicitly configured them differently) all radio functionality will still be provided by MySB.
The Radio also might check whether you configured an account for it.

Nibb31
2016-01-25, 05:13
Amazon AWS is a web hosting service used by lots of companies that need high bandwidth web hosting, including Logitech.

If you ping mysqueezebox.com, you'll see an IP address that belongs amazonaws.com. It's a different IP each time, due to load balancing.

Your players are just contacting the mysqueezebox.com servers.

mherger
2016-01-25, 05:18
> If you ping mysqueezebox.com, you get an IP address hosted at
> amazonaws.com. Logitech simply uses Amazon's AWS web hosting service.
> Your players are just contacting with the mysqueezebox.com servers.

That's correct. And as you can see from the multiple IP address it's a
cluster of servers, and some load-balancing is done at the DNS level.

mysqueezebox.com is being used for artwork resizing, internet radio, and
probably to get some of the other menus, too.

--

Michael

cris-
2018-12-04, 13:42
>
mysqueezebox.com is being used for artwork resizing, internet radio, and
probably to get some of the other menus, too.


Is it possible to stop these connections and just use a local LMS server (7.9.2 - 1542807489)?

I've disabled every option that dealt with mysqueezebox.com on my LMS; I've also disabled a plugin providing mysqueezebox services: but the devices (all Radios) keep calling home...


> ec2-52-215-52-41.eu-west-1.compute.amazonaws.com:9000 <=> squeezebox02.XXXXXX:42445
> ec2-52-208-195-129.eu-west-1.compute.amazonaws.com:9000 <=> squeezebox03.XXXXXX:39974
> ec2-52-215-52-41.eu-west-1.compute.amazonaws.com:9000 <=> squeezebox01.XXXXXX:58582

mherger
2018-12-04, 14:25
>> mysqueezebox.com is being used for artwork resizing, internet radio, and
>> probably to get some of the other menus, too.
>
> Is it possible to stop these connections and just use a local LMS server
> (7.9.2 - 1542807489)?

Yes, LMS 7.9 has a --nomysqueezebox parameter. Depending on what OS
you're using this is more or less complicated to implement.


> > ec2-52-215-52-41.eu-west-1.compute.amazonaws.com:9000 <=> squeezebox02.XXXXXX:42445
> > ec2-52-208-195-129.eu-west-1.compute.amazonaws.com:9000 <=> squeezebox03.XXXXXX:39974
> > ec2-52-215-52-41.eu-west-1.compute.amazonaws.com:9000 <=> squeezebox01.XXXXXX:58582

That's a bit odd, as port 9000 would likely be a player connection, not
LMS. Are squeezebox0X your various players? Above parameter won't help
in that case.

--

Michael

pippin
2018-12-05, 02:58
That's a bit odd, as port 9000 would likely be a player connection, not
LMS. Are squeezebox0X your various players? Above parameter won't help
in that case.


Yes, he wrote that these are the players.
Probably an edited post again?

cris-
2018-12-05, 14:59
Yes, LMS 7.9 has a --nomysqueezebox parameter.
I'm using that option: it it set into /etc/default/logitechmediaserver

SLIMOPTIONS="--nomysqueezebox"


Are squeezebox0X your various players? Above parameter won't help
in that case.
Yes, all Squeezebox Radios


That's a bit odd, as port 9000 would likely be a player connection, not LMS.
Indeed.
I don't seem to be able to block those connections with the firewall: I will investigate further.

Last but not least, I don't seem to be able to ssh into the players anymore: is there a way to reset the password or public key without a factory reset?

cris-
2018-12-06, 05:33
Finally I was able to determine the domain related to those IP addresses:


Name: squeezenetwork.com
Address 1: 34.244.221.118
Address 2: 34.243.157.154
Address 3: 52.208.195.129
Address 4: 52.215.52.41
Address 5: 34.247.12.245
Address 6: 34.245.154.142


It looks like I could stop the connections by adding the domain to a blacklist:

Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find squeezenetwork.com: NXDOMAIN
** server can't find squeezenetwork.com: NXDOMAIN
(...still not clear how they could cross the firewall...)

It also looks like the players are "flooding" the local DNS server with many request per second: can this be avoided?

cris-
2018-12-06, 09:00
It also looks like the players are "flooding" the local DNS server with many request per second: can this be avoided?

I've configured the DNS server to respond with the ip address of the local LMS when baby.squeezenetwork.com and www.mysqueezebox.com are requested;
requests for other subdomains return a NXDOMAIN.
This seems to have stopped the flooding.

PS: also solved the problem with the ssh password by factory resetting...

mherger
2018-12-06, 09:37
> I've configured the DNS server to respond with the ip address of the
> local LMS when baby.squeezenetwork.com and www.mysqueezebox.com are
> requested;
BTW: I believe that disabling all mysb.com interaction doesn't help
anyone. One of the reasons why mysb.com is still alive is the fact that
I can prove there's still a huge number of installations out there...

Some calling home actually is useful.

--

Michael

cris-
2018-12-06, 09:59
>Some calling home actually is useful.

Just an exercise for my paranoid-self ;)

I already start missing the album artworks...